mirror of
https://github.com/linuxserver/docker-swag.git
synced 2024-12-28 16:59:24 -05:00
Merge remote-tracking branch 'origin/master' into 2.1.0
This commit is contained in:
commit
f6529ad8fb
116
Dockerfile
116
Dockerfile
@ -1,4 +1,6 @@
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
|
||||
|
||||
# set version label
|
||||
ARG BUILD_DATE
|
||||
@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
|
||||
RUN \
|
||||
echo "**** install build packages ****" && \
|
||||
apk add --no-cache --virtual=build-dependencies \
|
||||
build-base \
|
||||
cargo \
|
||||
g++ \
|
||||
gcc \
|
||||
libffi-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev \
|
||||
@ -24,11 +25,9 @@ RUN \
|
||||
python3-dev && \
|
||||
echo "**** install runtime packages ****" && \
|
||||
apk add --no-cache --upgrade \
|
||||
curl \
|
||||
fail2ban \
|
||||
gnupg \
|
||||
memcached \
|
||||
nginx \
|
||||
nginx-mod-http-brotli \
|
||||
nginx-mod-http-dav-ext \
|
||||
nginx-mod-http-echo \
|
||||
@ -36,7 +35,6 @@ RUN \
|
||||
nginx-mod-http-geoip2 \
|
||||
nginx-mod-http-headers-more \
|
||||
nginx-mod-http-image-filter \
|
||||
nginx-mod-http-nchan \
|
||||
nginx-mod-http-perl \
|
||||
nginx-mod-http-redis2 \
|
||||
nginx-mod-http-set-misc \
|
||||
@ -47,61 +45,56 @@ RUN \
|
||||
nginx-mod-stream \
|
||||
nginx-mod-stream-geoip2 \
|
||||
nginx-vim \
|
||||
php8-bcmath \
|
||||
php8-bz2 \
|
||||
php8-ctype \
|
||||
php8-curl \
|
||||
php8-dom \
|
||||
php8-exif \
|
||||
php8-ftp \
|
||||
php8-gd \
|
||||
php8-gmp \
|
||||
php8-iconv \
|
||||
php8-imap \
|
||||
php8-intl \
|
||||
php8-ldap \
|
||||
php8-mysqli \
|
||||
php8-mysqlnd \
|
||||
php8-opcache \
|
||||
php8-pdo_mysql \
|
||||
php8-pdo_odbc \
|
||||
php8-pdo_pgsql \
|
||||
php8-pdo_sqlite \
|
||||
php8-pear \
|
||||
php8-pecl-apcu \
|
||||
php8-pecl-mailparse \
|
||||
php8-pecl-mcrypt \
|
||||
php8-pecl-memcached \
|
||||
php8-pecl-redis \
|
||||
php8-pgsql \
|
||||
php8-phar \
|
||||
php8-posix \
|
||||
php8-soap \
|
||||
php8-sockets \
|
||||
php8-sodium \
|
||||
php8-sqlite3 \
|
||||
php8-tokenizer \
|
||||
php8-xml \
|
||||
php8-xmlreader \
|
||||
php8-xsl \
|
||||
php8-zip \
|
||||
py3-cryptography \
|
||||
py3-future \
|
||||
py3-pip \
|
||||
php81-bcmath \
|
||||
php81-bz2 \
|
||||
php81-ctype \
|
||||
php81-curl \
|
||||
php81-dom \
|
||||
php81-exif \
|
||||
php81-ftp \
|
||||
php81-gd \
|
||||
php81-gmp \
|
||||
php81-iconv \
|
||||
php81-imap \
|
||||
php81-intl \
|
||||
php81-ldap \
|
||||
php81-mysqli \
|
||||
php81-mysqlnd \
|
||||
php81-opcache \
|
||||
php81-pdo_mysql \
|
||||
php81-pdo_odbc \
|
||||
php81-pdo_pgsql \
|
||||
php81-pdo_sqlite \
|
||||
php81-pear \
|
||||
php81-pecl-apcu \
|
||||
php81-pecl-mailparse \
|
||||
php81-pecl-memcached \
|
||||
php81-pecl-redis \
|
||||
php81-pgsql \
|
||||
php81-phar \
|
||||
php81-posix \
|
||||
php81-soap \
|
||||
php81-sockets \
|
||||
php81-sodium \
|
||||
php81-sqlite3 \
|
||||
php81-tokenizer \
|
||||
php81-xmlreader \
|
||||
php81-xsl \
|
||||
php81-zip \
|
||||
whois && \
|
||||
apk add --no-cache \
|
||||
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php8-pecl-xmlrpc && \
|
||||
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php81-pecl-mcrypt \
|
||||
php81-pecl-xmlrpc && \
|
||||
echo "**** install certbot plugins ****" && \
|
||||
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
||||
CERTBOT="certbot"; \
|
||||
else \
|
||||
CERTBOT="certbot==${CERTBOT_VERSION}"; \
|
||||
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
||||
fi && \
|
||||
pip3 install -U \
|
||||
pip wheel && \
|
||||
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
|
||||
${CERTBOT} \
|
||||
python3 -m ensurepip && \
|
||||
pip3 install -U --no-cache-dir \
|
||||
pip \
|
||||
wheel && \
|
||||
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
|
||||
certbot==${CERTBOT_VERSION} \
|
||||
certbot-dns-acmedns \
|
||||
certbot-dns-aliyun \
|
||||
certbot-dns-azure \
|
||||
@ -141,6 +134,7 @@ RUN \
|
||||
certbot-dns-vultr \
|
||||
certbot-plugin-gandi \
|
||||
cryptography \
|
||||
future \
|
||||
requests && \
|
||||
echo "**** enable OCSP stapling from base ****" && \
|
||||
sed -i \
|
||||
@ -176,14 +170,10 @@ RUN \
|
||||
echo "**** cleanup ****" && \
|
||||
apk del --purge \
|
||||
build-dependencies && \
|
||||
for cleanfiles in *.pyc *.pyo; \
|
||||
do \
|
||||
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
|
||||
; done && \
|
||||
rm -rf \
|
||||
/tmp/* \
|
||||
/root/.cache \
|
||||
/root/.cargo
|
||||
$HOME/.cache \
|
||||
$HOME/.cargo
|
||||
|
||||
# copy local files
|
||||
COPY root/ /
|
||||
|
@ -1,4 +1,6 @@
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
|
||||
|
||||
# set version label
|
||||
ARG BUILD_DATE
|
||||
@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
|
||||
RUN \
|
||||
echo "**** install build packages ****" && \
|
||||
apk add --no-cache --virtual=build-dependencies \
|
||||
build-base \
|
||||
cargo \
|
||||
g++ \
|
||||
gcc \
|
||||
libffi-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev \
|
||||
@ -24,11 +25,9 @@ RUN \
|
||||
python3-dev && \
|
||||
echo "**** install runtime packages ****" && \
|
||||
apk add --no-cache --upgrade \
|
||||
curl \
|
||||
fail2ban \
|
||||
gnupg \
|
||||
memcached \
|
||||
nginx \
|
||||
nginx-mod-http-brotli \
|
||||
nginx-mod-http-dav-ext \
|
||||
nginx-mod-http-echo \
|
||||
@ -36,7 +35,6 @@ RUN \
|
||||
nginx-mod-http-geoip2 \
|
||||
nginx-mod-http-headers-more \
|
||||
nginx-mod-http-image-filter \
|
||||
nginx-mod-http-nchan \
|
||||
nginx-mod-http-perl \
|
||||
nginx-mod-http-redis2 \
|
||||
nginx-mod-http-set-misc \
|
||||
@ -47,61 +45,56 @@ RUN \
|
||||
nginx-mod-stream \
|
||||
nginx-mod-stream-geoip2 \
|
||||
nginx-vim \
|
||||
php8-bcmath \
|
||||
php8-bz2 \
|
||||
php8-ctype \
|
||||
php8-curl \
|
||||
php8-dom \
|
||||
php8-exif \
|
||||
php8-ftp \
|
||||
php8-gd \
|
||||
php8-gmp \
|
||||
php8-iconv \
|
||||
php8-imap \
|
||||
php8-intl \
|
||||
php8-ldap \
|
||||
php8-mysqli \
|
||||
php8-mysqlnd \
|
||||
php8-opcache \
|
||||
php8-pdo_mysql \
|
||||
php8-pdo_odbc \
|
||||
php8-pdo_pgsql \
|
||||
php8-pdo_sqlite \
|
||||
php8-pear \
|
||||
php8-pecl-apcu \
|
||||
php8-pecl-mailparse \
|
||||
php8-pecl-mcrypt \
|
||||
php8-pecl-memcached \
|
||||
php8-pecl-redis \
|
||||
php8-pgsql \
|
||||
php8-phar \
|
||||
php8-posix \
|
||||
php8-soap \
|
||||
php8-sockets \
|
||||
php8-sodium \
|
||||
php8-sqlite3 \
|
||||
php8-tokenizer \
|
||||
php8-xml \
|
||||
php8-xmlreader \
|
||||
php8-xsl \
|
||||
php8-zip \
|
||||
py3-cryptography \
|
||||
py3-future \
|
||||
py3-pip \
|
||||
php81-bcmath \
|
||||
php81-bz2 \
|
||||
php81-ctype \
|
||||
php81-curl \
|
||||
php81-dom \
|
||||
php81-exif \
|
||||
php81-ftp \
|
||||
php81-gd \
|
||||
php81-gmp \
|
||||
php81-iconv \
|
||||
php81-imap \
|
||||
php81-intl \
|
||||
php81-ldap \
|
||||
php81-mysqli \
|
||||
php81-mysqlnd \
|
||||
php81-opcache \
|
||||
php81-pdo_mysql \
|
||||
php81-pdo_odbc \
|
||||
php81-pdo_pgsql \
|
||||
php81-pdo_sqlite \
|
||||
php81-pear \
|
||||
php81-pecl-apcu \
|
||||
php81-pecl-mailparse \
|
||||
php81-pecl-memcached \
|
||||
php81-pecl-redis \
|
||||
php81-pgsql \
|
||||
php81-phar \
|
||||
php81-posix \
|
||||
php81-soap \
|
||||
php81-sockets \
|
||||
php81-sodium \
|
||||
php81-sqlite3 \
|
||||
php81-tokenizer \
|
||||
php81-xmlreader \
|
||||
php81-xsl \
|
||||
php81-zip \
|
||||
whois && \
|
||||
apk add --no-cache \
|
||||
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php8-pecl-xmlrpc && \
|
||||
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php81-pecl-mcrypt \
|
||||
php81-pecl-xmlrpc && \
|
||||
echo "**** install certbot plugins ****" && \
|
||||
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
||||
CERTBOT="certbot"; \
|
||||
else \
|
||||
CERTBOT="certbot==${CERTBOT_VERSION}"; \
|
||||
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
||||
fi && \
|
||||
pip3 install -U \
|
||||
pip wheel && \
|
||||
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
|
||||
${CERTBOT} \
|
||||
python3 -m ensurepip && \
|
||||
pip3 install -U --no-cache-dir \
|
||||
pip \
|
||||
wheel && \
|
||||
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
|
||||
certbot==${CERTBOT_VERSION} \
|
||||
certbot-dns-acmedns \
|
||||
certbot-dns-aliyun \
|
||||
certbot-dns-azure \
|
||||
@ -141,6 +134,7 @@ RUN \
|
||||
certbot-dns-vultr \
|
||||
certbot-plugin-gandi \
|
||||
cryptography \
|
||||
future \
|
||||
requests && \
|
||||
echo "**** enable OCSP stapling from base ****" && \
|
||||
sed -i \
|
||||
@ -176,14 +170,10 @@ RUN \
|
||||
echo "**** cleanup ****" && \
|
||||
apk del --purge \
|
||||
build-dependencies && \
|
||||
for cleanfiles in *.pyc *.pyo; \
|
||||
do \
|
||||
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
|
||||
; done && \
|
||||
rm -rf \
|
||||
/tmp/* \
|
||||
/root/.cache \
|
||||
/root/.cargo
|
||||
$HOME/.cache \
|
||||
$HOME/.cargo
|
||||
|
||||
# copy local files
|
||||
COPY root/ /
|
||||
|
116
Dockerfile.armhf
116
Dockerfile.armhf
@ -1,4 +1,6 @@
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
|
||||
|
||||
# set version label
|
||||
ARG BUILD_DATE
|
||||
@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
|
||||
RUN \
|
||||
echo "**** install build packages ****" && \
|
||||
apk add --no-cache --virtual=build-dependencies \
|
||||
build-base \
|
||||
cargo \
|
||||
g++ \
|
||||
gcc \
|
||||
libffi-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev \
|
||||
@ -24,11 +25,9 @@ RUN \
|
||||
python3-dev && \
|
||||
echo "**** install runtime packages ****" && \
|
||||
apk add --no-cache --upgrade \
|
||||
curl \
|
||||
fail2ban \
|
||||
gnupg \
|
||||
memcached \
|
||||
nginx \
|
||||
nginx-mod-http-brotli \
|
||||
nginx-mod-http-dav-ext \
|
||||
nginx-mod-http-echo \
|
||||
@ -36,7 +35,6 @@ RUN \
|
||||
nginx-mod-http-geoip2 \
|
||||
nginx-mod-http-headers-more \
|
||||
nginx-mod-http-image-filter \
|
||||
nginx-mod-http-nchan \
|
||||
nginx-mod-http-perl \
|
||||
nginx-mod-http-redis2 \
|
||||
nginx-mod-http-set-misc \
|
||||
@ -47,61 +45,56 @@ RUN \
|
||||
nginx-mod-stream \
|
||||
nginx-mod-stream-geoip2 \
|
||||
nginx-vim \
|
||||
php8-bcmath \
|
||||
php8-bz2 \
|
||||
php8-ctype \
|
||||
php8-curl \
|
||||
php8-dom \
|
||||
php8-exif \
|
||||
php8-ftp \
|
||||
php8-gd \
|
||||
php8-gmp \
|
||||
php8-iconv \
|
||||
php8-imap \
|
||||
php8-intl \
|
||||
php8-ldap \
|
||||
php8-mysqli \
|
||||
php8-mysqlnd \
|
||||
php8-opcache \
|
||||
php8-pdo_mysql \
|
||||
php8-pdo_odbc \
|
||||
php8-pdo_pgsql \
|
||||
php8-pdo_sqlite \
|
||||
php8-pear \
|
||||
php8-pecl-apcu \
|
||||
php8-pecl-mailparse \
|
||||
php8-pecl-mcrypt \
|
||||
php8-pecl-memcached \
|
||||
php8-pecl-redis \
|
||||
php8-pgsql \
|
||||
php8-phar \
|
||||
php8-posix \
|
||||
php8-soap \
|
||||
php8-sockets \
|
||||
php8-sodium \
|
||||
php8-sqlite3 \
|
||||
php8-tokenizer \
|
||||
php8-xml \
|
||||
php8-xmlreader \
|
||||
php8-xsl \
|
||||
php8-zip \
|
||||
py3-cryptography \
|
||||
py3-future \
|
||||
py3-pip \
|
||||
php81-bcmath \
|
||||
php81-bz2 \
|
||||
php81-ctype \
|
||||
php81-curl \
|
||||
php81-dom \
|
||||
php81-exif \
|
||||
php81-ftp \
|
||||
php81-gd \
|
||||
php81-gmp \
|
||||
php81-iconv \
|
||||
php81-imap \
|
||||
php81-intl \
|
||||
php81-ldap \
|
||||
php81-mysqli \
|
||||
php81-mysqlnd \
|
||||
php81-opcache \
|
||||
php81-pdo_mysql \
|
||||
php81-pdo_odbc \
|
||||
php81-pdo_pgsql \
|
||||
php81-pdo_sqlite \
|
||||
php81-pear \
|
||||
php81-pecl-apcu \
|
||||
php81-pecl-mailparse \
|
||||
php81-pecl-memcached \
|
||||
php81-pecl-redis \
|
||||
php81-pgsql \
|
||||
php81-phar \
|
||||
php81-posix \
|
||||
php81-soap \
|
||||
php81-sockets \
|
||||
php81-sodium \
|
||||
php81-sqlite3 \
|
||||
php81-tokenizer \
|
||||
php81-xmlreader \
|
||||
php81-xsl \
|
||||
php81-zip \
|
||||
whois && \
|
||||
apk add --no-cache \
|
||||
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php8-pecl-xmlrpc && \
|
||||
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
|
||||
php81-pecl-mcrypt \
|
||||
php81-pecl-xmlrpc && \
|
||||
echo "**** install certbot plugins ****" && \
|
||||
if [ -z ${CERTBOT_VERSION+x} ]; then \
|
||||
CERTBOT="certbot"; \
|
||||
else \
|
||||
CERTBOT="certbot==${CERTBOT_VERSION}"; \
|
||||
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
|
||||
fi && \
|
||||
pip3 install -U \
|
||||
pip wheel && \
|
||||
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
|
||||
${CERTBOT} \
|
||||
python3 -m ensurepip && \
|
||||
pip3 install -U --no-cache-dir \
|
||||
pip \
|
||||
wheel && \
|
||||
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
|
||||
certbot==${CERTBOT_VERSION} \
|
||||
certbot-dns-acmedns \
|
||||
certbot-dns-aliyun \
|
||||
certbot-dns-azure \
|
||||
@ -141,6 +134,7 @@ RUN \
|
||||
certbot-dns-vultr \
|
||||
certbot-plugin-gandi \
|
||||
cryptography \
|
||||
future \
|
||||
requests && \
|
||||
echo "**** enable OCSP stapling from base ****" && \
|
||||
sed -i \
|
||||
@ -176,14 +170,10 @@ RUN \
|
||||
echo "**** cleanup ****" && \
|
||||
apk del --purge \
|
||||
build-dependencies && \
|
||||
for cleanfiles in *.pyc *.pyo; \
|
||||
do \
|
||||
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
|
||||
; done && \
|
||||
rm -rf \
|
||||
/tmp/* \
|
||||
/root/.cache \
|
||||
/root/.cargo
|
||||
$HOME/.cache \
|
||||
$HOME/.cargo
|
||||
|
||||
# copy local files
|
||||
COPY root/ /
|
||||
|
@ -335,6 +335,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
||||
|
||||
## Versions
|
||||
|
||||
* **20.01.23:** - Rebase to alpine 3.17 with php8.1.
|
||||
* **16.01.23:** - Remove nchan module because it keeps causing crashes.
|
||||
* **08.12.22:** - Revamp certbot init.
|
||||
* **03.12.22:** - Remove defunct cloudxns plugin.
|
||||
* **22.11.22:** - Pin acme to the same version as certbot.
|
||||
* **22.11.22:** - Pin certbot to 1.32.0 until plugin compatibility improves.
|
||||
|
@ -1,229 +1,204 @@
|
||||
alpine-baselayout-3.2.0-r18
|
||||
alpine-baselayout-3.4.0-r0
|
||||
alpine-baselayout-data-3.4.0-r0
|
||||
alpine-keys-2.4-r1
|
||||
apache2-utils-2.4.54-r0
|
||||
apk-tools-2.12.7-r3
|
||||
apr-1.7.0-r1
|
||||
apr-util-1.6.1-r11
|
||||
argon2-libs-20190702-r1
|
||||
bash-5.1.16-r0
|
||||
brotli-libs-1.0.9-r5
|
||||
busybox-1.34.1-r7
|
||||
c-client-2007f-r13
|
||||
ca-certificates-20220614-r0
|
||||
ca-certificates-bundle-20220614-r0
|
||||
coreutils-9.0-r2
|
||||
curl-7.80.0-r4
|
||||
expat-2.5.0-r0
|
||||
fail2ban-0.11.2-r1
|
||||
freetype-2.11.1-r2
|
||||
gdbm-1.22-r0
|
||||
git-2.34.5-r0
|
||||
git-perl-2.34.5-r0
|
||||
gmp-6.2.1-r1
|
||||
gnupg-2.2.31-r2
|
||||
gnupg-dirmngr-2.2.31-r2
|
||||
gnupg-gpgconf-2.2.31-r2
|
||||
gnupg-utils-2.2.31-r2
|
||||
gnupg-wks-client-2.2.31-r2
|
||||
gnutls-3.7.1-r1
|
||||
gpg-2.2.31-r2
|
||||
gpg-agent-2.2.31-r2
|
||||
gpg-wks-server-2.2.31-r2
|
||||
gpgsm-2.2.31-r2
|
||||
gpgv-2.2.31-r2
|
||||
icu-libs-69.1-r1
|
||||
ip6tables-1.8.7-r1
|
||||
iptables-1.8.7-r1
|
||||
libacl-2.2.53-r0
|
||||
libassuan-2.5.5-r0
|
||||
libattr-2.5.1-r1
|
||||
libbsd-0.11.3-r1
|
||||
libbz2-1.0.8-r1
|
||||
alpine-release-3.17.1-r0
|
||||
aom-libs-3.5.0-r0
|
||||
apache2-utils-2.4.55-r0
|
||||
apk-tools-2.12.10-r1
|
||||
apr-1.7.0-r2
|
||||
apr-util-1.6.1-r14
|
||||
argon2-libs-20190702-r2
|
||||
bash-5.2.15-r0
|
||||
brotli-libs-1.0.9-r9
|
||||
busybox-1.35.0-r29
|
||||
busybox-binsh-1.35.0-r29
|
||||
c-client-2007f-r14
|
||||
ca-certificates-20220614-r4
|
||||
ca-certificates-bundle-20220614-r4
|
||||
coreutils-9.1-r0
|
||||
curl-7.87.0-r1
|
||||
fail2ban-1.0.2-r0
|
||||
fontconfig-2.14.1-r0
|
||||
freetype-2.12.1-r0
|
||||
gdbm-1.23-r0
|
||||
git-2.38.3-r1
|
||||
git-perl-2.38.3-r1
|
||||
gmp-6.2.1-r2
|
||||
gnupg-2.2.40-r0
|
||||
gnupg-dirmngr-2.2.40-r0
|
||||
gnupg-gpgconf-2.2.40-r0
|
||||
gnupg-utils-2.2.40-r0
|
||||
gnupg-wks-client-2.2.40-r0
|
||||
gnutls-3.7.8-r2
|
||||
gpg-2.2.40-r0
|
||||
gpg-agent-2.2.40-r0
|
||||
gpg-wks-server-2.2.40-r0
|
||||
gpgsm-2.2.40-r0
|
||||
gpgv-2.2.40-r0
|
||||
icu-data-en-72.1-r1
|
||||
icu-libs-72.1-r1
|
||||
ip6tables-1.8.8-r2
|
||||
iptables-1.8.8-r2
|
||||
jq-1.6-r2
|
||||
libacl-2.3.1-r1
|
||||
libassuan-2.5.5-r1
|
||||
libattr-2.5.1-r2
|
||||
libavif-0.11.1-r0
|
||||
libbsd-0.11.7-r0
|
||||
libbz2-1.0.8-r4
|
||||
libc-utils-0.7.2-r3
|
||||
libcap-2.61-r0
|
||||
libcrypto1.1-1.1.1s-r1
|
||||
libcurl-7.80.0-r4
|
||||
libedit-20210910.3.1-r0
|
||||
libevent-2.1.12-r4
|
||||
libffi-3.4.2-r1
|
||||
libgcc-10.3.1_git20211027-r0
|
||||
libgcrypt-1.9.4-r0
|
||||
libgd-2.3.2-r1
|
||||
libgpg-error-1.42-r1
|
||||
libice-1.0.10-r0
|
||||
libidn-1.38-r0
|
||||
libintl-0.21-r0
|
||||
libjpeg-turbo-2.1.2-r0
|
||||
libksba-1.6.0-r0
|
||||
libldap-2.6.2-r0
|
||||
libmaxminddb-1.6.0-r0
|
||||
libmcrypt-2.5.8-r9
|
||||
libmd-1.0.3-r0
|
||||
libmemcached-libs-1.0.18-r4
|
||||
libmnl-1.0.4-r2
|
||||
libnftnl-1.2.1-r0
|
||||
libpng-1.6.37-r1
|
||||
libpq-14.5-r0
|
||||
libproc-3.3.17-r0
|
||||
libretls-3.3.4-r3
|
||||
libsasl-2.1.28-r0
|
||||
libseccomp-2.5.2-r0
|
||||
libsm-1.2.3-r0
|
||||
libsodium-1.0.18-r0
|
||||
libssl1.1-1.1.1s-r1
|
||||
libstdc++-10.3.1_git20211027-r0
|
||||
libtasn1-4.18.0-r0
|
||||
libunistring-0.9.10-r1
|
||||
libuuid-2.37.4-r0
|
||||
libwebp-1.2.2-r0
|
||||
libx11-1.7.3.1-r0
|
||||
libxau-1.0.9-r0
|
||||
libxcb-1.14-r2
|
||||
libxdmcp-1.1.3-r0
|
||||
libxext-1.3.4-r0
|
||||
libxml2-2.9.14-r2
|
||||
libxpm-3.5.13-r0
|
||||
libxslt-1.1.35-r0
|
||||
libcrypto3-3.0.7-r2
|
||||
libcurl-7.87.0-r1
|
||||
libdav1d-1.0.0-r2
|
||||
libedit-20221030.3.1-r0
|
||||
libevent-2.1.12-r5
|
||||
libexpat-2.5.0-r0
|
||||
libffi-3.4.4-r0
|
||||
libgcc-12.2.1_git20220924-r4
|
||||
libgcrypt-1.10.1-r0
|
||||
libgd-2.3.3-r3
|
||||
libgpg-error-1.46-r1
|
||||
libice-1.0.10-r1
|
||||
libidn-1.41-r0
|
||||
libintl-0.21.1-r1
|
||||
libjpeg-turbo-2.1.4-r0
|
||||
libksba-1.6.3-r0
|
||||
libldap-2.6.3-r6
|
||||
libmaxminddb-libs-1.7.1-r0
|
||||
libmcrypt-2.5.8-r10
|
||||
libmd-1.0.4-r0
|
||||
libmemcached-libs-1.0.18-r5
|
||||
libmnl-1.0.5-r0
|
||||
libnftnl-1.2.4-r0
|
||||
libpng-1.6.38-r0
|
||||
libpq-15.1-r0
|
||||
libproc-3.3.17-r2
|
||||
libsasl-2.1.28-r3
|
||||
libseccomp-2.5.4-r0
|
||||
libsm-1.2.3-r1
|
||||
libsodium-1.0.18-r2
|
||||
libssl3-3.0.7-r2
|
||||
libstdc++-12.2.1_git20220924-r4
|
||||
libtasn1-4.19.0-r0
|
||||
libunistring-1.1-r0
|
||||
libuuid-2.38.1-r1
|
||||
libwebp-1.2.4-r1
|
||||
libx11-1.8.3-r0
|
||||
libxau-1.0.10-r0
|
||||
libxcb-1.15-r0
|
||||
libxdmcp-1.1.4-r0
|
||||
libxext-1.3.5-r0
|
||||
libxml2-2.10.3-r1
|
||||
libxpm-3.5.15-r0
|
||||
libxslt-1.1.37-r0
|
||||
libxt-1.2.1-r0
|
||||
libzip-1.8.0-r1
|
||||
linux-pam-1.5.2-r0
|
||||
logrotate-3.18.1-r4
|
||||
lz4-libs-1.9.3-r1
|
||||
memcached-1.6.12-r0
|
||||
libzip-1.9.2-r2
|
||||
linux-pam-1.5.2-r1
|
||||
logrotate-3.20.1-r3
|
||||
lz4-libs-1.9.4-r1
|
||||
memcached-1.6.17-r0
|
||||
mpdecimal-2.5.1-r1
|
||||
musl-1.2.2-r7
|
||||
musl-utils-1.2.2-r7
|
||||
nano-5.9-r0
|
||||
ncurses-libs-6.3_p20211120-r1
|
||||
ncurses-terminfo-base-6.3_p20211120-r1
|
||||
nettle-3.7.3-r0
|
||||
nghttp2-libs-1.46.0-r0
|
||||
nginx-1.20.2-r1
|
||||
nginx-mod-devel-kit-1.20.2-r1
|
||||
nginx-mod-http-brotli-1.20.2-r1
|
||||
nginx-mod-http-dav-ext-1.20.2-r1
|
||||
nginx-mod-http-echo-1.20.2-r1
|
||||
nginx-mod-http-fancyindex-1.20.2-r1
|
||||
nginx-mod-http-geoip2-1.20.2-r1
|
||||
nginx-mod-http-headers-more-1.20.2-r1
|
||||
nginx-mod-http-image-filter-1.20.2-r1
|
||||
nginx-mod-http-nchan-1.20.2-r1
|
||||
nginx-mod-http-perl-1.20.2-r1
|
||||
nginx-mod-http-redis2-1.20.2-r1
|
||||
nginx-mod-http-set-misc-1.20.2-r1
|
||||
nginx-mod-http-upload-progress-1.20.2-r1
|
||||
nginx-mod-http-xslt-filter-1.20.2-r1
|
||||
nginx-mod-mail-1.20.2-r1
|
||||
nginx-mod-rtmp-1.20.2-r1
|
||||
nginx-mod-stream-1.20.2-r1
|
||||
nginx-mod-stream-geoip2-1.20.2-r1
|
||||
nginx-vim-1.20.2-r1
|
||||
npth-1.6-r1
|
||||
oniguruma-6.9.7.1-r0
|
||||
openssl-1.1.1s-r1
|
||||
p11-kit-0.24.0-r1
|
||||
pcre-8.45-r1
|
||||
pcre2-10.40-r0
|
||||
perl-5.34.0-r1
|
||||
musl-1.2.3-r4
|
||||
musl-utils-1.2.3-r4
|
||||
nano-7.0-r0
|
||||
ncurses-libs-6.3_p20221119-r0
|
||||
ncurses-terminfo-base-6.3_p20221119-r0
|
||||
nettle-3.8.1-r0
|
||||
nghttp2-libs-1.51.0-r0
|
||||
nginx-1.22.1-r0
|
||||
nginx-mod-devel-kit-1.22.1-r0
|
||||
nginx-mod-http-brotli-1.22.1-r0
|
||||
nginx-mod-http-dav-ext-1.22.1-r0
|
||||
nginx-mod-http-echo-1.22.1-r0
|
||||
nginx-mod-http-fancyindex-1.22.1-r0
|
||||
nginx-mod-http-geoip2-1.22.1-r0
|
||||
nginx-mod-http-headers-more-1.22.1-r0
|
||||
nginx-mod-http-image-filter-1.22.1-r0
|
||||
nginx-mod-http-perl-1.22.1-r0
|
||||
nginx-mod-http-redis2-1.22.1-r0
|
||||
nginx-mod-http-set-misc-1.22.1-r0
|
||||
nginx-mod-http-upload-progress-1.22.1-r0
|
||||
nginx-mod-http-xslt-filter-1.22.1-r0
|
||||
nginx-mod-mail-1.22.1-r0
|
||||
nginx-mod-rtmp-1.22.1-r0
|
||||
nginx-mod-stream-1.22.1-r0
|
||||
nginx-mod-stream-geoip2-1.22.1-r0
|
||||
nginx-vim-1.22.1-r0
|
||||
npth-1.6-r2
|
||||
oniguruma-6.9.8-r0
|
||||
openssl-3.0.7-r2
|
||||
p11-kit-0.24.1-r1
|
||||
pcre-8.45-r2
|
||||
pcre2-10.42-r0
|
||||
perl-5.36.0-r0
|
||||
perl-error-0.17029-r1
|
||||
perl-git-2.34.5-r0
|
||||
php8-8.0.25-r0
|
||||
php8-bcmath-8.0.25-r0
|
||||
php8-bz2-8.0.25-r0
|
||||
php8-common-8.0.25-r0
|
||||
php8-ctype-8.0.25-r0
|
||||
php8-curl-8.0.25-r0
|
||||
php8-dom-8.0.25-r0
|
||||
php8-exif-8.0.25-r0
|
||||
php8-fileinfo-8.0.25-r0
|
||||
php8-fpm-8.0.25-r0
|
||||
php8-ftp-8.0.25-r0
|
||||
php8-gd-8.0.25-r0
|
||||
php8-gmp-8.0.25-r0
|
||||
php8-iconv-8.0.25-r0
|
||||
php8-imap-8.0.25-r0
|
||||
php8-intl-8.0.25-r0
|
||||
php8-ldap-8.0.25-r0
|
||||
php8-mbstring-8.0.25-r0
|
||||
php8-mysqli-8.0.25-r0
|
||||
php8-mysqlnd-8.0.25-r0
|
||||
php8-opcache-8.0.25-r0
|
||||
php8-openssl-8.0.25-r0
|
||||
php8-pdo-8.0.25-r0
|
||||
php8-pdo_mysql-8.0.25-r0
|
||||
php8-pdo_odbc-8.0.25-r0
|
||||
php8-pdo_pgsql-8.0.25-r0
|
||||
php8-pdo_sqlite-8.0.25-r0
|
||||
php8-pear-8.0.25-r0
|
||||
php8-pecl-apcu-5.1.21-r0
|
||||
php8-pecl-igbinary-3.2.6-r0
|
||||
php8-pecl-mailparse-3.1.3-r0
|
||||
php8-pecl-mcrypt-1.0.4-r0
|
||||
php8-pecl-memcached-3.1.5-r1
|
||||
php8-pecl-redis-5.3.6-r0
|
||||
php8-pecl-xmlrpc-1.0.0_rc3-r0
|
||||
php8-pgsql-8.0.25-r0
|
||||
php8-phar-8.0.25-r0
|
||||
php8-posix-8.0.25-r0
|
||||
php8-session-8.0.25-r0
|
||||
php8-simplexml-8.0.25-r0
|
||||
php8-soap-8.0.25-r0
|
||||
php8-sockets-8.0.25-r0
|
||||
php8-sodium-8.0.25-r0
|
||||
php8-sqlite3-8.0.25-r0
|
||||
php8-tokenizer-8.0.25-r0
|
||||
php8-xml-8.0.25-r0
|
||||
php8-xmlreader-8.0.25-r0
|
||||
php8-xmlwriter-8.0.25-r0
|
||||
php8-xsl-8.0.25-r0
|
||||
php8-zip-8.0.25-r0
|
||||
pinentry-1.2.0-r0
|
||||
popt-1.18-r0
|
||||
procps-3.3.17-r0
|
||||
py3-appdirs-1.4.4-r2
|
||||
py3-asn1crypto-1.4.0-r1
|
||||
py3-cachecontrol-0.12.10-r0
|
||||
py3-certifi-2020.12.5-r1
|
||||
py3-cffi-1.14.5-r4
|
||||
py3-charset-normalizer-2.0.7-r0
|
||||
py3-colorama-0.4.4-r1
|
||||
py3-contextlib2-21.6.0-r1
|
||||
py3-cparser-2.20-r1
|
||||
py3-cryptography-3.3.2-r3
|
||||
py3-distlib-0.3.3-r0
|
||||
py3-distro-1.6.0-r0
|
||||
py3-future-0.18.2-r3
|
||||
py3-html5lib-1.1-r1
|
||||
py3-idna-3.3-r0
|
||||
py3-lockfile-0.12.2-r4
|
||||
py3-msgpack-1.0.2-r1
|
||||
py3-ordered-set-4.0.2-r2
|
||||
py3-packaging-20.9-r1
|
||||
py3-parsing-2.4.7-r2
|
||||
py3-pep517-0.12.0-r0
|
||||
py3-pip-20.3.4-r1
|
||||
py3-progress-1.6-r0
|
||||
py3-requests-2.26.0-r1
|
||||
py3-retrying-1.3.3-r2
|
||||
py3-setuptools-52.0.0-r4
|
||||
py3-six-1.16.0-r0
|
||||
py3-toml-0.10.2-r2
|
||||
py3-tomli-1.2.2-r0
|
||||
py3-urllib3-1.26.7-r0
|
||||
py3-webencodings-0.5.1-r4
|
||||
python3-3.9.15-r0
|
||||
readline-8.1.1-r0
|
||||
s6-ipcserver-2.11.0.0-r0
|
||||
scanelf-1.3.3-r0
|
||||
shadow-4.8.1-r1
|
||||
skalibs-2.11.0.0-r0
|
||||
sqlite-libs-3.36.0-r0
|
||||
ssl_client-1.34.1-r7
|
||||
perl-git-2.38.3-r1
|
||||
php81-8.1.14-r0
|
||||
php81-bcmath-8.1.14-r0
|
||||
php81-bz2-8.1.14-r0
|
||||
php81-common-8.1.14-r0
|
||||
php81-ctype-8.1.14-r0
|
||||
php81-curl-8.1.14-r0
|
||||
php81-dom-8.1.14-r0
|
||||
php81-exif-8.1.14-r0
|
||||
php81-fileinfo-8.1.14-r0
|
||||
php81-fpm-8.1.14-r0
|
||||
php81-ftp-8.1.14-r0
|
||||
php81-gd-8.1.14-r0
|
||||
php81-gmp-8.1.14-r0
|
||||
php81-iconv-8.1.14-r0
|
||||
php81-imap-8.1.14-r0
|
||||
php81-intl-8.1.14-r0
|
||||
php81-ldap-8.1.14-r0
|
||||
php81-mbstring-8.1.14-r0
|
||||
php81-mysqli-8.1.14-r0
|
||||
php81-mysqlnd-8.1.14-r0
|
||||
php81-opcache-8.1.14-r0
|
||||
php81-openssl-8.1.14-r0
|
||||
php81-pdo-8.1.14-r0
|
||||
php81-pdo_mysql-8.1.14-r0
|
||||
php81-pdo_odbc-8.1.14-r0
|
||||
php81-pdo_pgsql-8.1.14-r0
|
||||
php81-pdo_sqlite-8.1.14-r0
|
||||
php81-pear-8.1.14-r0
|
||||
php81-pecl-apcu-5.1.22-r0
|
||||
php81-pecl-igbinary-3.2.12-r0
|
||||
php81-pecl-mailparse-3.1.4-r0
|
||||
php81-pecl-mcrypt-1.0.4-r0
|
||||
php81-pecl-memcached-3.2.0-r0
|
||||
php81-pecl-redis-5.3.7-r0
|
||||
php81-pecl-xmlrpc-1.0.0_rc3-r0
|
||||
php81-pgsql-8.1.14-r0
|
||||
php81-phar-8.1.14-r0
|
||||
php81-posix-8.1.14-r0
|
||||
php81-session-8.1.14-r0
|
||||
php81-simplexml-8.1.14-r0
|
||||
php81-soap-8.1.14-r0
|
||||
php81-sockets-8.1.14-r0
|
||||
php81-sodium-8.1.14-r0
|
||||
php81-sqlite3-8.1.14-r0
|
||||
php81-tokenizer-8.1.14-r0
|
||||
php81-xml-8.1.14-r0
|
||||
php81-xmlreader-8.1.14-r0
|
||||
php81-xmlwriter-8.1.14-r0
|
||||
php81-xsl-8.1.14-r0
|
||||
php81-zip-8.1.14-r0
|
||||
pinentry-1.2.1-r0
|
||||
popt-1.19-r0
|
||||
procps-3.3.17-r2
|
||||
python3-3.10.9-r1
|
||||
readline-8.2.0-r0
|
||||
scanelf-1.3.5-r1
|
||||
shadow-4.13-r0
|
||||
skalibs-2.12.0.1-r0
|
||||
sqlite-libs-3.40.1-r0
|
||||
ssl_client-1.35.0-r29
|
||||
tiff-4.4.0-r1
|
||||
tzdata-2022f-r1
|
||||
unixodbc-2.3.9-r1
|
||||
utmps-0.1.0.3-r0
|
||||
whois-5.5.10-r0
|
||||
xz-5.2.5-r1
|
||||
xz-libs-5.2.5-r1
|
||||
zlib-1.2.12-r3
|
||||
zstd-libs-1.5.0-r0
|
||||
unixodbc-2.3.11-r0
|
||||
utmps-libs-0.1.2.0-r1
|
||||
whois-5.5.14-r0
|
||||
xz-5.2.9-r0
|
||||
xz-libs-5.2.9-r0
|
||||
zlib-1.2.13-r0
|
||||
zstd-libs-1.5.2-r9
|
||||
|
@ -152,11 +152,11 @@ app_setup_block: |
|
||||
|
||||
Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
|
||||
|
||||
app_setup_nginx_reverse_proxy_snippet: false
|
||||
app_setup_nginx_reverse_proxy_block: ""
|
||||
|
||||
# changelog
|
||||
changelogs:
|
||||
- { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
|
||||
- { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." }
|
||||
- { date: "08.12.22:", desc: "Revamp certbot init."}
|
||||
- { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."}
|
||||
- { date: "22.11.22:", desc: "Pin acme to the same version as certbot."}
|
||||
- { date: "22.11.22:", desc: "Pin certbot to 1.32.0 until plugin compatibility improves."}
|
||||
|
@ -1,6 +1,15 @@
|
||||
# Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials
|
||||
# Replace with your values
|
||||
# The url cPanel url
|
||||
# include the scheme and the port number (usually 2083 for https)
|
||||
dns_cpanel_url = https://cpanel.example.com:2083
|
||||
dns_cpanel_username = username
|
||||
dns_cpanel_password = 1234567890abcdef
|
||||
cpanel_url = https://cpanel.exemple.com:2083
|
||||
|
||||
# The cPanel username
|
||||
cpanel_username = user
|
||||
|
||||
# The cPanel password
|
||||
cpanel_password = hunter2
|
||||
|
||||
# The cPanel API Token
|
||||
cpanel_token = EUTQ793EY7MIRX4EMXXXXXXXXXXOX4JF
|
||||
|
||||
# You only need to configure API Token or Password. If you supply both, the API Token will be used
|
||||
|
@ -12,10 +12,10 @@
|
||||
|
||||
# The DirectAdmin Server url
|
||||
# include the scheme and the port number (Normally 2222)
|
||||
directadmin_url = https://my.directadminserver.com:2222
|
||||
dns_directadmin_url = https://my.directadminserver.com:2222
|
||||
|
||||
# The DirectAdmin username
|
||||
directadmin_username = username
|
||||
dns_directadmin_username = username
|
||||
|
||||
# The DirectAdmin password
|
||||
directadmin_password = aSuperStrongPassword
|
||||
dns_directadmin_password = aSuperStrongPassword
|
||||
|
@ -5,11 +5,11 @@
|
||||
. /config/.donoteditthisfile.conf
|
||||
|
||||
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
|
||||
if pgrep -f "s6-supervise nginx" >/dev/null; then
|
||||
s6-svc -u /run/service/nginx
|
||||
fi
|
||||
if pgrep -f "s6-supervise nginx" >/dev/null; then
|
||||
s6-svc -u /run/service/svc-nginx
|
||||
fi
|
||||
else
|
||||
if pgrep -f "nginx:" >/dev/null; then
|
||||
s6-svc -h /run/service/nginx
|
||||
fi
|
||||
if pgrep -f "nginx:" >/dev/null; then
|
||||
s6-svc -h /run/service/svc-nginx
|
||||
fi
|
||||
fi
|
||||
|
@ -5,7 +5,7 @@
|
||||
. /config/.donoteditthisfile.conf
|
||||
|
||||
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
|
||||
if pgrep -f "nginx:" >/dev/null; then
|
||||
s6-svc -d /run/service/nginx
|
||||
fi
|
||||
if pgrep -f "nginx:" >/dev/null; then
|
||||
s6-svc -d /run/service/svc-nginx
|
||||
fi
|
||||
fi
|
||||
|
@ -1,11 +0,0 @@
|
||||
#!/usr/bin/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
# copy crontabs if needed
|
||||
if [[ ! -f /config/crontabs/root ]]; then
|
||||
cp /etc/crontabs/root /config/crontabs/
|
||||
fi
|
||||
|
||||
# import user crontabs
|
||||
rm /etc/crontabs/*
|
||||
cp /config/crontabs/* /etc/crontabs/
|
233
root/etc/cont-init.d/50-certbot → root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
Normal file → Executable file
233
root/etc/cont-init.d/50-certbot → root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
Normal file → Executable file
@ -31,20 +31,15 @@ fi
|
||||
|
||||
# copy dns default configs
|
||||
cp -n /defaults/dns-conf/* /config/dns-conf/
|
||||
chown -R abc:abc /config/dns-conf
|
||||
|
||||
# update plugin names in dns conf inis
|
||||
sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini
|
||||
sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini
|
||||
sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini
|
||||
sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini
|
||||
sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini
|
||||
sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini
|
||||
lsiown -R abc:abc /config/dns-conf
|
||||
|
||||
# copy default renewal hooks
|
||||
chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
|
||||
cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
|
||||
chown -R abc:abc /config/etc/letsencrypt/renewal-hooks
|
||||
lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
|
||||
|
||||
# replace nginx service location in renewal hooks
|
||||
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
|
||||
|
||||
# create original config file if it doesn't exist, move non-hidden legacy file to hidden
|
||||
if [[ -f "/config/donoteditthisfile.conf" ]]; then
|
||||
@ -59,6 +54,57 @@ fi
|
||||
# shellcheck source=/dev/null
|
||||
. /config/.donoteditthisfile.conf
|
||||
|
||||
# setting ORIGDOMAIN for use in revoke sections
|
||||
if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
|
||||
ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
|
||||
else
|
||||
ORIGDOMAIN="${ORIGURL}"
|
||||
fi
|
||||
|
||||
# update plugin names in dns conf inis
|
||||
sed -i 's|^certbot[-_]dns[-_]aliyun:||g' /config/dns-conf/aliyun.ini
|
||||
sed -i 's|^certbot[-_]dns[-_]cpanel:||g' /config/dns-conf/cpanel.ini
|
||||
sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' /config/dns-conf/cpanel.ini
|
||||
sed -i 's|^directadmin[-_]|dns_directadmin_|g' /config/dns-conf/directadmin.ini
|
||||
sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' /config/dns-conf/domeneshop.ini
|
||||
sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' /config/dns-conf/gandi.ini
|
||||
sed -i 's|^certbot[-_]dns[-_]inwx:||g' /config/dns-conf/inwx.ini
|
||||
sed -i 's|^certbot[-_]dns[-_]transip:||g' /config/dns-conf/transip.ini
|
||||
|
||||
# update plugin names in renewal conf
|
||||
if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then
|
||||
if [[ "${ORIGDNSPLUGIN}" =~ ^(aliyun)$ ]]; then
|
||||
sed -i 's|^authenticator = certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
sed -i 's|^certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
fi
|
||||
if [[ "${ORIGDNSPLUGIN}" =~ ^(cpanel)$ ]]; then
|
||||
sed -i 's|^authenticator = certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
sed -i 's|^certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
sed -i 's|^authenticator = dns[-_]cpanel|authenticator = cpanel|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
fi
|
||||
if [[ "${ORIGDNSPLUGIN}" =~ ^(directadmin)$ ]]; then
|
||||
sed -i 's|^authenticator = directadmin|authenticator = dns-directadmin|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
sed -i 's|^directadmin[-_]|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
fi
|
||||
if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then
|
||||
sed -i 's|^authenticator = certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
fi
|
||||
if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then
|
||||
sed -i 's|^authenticator = certbot[-_]plugin[-_]gandi:dns|authenticator = dns-gandi|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
fi
|
||||
if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then
|
||||
sed -i 's|^authenticator = certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
sed -i 's|^certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
fi
|
||||
if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then
|
||||
sed -i 's|^authenticator = certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
sed -i 's|^certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
|
||||
fi
|
||||
fi
|
||||
|
||||
# set default validation to http
|
||||
if [[ -z "${VALIDATION}" ]]; then
|
||||
VALIDATION="http"
|
||||
@ -84,6 +130,59 @@ if [[ "${VALIDATION}" = "dns" ]] && [[ "${DNSPLUGIN}" = "duckdns" ]]; then
|
||||
export EXTRA_DOMAINS=""
|
||||
fi
|
||||
|
||||
# setting the symlink for key location
|
||||
rm -rf /config/keys/letsencrypt
|
||||
if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
|
||||
DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
|
||||
ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
|
||||
else
|
||||
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
|
||||
fi
|
||||
|
||||
# checking for changes in cert variables, revoking certs if necessary
|
||||
if [[ ! "${URL}" = "${ORIGURL}" ]] ||
|
||||
[[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
|
||||
[[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] ||
|
||||
[[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] ||
|
||||
[[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] ||
|
||||
[[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
|
||||
[[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
|
||||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
|
||||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
|
||||
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
|
||||
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
|
||||
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
|
||||
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
|
||||
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
|
||||
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
||||
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
|
||||
sleep infinity
|
||||
fi
|
||||
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
|
||||
elif [[ "${ORIGSTAGING}" = "true" ]]; then
|
||||
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
else
|
||||
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||
fi
|
||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
|
||||
fi
|
||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||
fi
|
||||
|
||||
# saving new variables
|
||||
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
|
||||
|
||||
# Check if the cert is using the old LE root cert, revoke and regen if necessary
|
||||
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
|
||||
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
|
||||
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
|
||||
fi
|
||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||
fi
|
||||
|
||||
# if zerossl is selected or staging is set to true, use the relevant server
|
||||
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
|
||||
echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
|
||||
@ -151,33 +250,40 @@ else
|
||||
EMAILPARAM="--register-unsafely-without-email"
|
||||
fi
|
||||
|
||||
# alter extension for error message
|
||||
if [[ "${DNSPLUGIN}" = "google" ]]; then
|
||||
DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.json"
|
||||
else
|
||||
DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.ini"
|
||||
fi
|
||||
|
||||
# setting the validation method to use
|
||||
if [[ "${VALIDATION}" = "dns" ]]; then
|
||||
if [[ "${DNSPLUGIN}" = "route53" ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
|
||||
elif [[ "${DNSPLUGIN}" =~ ^(azure|gandi)$ ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
|
||||
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini"
|
||||
elif [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini --dns-duckdns-no-txt-restore ${PROPAGATIONPARAM}"
|
||||
elif [[ "${DNSPLUGIN}" =~ ^(google)$ ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
|
||||
elif [[ "${DNSPLUGIN}" =~ ^(acmedns|aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
|
||||
elif [[ "${DNSPLUGIN}" =~ ^(standalone)$ ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then echo "standalone dns plugin does not support setting propagation time"; fi
|
||||
PREFCHAL="-a dns-${DNSPLUGIN}"
|
||||
elif [[ "${DNSPLUGIN}" =~ ^(directadmin)$ ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
|
||||
else
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
|
||||
AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
|
||||
DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
|
||||
# plugins that don't support setting credentials file
|
||||
if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
|
||||
DNSCREDENTIALSPARAM=""
|
||||
fi
|
||||
# plugins that don't support setting propagation
|
||||
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
|
||||
PROPAGATIONPARAM=""
|
||||
fi
|
||||
# plugins that use old parameter naming convention
|
||||
if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
|
||||
AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
|
||||
DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
fi
|
||||
# don't restore txt records when using DuckDNS plugin
|
||||
if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
|
||||
AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
|
||||
fi
|
||||
|
||||
PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
|
||||
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
|
||||
elif [[ "${VALIDATION}" = "tls-sni" ]]; then
|
||||
PREFCHAL="--standalone --preferred-challenges http"
|
||||
@ -187,63 +293,6 @@ else
|
||||
echo "http validation is selected"
|
||||
fi
|
||||
|
||||
# setting the symlink for key location
|
||||
rm -rf /config/keys/letsencrypt
|
||||
if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
|
||||
DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
|
||||
ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
|
||||
else
|
||||
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
|
||||
fi
|
||||
|
||||
# checking for changes in cert variables, revoking certs if necessary
|
||||
if [[ ! "${URL}" = "${ORIGURL}" ]] || [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] || [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] || [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] || [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] || [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
|
||||
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
|
||||
if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
|
||||
ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
|
||||
else
|
||||
ORIGDOMAIN="${ORIGURL}"
|
||||
fi
|
||||
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
|
||||
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
|
||||
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
|
||||
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
|
||||
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
||||
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
|
||||
sleep infinity
|
||||
fi
|
||||
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
|
||||
elif [[ "${ORIGSTAGING}" = "true" ]]; then
|
||||
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
else
|
||||
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||
fi
|
||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
|
||||
fi
|
||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||
fi
|
||||
|
||||
# saving new variables
|
||||
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
|
||||
|
||||
# alter extension for error message
|
||||
if [[ "${DNSPLUGIN}" = "google" ]]; then
|
||||
FILENAME="${DNSPLUGIN}.json"
|
||||
else
|
||||
FILENAME="${DNSPLUGIN}.ini"
|
||||
fi
|
||||
|
||||
# Check if the cert is using the old LE root cert, revoke and regen if necessary
|
||||
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
|
||||
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
|
||||
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
|
||||
fi
|
||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||
fi
|
||||
|
||||
# generating certs if necessary
|
||||
if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
|
||||
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
|
||||
@ -262,7 +311,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
|
||||
certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
|
||||
if [[ ! -d /config/keys/letsencrypt ]]; then
|
||||
if [[ "${VALIDATION}" = "dns" ]]; then
|
||||
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
|
||||
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
|
||||
else
|
||||
echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
|
||||
fi
|
1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-certbot-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-certbot-config/run
|
17
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
Executable file
17
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
Executable file
@ -0,0 +1,17 @@
|
||||
#!/usr/bin/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
# if root crontabs do not exist in config
|
||||
# copy root crontab from system
|
||||
if [[ ! -f /config/crontabs/root ]] && crontab -l -u root; then
|
||||
crontab -l -u root >/config/crontabs/root
|
||||
fi
|
||||
|
||||
# if root crontabs still do not exist in config (were not copied from system)
|
||||
# copy root crontab from included defaults
|
||||
if [[ ! -f /config/crontabs/root ]]; then
|
||||
cp /etc/crontabs/root /config/crontabs/
|
||||
fi
|
||||
|
||||
# import user crontabs
|
||||
crontab -u root /config/crontabs/root
|
1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
|
0
root/etc/cont-init.d/42-fail2ban → root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
Normal file → Executable file
0
root/etc/cont-init.d/42-fail2ban → root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
|
0
root/etc/cont-init.d/40-folders → root/etc/s6-overlay/s6-rc.d/init-folders-config/run
Normal file → Executable file
0
root/etc/cont-init.d/40-folders → root/etc/s6-overlay/s6-rc.d/init-folders-config/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-folders-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-folders-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-folders-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-folders-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-folders-config/run
|
0
root/etc/cont-init.d/45-nginx → root/etc/s6-overlay/s6-rc.d/init-nginx-config/run
Normal file → Executable file
0
root/etc/cont-init.d/45-nginx → root/etc/s6-overlay/s6-rc.d/init-nginx-config/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-nginx-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-nginx-config/run
|
0
root/etc/cont-init.d/70-outdated → root/etc/s6-overlay/s6-rc.d/init-outdated-config/run
Normal file → Executable file
0
root/etc/cont-init.d/70-outdated → root/etc/s6-overlay/s6-rc.d/init-outdated-config/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-outdated-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-outdated-config/run
|
2
root/etc/cont-init.d/55-permissions → root/etc/s6-overlay/s6-rc.d/init-permissions-config/run
Normal file → Executable file
2
root/etc/cont-init.d/55-permissions → root/etc/s6-overlay/s6-rc.d/init-permissions-config/run
Normal file → Executable file
@ -2,7 +2,7 @@
|
||||
# shellcheck shell=bash
|
||||
|
||||
# permissions
|
||||
chown -R abc:abc \
|
||||
lsiown -R abc:abc \
|
||||
/config
|
||||
chmod -R 0644 /etc/logrotate.d
|
||||
chmod -R +r /config/log
|
1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-permissions-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-permissions-config/run
|
0
root/etc/cont-init.d/60-renew → root/etc/s6-overlay/s6-rc.d/init-renew/run
Normal file → Executable file
0
root/etc/cont-init.d/60-renew → root/etc/s6-overlay/s6-rc.d/init-renew/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-renew/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-renew/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-renew/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-renew/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-renew/run
|
0
root/etc/cont-init.d/31-require-url → root/etc/s6-overlay/s6-rc.d/init-require-url/run
Normal file → Executable file
0
root/etc/cont-init.d/31-require-url → root/etc/s6-overlay/s6-rc.d/init-require-url/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-require-url/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-require-url/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-require-url/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-require-url/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-require-url/run
|
0
root/etc/cont-init.d/41-samples → root/etc/s6-overlay/s6-rc.d/init-samples-config/run
Normal file → Executable file
0
root/etc/cont-init.d/41-samples → root/etc/s6-overlay/s6-rc.d/init-samples-config/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-samples-config/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-samples-config/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-samples-config/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-samples-config/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-samples-config/run
|
0
root/etc/cont-init.d/30-test-run → root/etc/s6-overlay/s6-rc.d/init-test-run/run
Normal file → Executable file
0
root/etc/cont-init.d/30-test-run → root/etc/s6-overlay/s6-rc.d/init-test-run/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/init-test-run/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-test-run/type
Normal file
@ -0,0 +1 @@
|
||||
oneshot
|
1
root/etc/s6-overlay/s6-rc.d/init-test-run/up
Normal file
1
root/etc/s6-overlay/s6-rc.d/init-test-run/up
Normal file
@ -0,0 +1 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-test-run/run
|
0
root/etc/services.d/fail2ban/run → root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run
Normal file → Executable file
0
root/etc/services.d/fail2ban/run → root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run
Normal file → Executable file
1
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type
Normal file
1
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type
Normal file
@ -0,0 +1 @@
|
||||
longrun
|
Loading…
Reference in New Issue
Block a user