Merge remote-tracking branch 'origin/master' into 2.1.0

This commit is contained in:
Eric Nemchik 2023-01-21 17:32:53 -06:00
commit f6529ad8fb
71 changed files with 570 additions and 535 deletions

View File

@ -1,4 +1,6 @@
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
# set version label
ARG BUILD_DATE
@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
cargo \
g++ \
gcc \
libffi-dev \
libxml2-dev \
libxslt-dev \
@ -24,11 +25,9 @@ RUN \
python3-dev && \
echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
curl \
fail2ban \
gnupg \
memcached \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
nginx-mod-http-echo \
@ -36,7 +35,6 @@ RUN \
nginx-mod-http-geoip2 \
nginx-mod-http-headers-more \
nginx-mod-http-image-filter \
nginx-mod-http-nchan \
nginx-mod-http-perl \
nginx-mod-http-redis2 \
nginx-mod-http-set-misc \
@ -47,61 +45,56 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
php81-bcmath \
php81-bz2 \
php81-ctype \
php81-curl \
php81-dom \
php81-exif \
php81-ftp \
php81-gd \
php81-gmp \
php81-iconv \
php81-imap \
php81-intl \
php81-ldap \
php81-mysqli \
php81-mysqlnd \
php81-opcache \
php81-pdo_mysql \
php81-pdo_odbc \
php81-pdo_pgsql \
php81-pdo_sqlite \
php81-pear \
php81-pecl-apcu \
php81-pecl-mailparse \
php81-pecl-memcached \
php81-pecl-redis \
php81-pgsql \
php81-phar \
php81-posix \
php81-soap \
php81-sockets \
php81-sodium \
php81-sqlite3 \
php81-tokenizer \
php81-xmlreader \
php81-xsl \
php81-zip \
whois && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php81-pecl-mcrypt \
php81-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
fi && \
pip3 install -U \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
${CERTBOT} \
python3 -m ensurepip && \
pip3 install -U --no-cache-dir \
pip \
wheel && \
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
certbot==${CERTBOT_VERSION} \
certbot-dns-acmedns \
certbot-dns-aliyun \
certbot-dns-azure \
@ -141,6 +134,7 @@ RUN \
certbot-dns-vultr \
certbot-plugin-gandi \
cryptography \
future \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
@ -176,14 +170,10 @@ RUN \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
for cleanfiles in *.pyc *.pyo; \
do \
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
; done && \
rm -rf \
/tmp/* \
/root/.cache \
/root/.cargo
$HOME/.cache \
$HOME/.cargo
# copy local files
COPY root/ /

View File

@ -1,4 +1,6 @@
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
# set version label
ARG BUILD_DATE
@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
cargo \
g++ \
gcc \
libffi-dev \
libxml2-dev \
libxslt-dev \
@ -24,11 +25,9 @@ RUN \
python3-dev && \
echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
curl \
fail2ban \
gnupg \
memcached \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
nginx-mod-http-echo \
@ -36,7 +35,6 @@ RUN \
nginx-mod-http-geoip2 \
nginx-mod-http-headers-more \
nginx-mod-http-image-filter \
nginx-mod-http-nchan \
nginx-mod-http-perl \
nginx-mod-http-redis2 \
nginx-mod-http-set-misc \
@ -47,61 +45,56 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
php81-bcmath \
php81-bz2 \
php81-ctype \
php81-curl \
php81-dom \
php81-exif \
php81-ftp \
php81-gd \
php81-gmp \
php81-iconv \
php81-imap \
php81-intl \
php81-ldap \
php81-mysqli \
php81-mysqlnd \
php81-opcache \
php81-pdo_mysql \
php81-pdo_odbc \
php81-pdo_pgsql \
php81-pdo_sqlite \
php81-pear \
php81-pecl-apcu \
php81-pecl-mailparse \
php81-pecl-memcached \
php81-pecl-redis \
php81-pgsql \
php81-phar \
php81-posix \
php81-soap \
php81-sockets \
php81-sodium \
php81-sqlite3 \
php81-tokenizer \
php81-xmlreader \
php81-xsl \
php81-zip \
whois && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php81-pecl-mcrypt \
php81-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
fi && \
pip3 install -U \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
${CERTBOT} \
python3 -m ensurepip && \
pip3 install -U --no-cache-dir \
pip \
wheel && \
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
certbot==${CERTBOT_VERSION} \
certbot-dns-acmedns \
certbot-dns-aliyun \
certbot-dns-azure \
@ -141,6 +134,7 @@ RUN \
certbot-dns-vultr \
certbot-plugin-gandi \
cryptography \
future \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
@ -176,14 +170,10 @@ RUN \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
for cleanfiles in *.pyc *.pyo; \
do \
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
; done && \
rm -rf \
/tmp/* \
/root/.cache \
/root/.cargo
$HOME/.cache \
$HOME/.cargo
# copy local files
COPY root/ /

View File

@ -1,4 +1,6 @@
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
# set version label
ARG BUILD_DATE
@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
cargo \
g++ \
gcc \
libffi-dev \
libxml2-dev \
libxslt-dev \
@ -24,11 +25,9 @@ RUN \
python3-dev && \
echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
curl \
fail2ban \
gnupg \
memcached \
nginx \
nginx-mod-http-brotli \
nginx-mod-http-dav-ext \
nginx-mod-http-echo \
@ -36,7 +35,6 @@ RUN \
nginx-mod-http-geoip2 \
nginx-mod-http-headers-more \
nginx-mod-http-image-filter \
nginx-mod-http-nchan \
nginx-mod-http-perl \
nginx-mod-http-redis2 \
nginx-mod-http-set-misc \
@ -47,61 +45,56 @@ RUN \
nginx-mod-stream \
nginx-mod-stream-geoip2 \
nginx-vim \
php8-bcmath \
php8-bz2 \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-imap \
php8-intl \
php8-ldap \
php8-mysqli \
php8-mysqlnd \
php8-opcache \
php8-pdo_mysql \
php8-pdo_odbc \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-pear \
php8-pecl-apcu \
php8-pecl-mailparse \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pecl-redis \
php8-pgsql \
php8-phar \
php8-posix \
php8-soap \
php8-sockets \
php8-sodium \
php8-sqlite3 \
php8-tokenizer \
php8-xml \
php8-xmlreader \
php8-xsl \
php8-zip \
py3-cryptography \
py3-future \
py3-pip \
php81-bcmath \
php81-bz2 \
php81-ctype \
php81-curl \
php81-dom \
php81-exif \
php81-ftp \
php81-gd \
php81-gmp \
php81-iconv \
php81-imap \
php81-intl \
php81-ldap \
php81-mysqli \
php81-mysqlnd \
php81-opcache \
php81-pdo_mysql \
php81-pdo_odbc \
php81-pdo_pgsql \
php81-pdo_sqlite \
php81-pear \
php81-pecl-apcu \
php81-pecl-mailparse \
php81-pecl-memcached \
php81-pecl-redis \
php81-pgsql \
php81-phar \
php81-posix \
php81-soap \
php81-sockets \
php81-sodium \
php81-sqlite3 \
php81-tokenizer \
php81-xmlreader \
php81-xsl \
php81-zip \
whois && \
apk add --no-cache \
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php8-pecl-xmlrpc && \
apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
php81-pecl-mcrypt \
php81-pecl-xmlrpc && \
echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \
CERTBOT="certbot"; \
else \
CERTBOT="certbot==${CERTBOT_VERSION}"; \
CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
fi && \
pip3 install -U \
pip wheel && \
pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
${CERTBOT} \
python3 -m ensurepip && \
pip3 install -U --no-cache-dir \
pip \
wheel && \
pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
certbot==${CERTBOT_VERSION} \
certbot-dns-acmedns \
certbot-dns-aliyun \
certbot-dns-azure \
@ -141,6 +134,7 @@ RUN \
certbot-dns-vultr \
certbot-plugin-gandi \
cryptography \
future \
requests && \
echo "**** enable OCSP stapling from base ****" && \
sed -i \
@ -176,14 +170,10 @@ RUN \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
for cleanfiles in *.pyc *.pyo; \
do \
find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \
; done && \
rm -rf \
/tmp/* \
/root/.cache \
/root/.cargo
$HOME/.cache \
$HOME/.cargo
# copy local files
COPY root/ /

View File

@ -335,6 +335,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **20.01.23:** - Rebase to alpine 3.17 with php8.1.
* **16.01.23:** - Remove nchan module because it keeps causing crashes.
* **08.12.22:** - Revamp certbot init.
* **03.12.22:** - Remove defunct cloudxns plugin.
* **22.11.22:** - Pin acme to the same version as certbot.
* **22.11.22:** - Pin certbot to 1.32.0 until plugin compatibility improves.

View File

@ -1,229 +1,204 @@
alpine-baselayout-3.2.0-r18
alpine-baselayout-3.4.0-r0
alpine-baselayout-data-3.4.0-r0
alpine-keys-2.4-r1
apache2-utils-2.4.54-r0
apk-tools-2.12.7-r3
apr-1.7.0-r1
apr-util-1.6.1-r11
argon2-libs-20190702-r1
bash-5.1.16-r0
brotli-libs-1.0.9-r5
busybox-1.34.1-r7
c-client-2007f-r13
ca-certificates-20220614-r0
ca-certificates-bundle-20220614-r0
coreutils-9.0-r2
curl-7.80.0-r4
expat-2.5.0-r0
fail2ban-0.11.2-r1
freetype-2.11.1-r2
gdbm-1.22-r0
git-2.34.5-r0
git-perl-2.34.5-r0
gmp-6.2.1-r1
gnupg-2.2.31-r2
gnupg-dirmngr-2.2.31-r2
gnupg-gpgconf-2.2.31-r2
gnupg-utils-2.2.31-r2
gnupg-wks-client-2.2.31-r2
gnutls-3.7.1-r1
gpg-2.2.31-r2
gpg-agent-2.2.31-r2
gpg-wks-server-2.2.31-r2
gpgsm-2.2.31-r2
gpgv-2.2.31-r2
icu-libs-69.1-r1
ip6tables-1.8.7-r1
iptables-1.8.7-r1
libacl-2.2.53-r0
libassuan-2.5.5-r0
libattr-2.5.1-r1
libbsd-0.11.3-r1
libbz2-1.0.8-r1
alpine-release-3.17.1-r0
aom-libs-3.5.0-r0
apache2-utils-2.4.55-r0
apk-tools-2.12.10-r1
apr-1.7.0-r2
apr-util-1.6.1-r14
argon2-libs-20190702-r2
bash-5.2.15-r0
brotli-libs-1.0.9-r9
busybox-1.35.0-r29
busybox-binsh-1.35.0-r29
c-client-2007f-r14
ca-certificates-20220614-r4
ca-certificates-bundle-20220614-r4
coreutils-9.1-r0
curl-7.87.0-r1
fail2ban-1.0.2-r0
fontconfig-2.14.1-r0
freetype-2.12.1-r0
gdbm-1.23-r0
git-2.38.3-r1
git-perl-2.38.3-r1
gmp-6.2.1-r2
gnupg-2.2.40-r0
gnupg-dirmngr-2.2.40-r0
gnupg-gpgconf-2.2.40-r0
gnupg-utils-2.2.40-r0
gnupg-wks-client-2.2.40-r0
gnutls-3.7.8-r2
gpg-2.2.40-r0
gpg-agent-2.2.40-r0
gpg-wks-server-2.2.40-r0
gpgsm-2.2.40-r0
gpgv-2.2.40-r0
icu-data-en-72.1-r1
icu-libs-72.1-r1
ip6tables-1.8.8-r2
iptables-1.8.8-r2
jq-1.6-r2
libacl-2.3.1-r1
libassuan-2.5.5-r1
libattr-2.5.1-r2
libavif-0.11.1-r0
libbsd-0.11.7-r0
libbz2-1.0.8-r4
libc-utils-0.7.2-r3
libcap-2.61-r0
libcrypto1.1-1.1.1s-r1
libcurl-7.80.0-r4
libedit-20210910.3.1-r0
libevent-2.1.12-r4
libffi-3.4.2-r1
libgcc-10.3.1_git20211027-r0
libgcrypt-1.9.4-r0
libgd-2.3.2-r1
libgpg-error-1.42-r1
libice-1.0.10-r0
libidn-1.38-r0
libintl-0.21-r0
libjpeg-turbo-2.1.2-r0
libksba-1.6.0-r0
libldap-2.6.2-r0
libmaxminddb-1.6.0-r0
libmcrypt-2.5.8-r9
libmd-1.0.3-r0
libmemcached-libs-1.0.18-r4
libmnl-1.0.4-r2
libnftnl-1.2.1-r0
libpng-1.6.37-r1
libpq-14.5-r0
libproc-3.3.17-r0
libretls-3.3.4-r3
libsasl-2.1.28-r0
libseccomp-2.5.2-r0
libsm-1.2.3-r0
libsodium-1.0.18-r0
libssl1.1-1.1.1s-r1
libstdc++-10.3.1_git20211027-r0
libtasn1-4.18.0-r0
libunistring-0.9.10-r1
libuuid-2.37.4-r0
libwebp-1.2.2-r0
libx11-1.7.3.1-r0
libxau-1.0.9-r0
libxcb-1.14-r2
libxdmcp-1.1.3-r0
libxext-1.3.4-r0
libxml2-2.9.14-r2
libxpm-3.5.13-r0
libxslt-1.1.35-r0
libcrypto3-3.0.7-r2
libcurl-7.87.0-r1
libdav1d-1.0.0-r2
libedit-20221030.3.1-r0
libevent-2.1.12-r5
libexpat-2.5.0-r0
libffi-3.4.4-r0
libgcc-12.2.1_git20220924-r4
libgcrypt-1.10.1-r0
libgd-2.3.3-r3
libgpg-error-1.46-r1
libice-1.0.10-r1
libidn-1.41-r0
libintl-0.21.1-r1
libjpeg-turbo-2.1.4-r0
libksba-1.6.3-r0
libldap-2.6.3-r6
libmaxminddb-libs-1.7.1-r0
libmcrypt-2.5.8-r10
libmd-1.0.4-r0
libmemcached-libs-1.0.18-r5
libmnl-1.0.5-r0
libnftnl-1.2.4-r0
libpng-1.6.38-r0
libpq-15.1-r0
libproc-3.3.17-r2
libsasl-2.1.28-r3
libseccomp-2.5.4-r0
libsm-1.2.3-r1
libsodium-1.0.18-r2
libssl3-3.0.7-r2
libstdc++-12.2.1_git20220924-r4
libtasn1-4.19.0-r0
libunistring-1.1-r0
libuuid-2.38.1-r1
libwebp-1.2.4-r1
libx11-1.8.3-r0
libxau-1.0.10-r0
libxcb-1.15-r0
libxdmcp-1.1.4-r0
libxext-1.3.5-r0
libxml2-2.10.3-r1
libxpm-3.5.15-r0
libxslt-1.1.37-r0
libxt-1.2.1-r0
libzip-1.8.0-r1
linux-pam-1.5.2-r0
logrotate-3.18.1-r4
lz4-libs-1.9.3-r1
memcached-1.6.12-r0
libzip-1.9.2-r2
linux-pam-1.5.2-r1
logrotate-3.20.1-r3
lz4-libs-1.9.4-r1
memcached-1.6.17-r0
mpdecimal-2.5.1-r1
musl-1.2.2-r7
musl-utils-1.2.2-r7
nano-5.9-r0
ncurses-libs-6.3_p20211120-r1
ncurses-terminfo-base-6.3_p20211120-r1
nettle-3.7.3-r0
nghttp2-libs-1.46.0-r0
nginx-1.20.2-r1
nginx-mod-devel-kit-1.20.2-r1
nginx-mod-http-brotli-1.20.2-r1
nginx-mod-http-dav-ext-1.20.2-r1
nginx-mod-http-echo-1.20.2-r1
nginx-mod-http-fancyindex-1.20.2-r1
nginx-mod-http-geoip2-1.20.2-r1
nginx-mod-http-headers-more-1.20.2-r1
nginx-mod-http-image-filter-1.20.2-r1
nginx-mod-http-nchan-1.20.2-r1
nginx-mod-http-perl-1.20.2-r1
nginx-mod-http-redis2-1.20.2-r1
nginx-mod-http-set-misc-1.20.2-r1
nginx-mod-http-upload-progress-1.20.2-r1
nginx-mod-http-xslt-filter-1.20.2-r1
nginx-mod-mail-1.20.2-r1
nginx-mod-rtmp-1.20.2-r1
nginx-mod-stream-1.20.2-r1
nginx-mod-stream-geoip2-1.20.2-r1
nginx-vim-1.20.2-r1
npth-1.6-r1
oniguruma-6.9.7.1-r0
openssl-1.1.1s-r1
p11-kit-0.24.0-r1
pcre-8.45-r1
pcre2-10.40-r0
perl-5.34.0-r1
musl-1.2.3-r4
musl-utils-1.2.3-r4
nano-7.0-r0
ncurses-libs-6.3_p20221119-r0
ncurses-terminfo-base-6.3_p20221119-r0
nettle-3.8.1-r0
nghttp2-libs-1.51.0-r0
nginx-1.22.1-r0
nginx-mod-devel-kit-1.22.1-r0
nginx-mod-http-brotli-1.22.1-r0
nginx-mod-http-dav-ext-1.22.1-r0
nginx-mod-http-echo-1.22.1-r0
nginx-mod-http-fancyindex-1.22.1-r0
nginx-mod-http-geoip2-1.22.1-r0
nginx-mod-http-headers-more-1.22.1-r0
nginx-mod-http-image-filter-1.22.1-r0
nginx-mod-http-perl-1.22.1-r0
nginx-mod-http-redis2-1.22.1-r0
nginx-mod-http-set-misc-1.22.1-r0
nginx-mod-http-upload-progress-1.22.1-r0
nginx-mod-http-xslt-filter-1.22.1-r0
nginx-mod-mail-1.22.1-r0
nginx-mod-rtmp-1.22.1-r0
nginx-mod-stream-1.22.1-r0
nginx-mod-stream-geoip2-1.22.1-r0
nginx-vim-1.22.1-r0
npth-1.6-r2
oniguruma-6.9.8-r0
openssl-3.0.7-r2
p11-kit-0.24.1-r1
pcre-8.45-r2
pcre2-10.42-r0
perl-5.36.0-r0
perl-error-0.17029-r1
perl-git-2.34.5-r0
php8-8.0.25-r0
php8-bcmath-8.0.25-r0
php8-bz2-8.0.25-r0
php8-common-8.0.25-r0
php8-ctype-8.0.25-r0
php8-curl-8.0.25-r0
php8-dom-8.0.25-r0
php8-exif-8.0.25-r0
php8-fileinfo-8.0.25-r0
php8-fpm-8.0.25-r0
php8-ftp-8.0.25-r0
php8-gd-8.0.25-r0
php8-gmp-8.0.25-r0
php8-iconv-8.0.25-r0
php8-imap-8.0.25-r0
php8-intl-8.0.25-r0
php8-ldap-8.0.25-r0
php8-mbstring-8.0.25-r0
php8-mysqli-8.0.25-r0
php8-mysqlnd-8.0.25-r0
php8-opcache-8.0.25-r0
php8-openssl-8.0.25-r0
php8-pdo-8.0.25-r0
php8-pdo_mysql-8.0.25-r0
php8-pdo_odbc-8.0.25-r0
php8-pdo_pgsql-8.0.25-r0
php8-pdo_sqlite-8.0.25-r0
php8-pear-8.0.25-r0
php8-pecl-apcu-5.1.21-r0
php8-pecl-igbinary-3.2.6-r0
php8-pecl-mailparse-3.1.3-r0
php8-pecl-mcrypt-1.0.4-r0
php8-pecl-memcached-3.1.5-r1
php8-pecl-redis-5.3.6-r0
php8-pecl-xmlrpc-1.0.0_rc3-r0
php8-pgsql-8.0.25-r0
php8-phar-8.0.25-r0
php8-posix-8.0.25-r0
php8-session-8.0.25-r0
php8-simplexml-8.0.25-r0
php8-soap-8.0.25-r0
php8-sockets-8.0.25-r0
php8-sodium-8.0.25-r0
php8-sqlite3-8.0.25-r0
php8-tokenizer-8.0.25-r0
php8-xml-8.0.25-r0
php8-xmlreader-8.0.25-r0
php8-xmlwriter-8.0.25-r0
php8-xsl-8.0.25-r0
php8-zip-8.0.25-r0
pinentry-1.2.0-r0
popt-1.18-r0
procps-3.3.17-r0
py3-appdirs-1.4.4-r2
py3-asn1crypto-1.4.0-r1
py3-cachecontrol-0.12.10-r0
py3-certifi-2020.12.5-r1
py3-cffi-1.14.5-r4
py3-charset-normalizer-2.0.7-r0
py3-colorama-0.4.4-r1
py3-contextlib2-21.6.0-r1
py3-cparser-2.20-r1
py3-cryptography-3.3.2-r3
py3-distlib-0.3.3-r0
py3-distro-1.6.0-r0
py3-future-0.18.2-r3
py3-html5lib-1.1-r1
py3-idna-3.3-r0
py3-lockfile-0.12.2-r4
py3-msgpack-1.0.2-r1
py3-ordered-set-4.0.2-r2
py3-packaging-20.9-r1
py3-parsing-2.4.7-r2
py3-pep517-0.12.0-r0
py3-pip-20.3.4-r1
py3-progress-1.6-r0
py3-requests-2.26.0-r1
py3-retrying-1.3.3-r2
py3-setuptools-52.0.0-r4
py3-six-1.16.0-r0
py3-toml-0.10.2-r2
py3-tomli-1.2.2-r0
py3-urllib3-1.26.7-r0
py3-webencodings-0.5.1-r4
python3-3.9.15-r0
readline-8.1.1-r0
s6-ipcserver-2.11.0.0-r0
scanelf-1.3.3-r0
shadow-4.8.1-r1
skalibs-2.11.0.0-r0
sqlite-libs-3.36.0-r0
ssl_client-1.34.1-r7
perl-git-2.38.3-r1
php81-8.1.14-r0
php81-bcmath-8.1.14-r0
php81-bz2-8.1.14-r0
php81-common-8.1.14-r0
php81-ctype-8.1.14-r0
php81-curl-8.1.14-r0
php81-dom-8.1.14-r0
php81-exif-8.1.14-r0
php81-fileinfo-8.1.14-r0
php81-fpm-8.1.14-r0
php81-ftp-8.1.14-r0
php81-gd-8.1.14-r0
php81-gmp-8.1.14-r0
php81-iconv-8.1.14-r0
php81-imap-8.1.14-r0
php81-intl-8.1.14-r0
php81-ldap-8.1.14-r0
php81-mbstring-8.1.14-r0
php81-mysqli-8.1.14-r0
php81-mysqlnd-8.1.14-r0
php81-opcache-8.1.14-r0
php81-openssl-8.1.14-r0
php81-pdo-8.1.14-r0
php81-pdo_mysql-8.1.14-r0
php81-pdo_odbc-8.1.14-r0
php81-pdo_pgsql-8.1.14-r0
php81-pdo_sqlite-8.1.14-r0
php81-pear-8.1.14-r0
php81-pecl-apcu-5.1.22-r0
php81-pecl-igbinary-3.2.12-r0
php81-pecl-mailparse-3.1.4-r0
php81-pecl-mcrypt-1.0.4-r0
php81-pecl-memcached-3.2.0-r0
php81-pecl-redis-5.3.7-r0
php81-pecl-xmlrpc-1.0.0_rc3-r0
php81-pgsql-8.1.14-r0
php81-phar-8.1.14-r0
php81-posix-8.1.14-r0
php81-session-8.1.14-r0
php81-simplexml-8.1.14-r0
php81-soap-8.1.14-r0
php81-sockets-8.1.14-r0
php81-sodium-8.1.14-r0
php81-sqlite3-8.1.14-r0
php81-tokenizer-8.1.14-r0
php81-xml-8.1.14-r0
php81-xmlreader-8.1.14-r0
php81-xmlwriter-8.1.14-r0
php81-xsl-8.1.14-r0
php81-zip-8.1.14-r0
pinentry-1.2.1-r0
popt-1.19-r0
procps-3.3.17-r2
python3-3.10.9-r1
readline-8.2.0-r0
scanelf-1.3.5-r1
shadow-4.13-r0
skalibs-2.12.0.1-r0
sqlite-libs-3.40.1-r0
ssl_client-1.35.0-r29
tiff-4.4.0-r1
tzdata-2022f-r1
unixodbc-2.3.9-r1
utmps-0.1.0.3-r0
whois-5.5.10-r0
xz-5.2.5-r1
xz-libs-5.2.5-r1
zlib-1.2.12-r3
zstd-libs-1.5.0-r0
unixodbc-2.3.11-r0
utmps-libs-0.1.2.0-r1
whois-5.5.14-r0
xz-5.2.9-r0
xz-libs-5.2.9-r0
zlib-1.2.13-r0
zstd-libs-1.5.2-r9

View File

@ -152,11 +152,11 @@ app_setup_block: |
Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
app_setup_nginx_reverse_proxy_snippet: false
app_setup_nginx_reverse_proxy_block: ""
# changelog
changelogs:
- { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
- { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." }
- { date: "08.12.22:", desc: "Revamp certbot init."}
- { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."}
- { date: "22.11.22:", desc: "Pin acme to the same version as certbot."}
- { date: "22.11.22:", desc: "Pin certbot to 1.32.0 until plugin compatibility improves."}

View File

@ -1,6 +1,15 @@
# Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials
# Replace with your values
# The url cPanel url
# include the scheme and the port number (usually 2083 for https)
dns_cpanel_url = https://cpanel.example.com:2083
dns_cpanel_username = username
dns_cpanel_password = 1234567890abcdef
cpanel_url = https://cpanel.exemple.com:2083
# The cPanel username
cpanel_username = user
# The cPanel password
cpanel_password = hunter2
# The cPanel API Token
cpanel_token = EUTQ793EY7MIRX4EMXXXXXXXXXXOX4JF
# You only need to configure API Token or Password. If you supply both, the API Token will be used

View File

@ -12,10 +12,10 @@
# The DirectAdmin Server url
# include the scheme and the port number (Normally 2222)
directadmin_url = https://my.directadminserver.com:2222
dns_directadmin_url = https://my.directadminserver.com:2222
# The DirectAdmin username
directadmin_username = username
dns_directadmin_username = username
# The DirectAdmin password
directadmin_password = aSuperStrongPassword
dns_directadmin_password = aSuperStrongPassword

View File

@ -6,10 +6,10 @@
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
if pgrep -f "s6-supervise nginx" >/dev/null; then
s6-svc -u /run/service/nginx
s6-svc -u /run/service/svc-nginx
fi
else
if pgrep -f "nginx:" >/dev/null; then
s6-svc -h /run/service/nginx
s6-svc -h /run/service/svc-nginx
fi
fi

View File

@ -6,6 +6,6 @@
if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
if pgrep -f "nginx:" >/dev/null; then
s6-svc -d /run/service/nginx
s6-svc -d /run/service/svc-nginx
fi
fi

View File

@ -1,11 +0,0 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# copy crontabs if needed
if [[ ! -f /config/crontabs/root ]]; then
cp /etc/crontabs/root /config/crontabs/
fi
# import user crontabs
rm /etc/crontabs/*
cp /config/crontabs/* /etc/crontabs/

View File

@ -31,20 +31,15 @@ fi
# copy dns default configs
cp -n /defaults/dns-conf/* /config/dns-conf/
chown -R abc:abc /config/dns-conf
# update plugin names in dns conf inis
sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini
sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini
sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini
sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini
sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini
sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini
lsiown -R abc:abc /config/dns-conf
# copy default renewal hooks
chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
chown -R abc:abc /config/etc/letsencrypt/renewal-hooks
lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
# replace nginx service location in renewal hooks
find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
# create original config file if it doesn't exist, move non-hidden legacy file to hidden
if [[ -f "/config/donoteditthisfile.conf" ]]; then
@ -59,6 +54,57 @@ fi
# shellcheck source=/dev/null
. /config/.donoteditthisfile.conf
# setting ORIGDOMAIN for use in revoke sections
if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
else
ORIGDOMAIN="${ORIGURL}"
fi
# update plugin names in dns conf inis
sed -i 's|^certbot[-_]dns[-_]aliyun:||g' /config/dns-conf/aliyun.ini
sed -i 's|^certbot[-_]dns[-_]cpanel:||g' /config/dns-conf/cpanel.ini
sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' /config/dns-conf/cpanel.ini
sed -i 's|^directadmin[-_]|dns_directadmin_|g' /config/dns-conf/directadmin.ini
sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' /config/dns-conf/domeneshop.ini
sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' /config/dns-conf/gandi.ini
sed -i 's|^certbot[-_]dns[-_]inwx:||g' /config/dns-conf/inwx.ini
sed -i 's|^certbot[-_]dns[-_]transip:||g' /config/dns-conf/transip.ini
# update plugin names in renewal conf
if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then
if [[ "${ORIGDNSPLUGIN}" =~ ^(aliyun)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(cpanel)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^authenticator = dns[-_]cpanel|authenticator = cpanel|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(directadmin)$ ]]; then
sed -i 's|^authenticator = directadmin|authenticator = dns-directadmin|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^directadmin[-_]|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then
sed -i 's|^authenticator = certbot[-_]plugin[-_]gandi:dns|authenticator = dns-gandi|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then
sed -i 's|^authenticator = certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
sed -i 's|^certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
fi
fi
# set default validation to http
if [[ -z "${VALIDATION}" ]]; then
VALIDATION="http"
@ -84,6 +130,59 @@ if [[ "${VALIDATION}" = "dns" ]] && [[ "${DNSPLUGIN}" = "duckdns" ]]; then
export EXTRA_DOMAINS=""
fi
# setting the symlink for key location
rm -rf /config/keys/letsencrypt
if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
else
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
fi
# checking for changes in cert variables, revoking certs if necessary
if [[ ! "${URL}" = "${ORIGURL}" ]] ||
[[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
[[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] ||
[[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] ||
[[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] ||
[[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
[[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity
fi
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
elif [[ "${ORIGSTAGING}" = "true" ]]; then
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# saving new variables
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# if zerossl is selected or staging is set to true, use the relevant server
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
@ -151,33 +250,40 @@ else
EMAILPARAM="--register-unsafely-without-email"
fi
# alter extension for error message
if [[ "${DNSPLUGIN}" = "google" ]]; then
DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.json"
else
DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.ini"
fi
# setting the validation method to use
if [[ "${VALIDATION}" = "dns" ]]; then
if [[ "${DNSPLUGIN}" = "route53" ]]; then
AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
elif [[ "${DNSPLUGIN}" =~ ^(azure|gandi)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini"
elif [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini --dns-duckdns-no-txt-restore ${PROPAGATIONPARAM}"
elif [[ "${DNSPLUGIN}" =~ ^(google)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
elif [[ "${DNSPLUGIN}" =~ ^(acmedns|aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
elif [[ "${DNSPLUGIN}" =~ ^(standalone)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then echo "standalone dns plugin does not support setting propagation time"; fi
PREFCHAL="-a dns-${DNSPLUGIN}"
elif [[ "${DNSPLUGIN}" =~ ^(directadmin)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
else
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
# plugins that don't support setting credentials file
if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
DNSCREDENTIALSPARAM=""
fi
# plugins that don't support setting propagation
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
PROPAGATIONPARAM=""
fi
# plugins that use old parameter naming convention
if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
fi
# don't restore txt records when using DuckDNS plugin
if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
fi
PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
elif [[ "${VALIDATION}" = "tls-sni" ]]; then
PREFCHAL="--standalone --preferred-challenges http"
@ -187,63 +293,6 @@ else
echo "http validation is selected"
fi
# setting the symlink for key location
rm -rf /config/keys/letsencrypt
if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
else
ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
fi
# checking for changes in cert variables, revoking certs if necessary
if [[ ! "${URL}" = "${ORIGURL}" ]] || [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] || [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] || [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] || [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] || [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
else
ORIGDOMAIN="${ORIGURL}"
fi
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity
fi
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
elif [[ "${ORIGSTAGING}" = "true" ]]; then
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
else
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# saving new variables
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
# alter extension for error message
if [[ "${DNSPLUGIN}" = "google" ]]; then
FILENAME="${DNSPLUGIN}.json"
else
FILENAME="${DNSPLUGIN}.ini"
fi
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER}
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# generating certs if necessary
if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
@ -262,7 +311,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
if [[ ! -d /config/keys/letsencrypt ]]; then
if [[ "${VALIDATION}" = "dns" ]]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
else
echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
fi

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-certbot-config/run

View File

@ -0,0 +1,17 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# if root crontabs do not exist in config
# copy root crontab from system
if [[ ! -f /config/crontabs/root ]] && crontab -l -u root; then
crontab -l -u root >/config/crontabs/root
fi
# if root crontabs still do not exist in config (were not copied from system)
# copy root crontab from included defaults
if [[ ! -f /config/crontabs/root ]]; then
cp /etc/crontabs/root /config/crontabs/
fi
# import user crontabs
crontab -u root /config/crontabs/root

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-folders-config/run

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-nginx-config/run

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-outdated-config/run

View File

@ -2,7 +2,7 @@
# shellcheck shell=bash
# permissions
chown -R abc:abc \
lsiown -R abc:abc \
/config
chmod -R 0644 /etc/logrotate.d
chmod -R +r /config/log

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-permissions-config/run

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-renew/run

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-require-url/run

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-samples-config/run

View File

@ -0,0 +1 @@
oneshot

View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-test-run/run

View File

@ -0,0 +1 @@
longrun