Merge branch 'master' into master

This commit is contained in:
aptalca 2020-12-10 09:38:27 -05:00 committed by GitHub
commit ffd9b806f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 333 additions and 62 deletions

90
.github/workflows/external_trigger.yml vendored Normal file
View File

@ -0,0 +1,90 @@
name: External Trigger Main
on:
workflow_dispatch:
jobs:
external-trigger-master:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.3
- name: External Trigger
if: github.ref == 'refs/heads/master'
run: |
if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then
echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
exit 0
fi
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
echo "**** Retrieving external version ****"
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
echo "**** Can't retrieve external version, exiting ****"
FAILURE_REASON="Can't retrieve external version for swag branch master"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
exit 1
fi
echo "**** External version: ${EXT_RELEASE} ****"
echo "**** Retrieving last pushed version ****"
image="linuxserver/swag"
tag="latest"
token=$(curl -sX GET \
"https://ghcr.io/token?scope=repository%3Alinuxserver%2Fswag%3Apull" \
| jq -r '.token')
multidigest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${tag}" \
| jq -r 'first(.manifests[].digest)')
digest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${multidigest}" \
| jq -r '.config.digest')
image_info=$(curl -sL \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/blobs/${digest}" \
| jq -r '.container_config')
IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
if [ -z "${IMAGE_VERSION}" ]; then
echo "**** Can't retrieve last pushed version, exiting ****"
FAILURE_REASON="Can't retrieve last pushed version for swag tag latest"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
exit 1
fi
echo "**** Last pushed version: ${IMAGE_VERSION} ****"
if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
exit 0
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
exit 0
else
echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "**** Jenkins job queue url: ${response%$'\r'} ****"
echo "**** Sleeping 10 seconds until job starts ****"
sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****"
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \
"${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit"
echo "**** Notifying Discord ****"
TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
fi

View File

@ -0,0 +1,43 @@
name: External Trigger Scheduler
on:
schedule:
- cron: '50 * * * *'
workflow_dispatch:
jobs:
external-trigger-scheduler:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.3
with:
fetch-depth: '0'
- name: External Trigger Scheduler
run: |
echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes
echo "**** Pulling the yq docker image ****"
docker pull ghcr.io/linuxserver/yq
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
do
br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****"
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
if [ "$br" == "$ls_branch" ]; then
echo "**** Branch ${br} appears to be live; checking workflow. ****"
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \
-H "Accept: application/vnd.github.v3+json" \
-d "{\"ref\":\"refs/heads/${br}\"}" \
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches
else
echo "**** Workflow doesn't exist; skipping trigger. ****"
fi
else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
fi
done

38
.github/workflows/package_trigger.yml vendored Normal file
View File

@ -0,0 +1,38 @@
name: Package Trigger Main
on:
workflow_dispatch:
jobs:
package-trigger-master:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.3
- name: Package Trigger
if: github.ref == 'refs/heads/master'
run: |
if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then
echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
exit 0
fi
if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
exit 0
fi
echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****"
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "**** Jenkins job queue url: ${response%$'\r'} ****"
echo "**** Sleeping 10 seconds until job starts ****"
sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****"
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \
"${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit"

View File

@ -0,0 +1,50 @@
name: Package Trigger Scheduler
on:
schedule:
- cron: '55 13 * * 5'
workflow_dispatch:
jobs:
package-trigger-scheduler:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.3
with:
fetch-depth: '0'
- name: Package Trigger Scheduler
run: |
echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes
echo "**** Pulling the yq docker image ****"
docker pull ghcr.io/linuxserver/yq
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
do
br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****"
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
if [ "${br}" == "${ls_branch}" ]; then
echo "**** Branch ${br} appears to be live; checking workflow. ****"
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
triggered_branches="${triggered_branches}${br} "
curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \
-H "Accept: application/vnd.github.v3+json" \
-d "{\"ref\":\"refs/heads/${br}\"}" \
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/package_trigger.yml/dispatches
sleep 30
else
echo "**** Workflow doesn't exist; skipping trigger. ****"
fi
else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
fi
done
echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
echo "**** Notifying Discord ****"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Package Check Build(s) Triggered for swag** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}

View File

@ -139,7 +139,7 @@ Container images are configured using parameters passed at runtime (such as thos
| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) |
| `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`,`gehirn`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
| `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org |
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications. |
@ -323,6 +323,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **09.11.20:** - Check for template/conf updates and notify in the log. Add support for gehirn and sakuracloud dns validation.
* **01.11.20:** - Add support for netcup dns validation
* **29.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy.
* **04.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering.

View File

@ -1,6 +1,6 @@
alpine-baselayout-3.2.0-r7
alpine-keys-2.2-r0
apache2-utils-2.4.46-r0
apache2-utils-2.4.46-r1
apk-tools-2.10.5-r1
apr-1.7.0-r0
apr-util-1.6.1-r6
@ -58,7 +58,7 @@ libmnl-1.0.4-r0
libmount-2.35.2-r0
libnftnl-libs-1.1.6-r0
libpng-1.6.37-r1
libpq-12.4-r0
libpq-12.5-r0
libproc-3.3.16-r0
libressl3.1-libcrypto-3.1.2-r0
libressl3.1-libssl-3.1.2-r0
@ -89,7 +89,7 @@ logrotate-3.16.0-r0
luajit-5.1.20190925-r0
memcached-1.6.6-r0
musl-1.1.24-r10
musl-utils-1.1.24-r9
musl-utils-1.1.24-r10
nano-4.9.3-r0
ncurses-libs-6.2_p20200523-r0
ncurses-terminfo-base-6.2_p20200523-r0
@ -123,55 +123,55 @@ pcre2-10.35-r0
perl-5.30.3-r0
perl-error-0.17029-r0
perl-git-2.26.2-r0
php7-7.3.24-r0
php7-bcmath-7.3.24-r0
php7-bz2-7.3.24-r0
php7-common-7.3.24-r0
php7-ctype-7.3.24-r0
php7-curl-7.3.24-r0
php7-dom-7.3.24-r0
php7-exif-7.3.24-r0
php7-fileinfo-7.3.24-r0
php7-fpm-7.3.24-r0
php7-ftp-7.3.24-r0
php7-gd-7.3.24-r0
php7-iconv-7.3.24-r0
php7-imap-7.3.24-r0
php7-intl-7.3.24-r0
php7-json-7.3.24-r0
php7-ldap-7.3.24-r0
php7-mbstring-7.3.24-r0
php7-mysqli-7.3.24-r0
php7-mysqlnd-7.3.24-r0
php7-opcache-7.3.24-r0
php7-openssl-7.3.24-r0
php7-pdo-7.3.24-r0
php7-pdo_mysql-7.3.24-r0
php7-pdo_odbc-7.3.24-r0
php7-pdo_pgsql-7.3.24-r0
php7-pdo_sqlite-7.3.24-r0
php7-pear-7.3.24-r0
php7-7.3.25-r0
php7-bcmath-7.3.25-r0
php7-bz2-7.3.25-r0
php7-common-7.3.25-r0
php7-ctype-7.3.25-r0
php7-curl-7.3.25-r0
php7-dom-7.3.25-r0
php7-exif-7.3.25-r0
php7-fileinfo-7.3.25-r0
php7-fpm-7.3.25-r0
php7-ftp-7.3.25-r0
php7-gd-7.3.25-r0
php7-iconv-7.3.25-r0
php7-imap-7.3.25-r0
php7-intl-7.3.25-r0
php7-json-7.3.25-r0
php7-ldap-7.3.25-r0
php7-mbstring-7.3.25-r0
php7-mysqli-7.3.25-r0
php7-mysqlnd-7.3.25-r0
php7-opcache-7.3.25-r0
php7-openssl-7.3.25-r0
php7-pdo-7.3.25-r0
php7-pdo_mysql-7.3.25-r0
php7-pdo_odbc-7.3.25-r0
php7-pdo_pgsql-7.3.25-r0
php7-pdo_sqlite-7.3.25-r0
php7-pear-7.3.25-r0
php7-pecl-apcu-5.1.19-r0
php7-pecl-igbinary-3.1.6-r0
php7-pecl-mcrypt-1.0.3-r0
php7-pecl-memcached-3.1.5-r0
php7-pecl-redis-5.2.2-r1
php7-pgsql-7.3.24-r0
php7-phar-7.3.24-r0
php7-posix-7.3.24-r0
php7-session-7.3.24-r0
php7-simplexml-7.3.24-r0
php7-soap-7.3.24-r0
php7-sockets-7.3.24-r0
php7-sodium-7.3.24-r0
php7-sqlite3-7.3.24-r0
php7-tokenizer-7.3.24-r0
php7-xml-7.3.24-r0
php7-xmlreader-7.3.24-r0
php7-xmlrpc-7.3.24-r0
php7-xmlwriter-7.3.24-r0
php7-xsl-7.3.24-r0
php7-zip-7.3.24-r0
php7-pgsql-7.3.25-r0
php7-phar-7.3.25-r0
php7-posix-7.3.25-r0
php7-session-7.3.25-r0
php7-simplexml-7.3.25-r0
php7-soap-7.3.25-r0
php7-sockets-7.3.25-r0
php7-sodium-7.3.25-r0
php7-sqlite3-7.3.25-r0
php7-tokenizer-7.3.25-r0
php7-xml-7.3.25-r0
php7-xmlreader-7.3.25-r0
php7-xmlrpc-7.3.25-r0
php7-xmlwriter-7.3.25-r0
php7-xsl-7.3.25-r0
php7-zip-7.3.25-r0
pinentry-1.1.0-r2
popt-1.16-r7
procps-3.3.16-r0
@ -212,7 +212,7 @@ scanelf-1.2.6-r0
shadow-4.8.1-r0
sqlite-libs-3.32.1-r0
ssl_client-1.31.1-r19
tzdata-2020c-r0
tzdata-2020c-r1
unixodbc-2.3.7-r2
whois-5.5.6-r0
xz-5.2.5-r0

View File

@ -50,7 +50,7 @@ cap_add_param_vars:
# optional container parameters
opt_param_usage_include_env: true
opt_param_env_vars:
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
- { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" }
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications." }
@ -150,7 +150,8 @@ app_setup_nginx_reverse_proxy_block: ""
# changelog
changelogs:
- { date: "25.11.20:", desc: "Add support for njalla dns validation" }
- { date: "10.12.20:", desc: "Add support for njalla dns validation" }
- { date: "09.12.20:", desc: "Check for template/conf updates and notify in the log. Add support for gehirn and sakuracloud dns validation." }
- { date: "01.11.20:", desc: "Add support for netcup dns validation" }
- { date: "29.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy." }
- { date: "04.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering." }

View File

@ -0,0 +1,4 @@
# Instructions: https://certbot-dns-gehirn.readthedocs.io/en/stable/
# Replace with your values
dns_gehirn_api_token = 00000000-0000-0000-0000-000000000000
dns_gehirn_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw

View File

@ -0,0 +1,4 @@
# Instructions: https://certbot-dns-sakuracloud.readthedocs.io/en/stable/
# Replace with your values
dns_sakuracloud_api_token = 00000000-0000-0000-0000-000000000000
dns_sakuracloud_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw

View File

@ -45,8 +45,6 @@ chown -R abc:abc /config/dns-conf
# copy reverse proxy configs
cp -R /defaults/proxy-confs /config/nginx/
# remove outdated files (remove this action after 2020/10/17)
rm -f /config/nginx/proxy-confs/seafile.subdomain.config.sample /config/nginx/proxy-confs/librespeed.subdomain.com.sample
# copy/update the fail2ban config defaults to/in /config
cp -R /defaults/fail2ban/filter.d /config/fail2ban/
@ -92,7 +90,7 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
fi
# check to make sure DNSPLUGIN is selected if dns validation is used
[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|google|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|transip)$ ]] && \
[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|inwx|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip)$ ]] && \
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \
sleep infinity
@ -176,32 +174,32 @@ fi
if [ "$VALIDATION" = "dns" ]; then
if [ "$DNSPLUGIN" = "route53" ]; then
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(cpanel)$ ]]; then
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(gandi)$ ]]; then
if [ -n "$PROPAGATION" ];then echo "Gandi dns plugin does not support setting propagation time"; fi
PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini --manual-public-ip-logging-ok"
PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini"
elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|inwx|transip)$ ]]; then
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(netcup|njalla)$ ]]; then
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
else
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
fi
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
elif [ "$VALIDATION" = "tls-sni" ]; then
PREFCHAL="--non-interactive --standalone --preferred-challenges http"
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
elif [ "$VALIDATION" = "duckdns" ]; then
PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook /app/duckdns-txt"
PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt"
chmod +x /app/duckdns-txt
echo "duckdns validation is selected"
if [ "$SUBDOMAINS" = "wildcard" ]; then

View File

@ -0,0 +1,42 @@
#!/usr/bin/with-contenv bash
nginx_confs=( \
authelia-location.conf \
authelia-server.conf \
geoip2.conf \
ldap.conf \
nginx.conf \
proxy.conf \
site-confs/default \
ssl.conf )
for i in ${nginx_confs[@]}; do
if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' /config/nginx/${i})" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' /defaults/$(basename ${i}))" ]; then
nginx_confs_changed="/config/nginx/${i}\n${nginx_confs_changed}"
fi
done
if [ -n "$nginx_confs_changed" ]; then
echo "**** The following nginx confs have different version dates than the defaults that are shipped. ****"
echo "**** This may be due to user customization or an update to the defaults. ****"
echo "**** To update them to the latest defaults shipped within the image, delete these files and restart the container. ****"
echo "**** If they are user customized, check the date version at the top and compare to the upstream changelog via the link. ****"
echo -e "${nginx_confs_changed}"
fi
proxy_confs=$(ls /config/nginx/proxy-confs/*.conf)
for i in $proxy_confs; do
if [ -f "${i}.sample" ]; then
if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' ${i})" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' ${i}.sample)" ]; then
proxy_confs_changed="${i}\n${proxy_confs_changed}"
fi
fi
done
if [ -n "$proxy_confs_changed" ]; then
echo "**** The following reverse proxy confs have different version dates than the samples that are shipped. ****"
echo "**** This may be due to user customization or an update to the samples. ****"
echo "**** You should compare them to the samples in the same folder to make sure you have the latest updates. ****"
echo -e "${proxy_confs_changed}"
fi