# syntax=docker/dockerfile:1 FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.18 # set version label ARG BUILD_DATE ARG VERSION ARG CERTBOT_VERSION LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" LABEL maintainer="nemchik" # environment settings ENV DHLEVEL=2048 ONLY_SUBDOMAINS=false AWS_CONFIG_FILE=/config/dns-conf/route53.ini ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ build-base \ cargo \ libffi-dev \ libxml2-dev \ libxslt-dev \ openssl-dev \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache \ fail2ban \ gnupg \ memcached \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ nginx-mod-http-fancyindex \ nginx-mod-http-geoip2 \ nginx-mod-http-headers-more \ nginx-mod-http-image-filter \ nginx-mod-http-perl \ nginx-mod-http-redis2 \ nginx-mod-http-set-misc \ nginx-mod-http-upload-progress \ nginx-mod-http-xslt-filter \ nginx-mod-mail \ nginx-mod-rtmp \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ php82-bcmath \ php82-bz2 \ php82-dom \ php82-exif \ php82-ftp \ php82-gd \ php82-gmp \ php82-imap \ php82-intl \ php82-ldap \ php82-mysqli \ php82-mysqlnd \ php82-opcache \ php82-pdo_mysql \ php82-pdo_odbc \ php82-pdo_pgsql \ php82-pdo_sqlite \ php82-pear \ php82-pecl-apcu \ php82-pecl-memcached \ php82-pecl-redis \ php82-pgsql \ php82-posix \ php82-soap \ php82-sockets \ php82-sodium \ php82-sqlite3 \ php82-tokenizer \ php82-xmlreader \ php82-xsl \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ php82-pecl-mcrypt && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ python3 -m venv /lsiopy && \ pip install -U --no-cache-dir \ pip \ wheel && \ pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.18/ \ certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ certbot-dns-bunny \ certbot-dns-cloudflare \ certbot-dns-cpanel \ certbot-dns-desec \ certbot-dns-digitalocean \ certbot-dns-directadmin \ certbot-dns-dnsimple \ certbot-dns-dnsmadeeasy \ certbot-dns-dnspod \ certbot-dns-do \ certbot-dns-domeneshop \ certbot-dns-duckdns \ certbot-dns-dynu \ certbot-dns-gehirn \ certbot-dns-godaddy \ certbot-dns-google \ certbot-dns-google-domains \ certbot-dns-he \ certbot-dns-hetzner \ certbot-dns-infomaniak \ certbot-dns-inwx \ certbot-dns-ionos \ certbot-dns-linode \ certbot-dns-loopia \ certbot-dns-luadns \ certbot-dns-netcup \ certbot-dns-njalla \ certbot-dns-nsone \ certbot-dns-ovh \ certbot-dns-porkbun \ certbot-dns-rfc2136 \ certbot-dns-route53 \ certbot-dns-sakuracloud \ certbot-dns-standalone \ certbot-dns-transip \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ 's|#ssl_stapling on;|ssl_stapling on;|' \ /defaults/nginx/ssl.conf.sample && \ sed -i \ 's|#ssl_stapling_verify on;|ssl_stapling_verify on;|' \ /defaults/nginx/ssl.conf.sample && \ sed -i \ 's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \ /defaults/nginx/ssl.conf.sample && \ echo "**** correct ip6tables legacy issue ****" && \ rm \ /sbin/ip6tables && \ ln -s \ /sbin/ip6tables-nft /sbin/ip6tables && \ echo "**** remove unnecessary fail2ban filters ****" && \ rm \ /etc/fail2ban/jail.d/alpine-ssh.conf && \ echo "**** copy fail2ban default action and filter to /defaults ****" && \ mkdir -p /defaults/fail2ban && \ mv /etc/fail2ban/action.d /defaults/fail2ban/ && \ mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \ echo "**** define allowipv6 to silence warning ****" && \ sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \ echo "**** copy proxy confs to /defaults ****" && \ mkdir -p \ /defaults/nginx/proxy-confs && \ curl -o \ /tmp/proxy-confs.tar.gz -L \ "https://github.com/linuxserver/reverse-proxy-confs/tarball/master" && \ tar xf \ /tmp/proxy-confs.tar.gz -C \ /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ rm -rf \ /tmp/* \ $HOME/.cache \ $HOME/.cargo # copy local files COPY root/ / # ports and volumes EXPOSE 80 443 VOLUME /config