Merge pull request #112 from linuxserver/fix-permissions

Reorder init to fix permissions

.github/workflows/external_trigger.yml

@@ -48,8 +48,12 @@ jobs:
               | jq -r '.config.digest')
           image_info=$(curl -sL \
             --header "Authorization: Bearer ${token}" \
-            "https://ghcr.io/v2/${image}/blobs/${digest}" \
-            | jq -r '.container_config')
+            "https://ghcr.io/v2/${image}/blobs/${digest}")
+          if [[ $(echo $image_info | jq -r '.container_config') == "null" ]]; then
+            image_info=$(echo $image_info | jq -r '.config')
+          else
+            image_info=$(echo $image_info | jq -r '.container_config')
+          fi
           IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
           IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
           if [ -z "${IMAGE_VERSION}" ]; then

Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.14
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
 
 # set version label
 ARG BUILD_DATE
@@ -11,29 +11,35 @@ LABEL maintainer="aptalca"
 ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 
 RUN \
- echo "**** install runtime packages ****" && \
- apk add --no-cache --upgrade \
-	curl \
-	php7-ctype \
-	php7-curl \
-	php7-pdo_pgsql \
-	php7-pdo_sqlite \
-	php7-pdo_mysql \
-	php7-tokenizer \
-	php7-zip && \
- echo "**** install heimdall ****" && \
- mkdir -p \
-	/heimdall && \
- if [ -z ${HEIMDALL_RELEASE+x} ]; then \
-	HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
-	| awk '/tag_name/{print $4;exit}' FS='[""]'); \
- fi && \
- curl -o \
- /heimdall/heimdall.tar.gz -L \
-	"https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
- echo "**** cleanup ****" && \
- rm -rf \
-	/tmp/*
+  echo "**** install runtime packages ****" && \
+  apk add --no-cache --upgrade \
+    curl \
+    php8-ctype \
+    php8-curl \
+    php8-intl \
+    php8-pdo_pgsql \
+    php8-pdo_sqlite \
+    php8-pdo_mysql \
+    php8-tokenizer \
+    php8-zip \
+    tar && \
+  echo "**** install heimdall ****" && \
+  mkdir -p \
+    /heimdall && \
+  if [ -z ${HEIMDALL_RELEASE+x} ]; then \
+    HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]'); \
+  fi && \
+  curl -o \
+    /heimdall/heimdall.tar.gz -L \
+    "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
+  echo "**** cleanup ****" && \
+  rm -rf \
+    /tmp/*
 
 # add local files
 COPY root/ /
+
+# ports and volumes
+EXPOSE 80 443
+VOLUME /config

Dockerfile.aarch64

@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.14
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
 
 # set version label
 ARG BUILD_DATE
@@ -11,29 +11,35 @@ LABEL maintainer="aptalca"
 ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 
 RUN \
- echo "**** install runtime packages ****" && \
- apk add --no-cache --upgrade \
-	curl \
-	php7-ctype \
-	php7-curl \
-	php7-pdo_pgsql \
-	php7-pdo_sqlite \
-	php7-pdo_mysql \
-	php7-tokenizer \
-	php7-zip && \
- echo "**** install heimdall ****" && \
- mkdir -p \
-	/heimdall && \
- if [ -z ${HEIMDALL_RELEASE+x} ]; then \
-	HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
-	| awk '/tag_name/{print $4;exit}' FS='[""]'); \
- fi && \
- curl -o \
- /heimdall/heimdall.tar.gz -L \
-	"https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
- echo "**** cleanup ****" && \
- rm -rf \
-	/tmp/*
+  echo "**** install runtime packages ****" && \
+  apk add --no-cache --upgrade \
+    curl \
+    php8-ctype \
+    php8-curl \
+    php8-intl \
+    php8-pdo_pgsql \
+    php8-pdo_sqlite \
+    php8-pdo_mysql \
+    php8-tokenizer \
+    php8-zip \
+    tar && \
+  echo "**** install heimdall ****" && \
+  mkdir -p \
+    /heimdall && \
+  if [ -z ${HEIMDALL_RELEASE+x} ]; then \
+    HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]'); \
+  fi && \
+  curl -o \
+    /heimdall/heimdall.tar.gz -L \
+    "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
+  echo "**** cleanup ****" && \
+  rm -rf \
+    /tmp/*
 
 # add local files
 COPY root/ /
+
+# ports and volumes
+EXPOSE 80 443
+VOLUME /config

Dockerfile.armhf

@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.14
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
 
 # set version label
 ARG BUILD_DATE
@@ -11,29 +11,35 @@ LABEL maintainer="aptalca"
 ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 
 RUN \
- echo "**** install runtime packages ****" && \
- apk add --no-cache --upgrade \
-	curl \
-	php7-ctype \
-	php7-curl \
-	php7-pdo_pgsql \
-	php7-pdo_sqlite \
-	php7-pdo_mysql \
-	php7-tokenizer \
-	php7-zip && \
- echo "**** install heimdall ****" && \
- mkdir -p \
-	/heimdall && \
- if [ -z ${HEIMDALL_RELEASE+x} ]; then \
-	HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
-	| awk '/tag_name/{print $4;exit}' FS='[""]'); \
- fi && \
- curl -o \
- /heimdall/heimdall.tar.gz -L \
-	"https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
- echo "**** cleanup ****" && \
- rm -rf \
-	/tmp/*
+  echo "**** install runtime packages ****" && \
+  apk add --no-cache --upgrade \
+    curl \
+    php8-ctype \
+    php8-curl \
+    php8-intl \
+    php8-pdo_pgsql \
+    php8-pdo_sqlite \
+    php8-pdo_mysql \
+    php8-tokenizer \
+    php8-zip \
+    tar && \
+  echo "**** install heimdall ****" && \
+  mkdir -p \
+    /heimdall && \
+  if [ -z ${HEIMDALL_RELEASE+x} ]; then \
+    HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]'); \
+  fi && \
+  curl -o \
+    /heimdall/heimdall.tar.gz -L \
+    "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
+  echo "**** cleanup ****" && \
+  rm -rf \
+    /tmp/*
 
 # add local files
 COPY root/ /
+
+# ports and volumes
+EXPOSE 80 443
+VOLUME /config

Jenkinsfile

@@ -17,7 +17,7 @@ pipeline {
     GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
     GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
     SCARF_TOKEN=credentials('scarf_api_key')
-    EXT_GIT_BRANCH = 'master'
+    EXT_GIT_BRANCH = '2.x'
     EXT_USER = 'linuxserver'
     EXT_REPO = 'Heimdall'
     CONTAINER_NAME = 'heimdall'
@@ -353,9 +353,11 @@ pipeline {
               if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
                 cd ${TEMPDIR}/unraid/templates/
                 if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
-                  echo "Image is on the ignore list, removing Unraid template"
-                  git rm unraid/${CONTAINER_NAME}.xml || :
-                  git commit -m 'Bot Removing Deprecated Unraid Template' || :
+                  echo "Image is on the ignore list, marking Unraid template as deprecated"
+                  cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
+                  git add -u unraid/${CONTAINER_NAME}.xml
+                  git mv unraid/${CONTAINER_NAME}.xml unraid/deprecated/${CONTAINER_NAME}.xml || :
+                  git commit -m 'Bot Moving Deprecated Unraid Template' || :
                 else
                   cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
                   git add unraid/${CONTAINER_NAME}.xml
@@ -718,7 +720,7 @@ pipeline {
                 -e DO_REGION="ams3" \
                 -e DO_BUCKET="lsio-ci" \
                 -t ghcr.io/linuxserver/ci:latest \
-                python /ci/ci.py'''
+                python3 test_build.py'''
         }
       }
     }

README.md

@@ -48,26 +48,26 @@ Why not use it as your browser start page? It even has the ability to include a
 
 ## Supported Architectures
 
-Our images support multiple architectures such as `x86-64`, `arm64` and `armhf`. We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
+We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
 
-Simply pulling `lscr.io/linuxserver/heimdall` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
+Simply pulling `lscr.io/linuxserver/heimdall:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
 
 The architectures supported by this image are:
 
-| Architecture | Tag |
-| :----: | --- |
-| x86-64 | amd64-latest |
-| arm64 | arm64v8-latest |
-| armhf | arm32v7-latest |
+| Architecture | Available | Tag |
+| :----: | :----: | ---- |
+| x86-64 | ✅ | amd64-\<version tag\> |
+| arm64 | ✅ | arm64v8-\<version tag\> |
+| armhf| ✅ | arm32v7-\<version tag\> |
 
 ## Version Tags
 
-This image provides various versions that are available via tags. `latest` tag usually provides the latest stable version. Others are considered under development and caution must be exercised when using them.
+This image provides various versions that are available via tags. Please read the descriptions carefully and exercise caution when using unstable or development tags.
 
-| Tag | Description |
-| :----: | --- |
-| latest | Stable Heimdall releases. |
-| development | Latest commit from the github master branch. |
+| Tag | Available | Description |
+| :----: | :----: |--- |
+| latest | ✅ | Stable Heimdall releases. |
+| development | ✅ | Latest commit from the github 2.x branch. |
 
 ## Application Setup
 
@@ -76,7 +76,7 @@ Access the web gui at http://SERVERIP:PORT
 
 ### Adding password protection
 
-This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. New installs will automatically pick it up and implement password protected access. Existing users updating their image can delete their site config at `/config/nginx/site-confs/default` and restart the container after updating the image. A new site config with htpasswd support will be created in its place.
+This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. Uncomment the `basic auth` lines in `/config/nginx/site-confs/default.conf` and restart the container.
 
 ## Usage
 
@@ -89,14 +89,14 @@ Here are some example snippets to help you get started creating a container.
 version: "2.1"
 services:
   heimdall:
-    image: lscr.io/linuxserver/heimdall
+    image: lscr.io/linuxserver/heimdall:latest
     container_name: heimdall
     environment:
       - PUID=1000
       - PGID=1000
       - TZ=Europe/London
     volumes:
-      - </path/to/appdata/config>:/config
+      - /path/to/appdata/config:/config
     ports:
       - 80:80
       - 443:443
@@ -113,9 +113,9 @@ docker run -d \
   -e TZ=Europe/London \
   -p 80:80 \
   -p 443:443 \
-  -v </path/to/appdata/config>:/config \
+  -v /path/to/appdata/config:/config \
   --restart unless-stopped \
-  lscr.io/linuxserver/heimdall
+  lscr.io/linuxserver/heimdall:latest
 ```
 
 ## Parameters
@@ -174,7 +174,7 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
 * container version number
   * `docker inspect -f '{{ index .Config.Labels "build_version" }}' heimdall`
 * image version number
-  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/heimdall`
+  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/heimdall:latest`
 
 ## Updating Info
 
@@ -192,7 +192,7 @@ Below are the instructions for updating containers:
 
 ### Via Docker Run
 
-* Update the image: `docker pull lscr.io/linuxserver/heimdall`
+* Update the image: `docker pull lscr.io/linuxserver/heimdall:latest`
 * Stop the running container: `docker stop heimdall`
 * Delete the container: `docker rm heimdall`
 * Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved)
@@ -240,8 +240,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **14.11.22:** - Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base)).
+* **04.11.22:** - Build commits to upstream branch 2.x for the `development` tag.
 * **13.03.21:** - Make searchproviders.yaml user configurable.
-* **11.03.21:** - Rebase to alpine 3.14.
 * **10.02.21:** - Revert to alpine 3.12 as php 7.4 broke laravel.
 * **10.02.21:** - Rebasing to alpine 3.13.
 * **17.08.20:** - Add php7-curl.
@@ -264,5 +265,5 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 * **07.10.18:** - Symlink `.env` rather than copy. It now resides under `/config/www`
 * **30.09.18:** - Multi-arch image. Move `.env` to `/config`.
 * **05.09.18:** - Rebase to alpine linux 3.8.
-* **06.03.18:** - Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default and restart the container, a new default site config with htpasswd support will be created in its place
+* **06.03.18:** - Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default.conf and restart the container, a new default site config with htpasswd support will be created in its place
 * **12.02.18:** - Initial Release.

jenkins-vars.yml

@@ -7,7 +7,7 @@ release_type: stable
 release_tag: latest
 ls_branch: master
 repo_vars:
-  - EXT_GIT_BRANCH = 'master'
+  - EXT_GIT_BRANCH = '2.x'
   - EXT_USER = 'linuxserver'
   - EXT_REPO = 'Heimdall'
   - CONTAINER_NAME = 'heimdall'

package_versions.txt

@@ -1,83 +1,83 @@
-alpine-baselayout-3.2.0-r16
-alpine-keys-2.4-r0
-apache2-utils-2.4.53-r0
-apk-tools-2.12.7-r0
-apr-1.7.0-r0
-apr-util-1.6.1-r7
+alpine-baselayout-3.2.0-r18
+alpine-keys-2.4-r1
+apache2-utils-2.4.54-r0
+apk-tools-2.12.7-r3
+apr-1.7.0-r1
+apr-util-1.6.1-r11
 argon2-libs-20190702-r1
 bash-5.1.16-r0
 brotli-libs-1.0.9-r5
-busybox-1.33.1-r6
-ca-certificates-20211220-r0
-ca-certificates-bundle-20211220-r0
-coreutils-8.32-r2
-curl-7.79.1-r0
-expat-2.4.7-r0
-gdbm-1.19-r0
-git-2.32.0-r0
+busybox-1.34.1-r7
+ca-certificates-20220614-r0
+ca-certificates-bundle-20220614-r0
+coreutils-9.0-r2
+curl-7.80.0-r4
+expat-2.5.0-r0
+git-2.34.5-r0
+icu-libs-69.1-r1
 libacl-2.2.53-r0
-libattr-2.5.1-r0
+libattr-2.5.1-r1
+libbz2-1.0.8-r1
 libc-utils-0.7.2-r3
-libcrypto1.1-1.1.1n-r0
-libcurl-7.79.1-r0
-libedit-20210216.3.1-r0
+libcrypto1.1-1.1.1s-r1
+libcurl-7.80.0-r4
+libedit-20210910.3.1-r0
+libgcc-10.3.1_git20211027-r0
 libintl-0.21-r0
-libldap-2.4.58-r0
-libmagic-5.40-r1
-libpq-13.6-r0
+libpq-14.5-r0
 libproc-3.3.17-r0
-libressl3.3-libcrypto-3.3.6-r0
-libressl3.3-libssl-3.3.6-r0
-libretls-3.3.3p1-r3
-libsasl-2.1.28-r0
-libssl1.1-1.1.1n-r0
+libretls-3.3.4-r3
+libssl1.1-1.1.1s-r1
+libstdc++-10.3.1_git20211027-r0
 libuuid-2.37.4-r0
-libxml2-2.9.13-r0
-libzip-1.7.3-r2
-linux-pam-1.5.1-r1
-logrotate-3.18.1-r1
-musl-1.2.2-r3
-musl-utils-1.2.2-r3
-nano-5.7-r2
-ncurses-libs-6.2_p20210612-r0
-ncurses-terminfo-base-6.2_p20210612-r0
-nghttp2-libs-1.43.0-r0
-nginx-1.20.2-r0
+libxml2-2.9.14-r2
+libzip-1.8.0-r1
+linux-pam-1.5.2-r0
+logrotate-3.18.1-r4
+musl-1.2.2-r7
+musl-utils-1.2.2-r7
+nano-5.9-r0
+ncurses-libs-6.3_p20211120-r1
+ncurses-terminfo-base-6.3_p20211120-r1
+nghttp2-libs-1.46.0-r0
+nginx-1.20.2-r1
 oniguruma-6.9.7.1-r0
-openssl-1.1.1n-r0
-pcre-8.44-r0
-pcre2-10.36-r0
-php7-7.4.26-r0
-php7-common-7.4.26-r0
-php7-ctype-7.4.26-r0
-php7-curl-7.4.26-r0
-php7-fileinfo-7.4.26-r0
-php7-fpm-7.4.26-r0
-php7-json-7.4.26-r0
-php7-mbstring-7.4.26-r0
-php7-mysqlnd-7.4.26-r0
-php7-openssl-7.4.26-r0
-php7-pdo-7.4.26-r0
-php7-pdo_mysql-7.4.26-r0
-php7-pdo_pgsql-7.4.26-r0
-php7-pdo_sqlite-7.4.26-r0
-php7-session-7.4.26-r0
-php7-simplexml-7.4.26-r0
-php7-tokenizer-7.4.26-r0
-php7-xml-7.4.26-r0
-php7-xmlwriter-7.4.26-r0
-php7-zip-7.4.26-r0
+openssl-1.1.1s-r1
+pcre-8.45-r1
+pcre2-10.40-r0
+php8-8.0.25-r0
+php8-common-8.0.25-r0
+php8-ctype-8.0.25-r0
+php8-curl-8.0.25-r0
+php8-fileinfo-8.0.25-r0
+php8-fpm-8.0.25-r0
+php8-intl-8.0.25-r0
+php8-mbstring-8.0.25-r0
+php8-mysqlnd-8.0.25-r0
+php8-openssl-8.0.25-r0
+php8-pdo-8.0.25-r0
+php8-pdo_mysql-8.0.25-r0
+php8-pdo_pgsql-8.0.25-r0
+php8-pdo_sqlite-8.0.25-r0
+php8-session-8.0.25-r0
+php8-simplexml-8.0.25-r0
+php8-tokenizer-8.0.25-r0
+php8-xml-8.0.25-r0
+php8-xmlwriter-8.0.25-r0
+php8-zip-8.0.25-r0
 popt-1.18-r0
 procps-3.3.17-r0
-readline-8.1.0-r0
-s6-ipcserver-2.10.0.3-r0
-scanelf-1.3.2-r0
-shadow-4.8.1-r0
-skalibs-2.10.0.3-r0
-sqlite-libs-3.35.5-r0
-ssl_client-1.33.1-r6
-tzdata-2022a-r0
-utmps-0.1.0.2-r0
-xz-5.2.5-r0
-xz-libs-5.2.5-r0
-zlib-1.2.12-r0
+readline-8.1.1-r0
+s6-ipcserver-2.11.0.0-r0
+scanelf-1.3.3-r0
+shadow-4.8.1-r1
+skalibs-2.11.0.0-r0
+sqlite-libs-3.36.0-r0
+ssl_client-1.34.1-r7
+tar-1.34-r0
+tzdata-2022f-r1
+utmps-0.1.0.3-r0
+xz-5.2.5-r1
+xz-libs-5.2.5-r1
+zlib-1.2.12-r3
+zstd-libs-1.5.0-r0

readme-vars.yml

@@ -21,14 +21,14 @@ available_architectures:
 development_versions: true
 development_versions_items:
   - { tag: "latest", desc: "Stable Heimdall releases." }
-  - { tag: "development", desc: "Latest commit from the github master branch." }
+  - { tag: "development", desc: "Latest commit from the github 2.x branch." }
 
 # container parameters
 common_param_env_vars_enabled: true
 param_container_name: "{{ project_name }}"
 param_usage_include_vols: true
 param_volumes:
-  - { vol_path: "/config", vol_host_path: "</path/to/appdata/config>", desc: "Contains all relevant configuration files." }
+  - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." }
 param_usage_include_ports: true
 param_ports:
   - { external_port: "80", internal_port: "80", port_desc: "http gui" }
@@ -45,12 +45,13 @@ app_setup_block: |
 
   ### Adding password protection
   
-  This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. New installs will automatically pick it up and implement password protected access. Existing users updating their image can delete their site config at `/config/nginx/site-confs/default` and restart the container after updating the image. A new site config with htpasswd support will be created in its place.
+  This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. Uncomment the `basic auth` lines in `/config/nginx/site-confs/default.conf` and restart the container.
 
 # changelog
 changelogs:
+  - { date: "14.11.22:", desc: "Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base))." }
+  - { date: "04.11.22:", desc: "Build commits to upstream branch 2.x for the `development` tag." }
   - { date: "13.03.21:", desc: "Make searchproviders.yaml user configurable." }
-  - { date: "11.03.21:", desc: "Rebase to alpine 3.14." }
   - { date: "10.02.21:", desc: "Revert to alpine 3.12 as php 7.4 broke laravel." }
   - { date: "10.02.21:", desc: "Rebasing to alpine 3.13." }
   - { date: "17.08.20:", desc: "Add php7-curl." }
@@ -73,5 +74,5 @@ changelogs:
   - { date: "07.10.18:", desc: "Symlink `.env` rather than copy. It now resides under `/config/www`" }
   - { date: "30.09.18:", desc: "Multi-arch image. Move `.env` to `/config`." }
   - { date: "05.09.18:", desc: "Rebase to alpine linux 3.8." }
-  - { date: "06.03.18:", desc: "Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default and restart the container, a new default site config with htpasswd support will be created in its place" }
+  - { date: "06.03.18:", desc: "Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default.conf and restart the container, a new default site config with htpasswd support will be created in its place" }
   - { date: "12.02.18:", desc: "Initial Release." }

root/defaults/default

@@ -1,43 +0,0 @@
-## Version 2018/03/06 - Changelog: https://github.com/linuxserver/docker-heimdall/commits/master/root/defaults/default
-
-server {
-	listen 80 default_server;
-
-	listen 443 ssl;
-
-	root /var/www/localhost/heimdall/public;
-	index index.php index.html index.htm;
-
-	server_name _;
-
-	ssl_certificate /config/keys/cert.crt;
-	ssl_certificate_key /config/keys/cert.key;
-
-	client_max_body_size 0;
-	
-        error_page 599 = @noauth;
-
-        location / {
-                if (!-f /config/nginx/.htpasswd) {
-                        return 599;
-                }
-                auth_basic "Restricted";
-                auth_basic_user_file /config/nginx/.htpasswd;
-                try_files $uri $uri/ /index.php?$args;
-        }
-
-        location @noauth {
-                try_files $uri $uri/ /index.php?$args;
-        }
-
-	location ~ \.php$ {
-		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		# With php5-cgi alone:
-		fastcgi_pass 127.0.0.1:9000;
-		# With php5-fpm:
-		#fastcgi_pass unix:/var/run/php5-fpm.sock;
-		fastcgi_index index.php;
-		include /etc/nginx/fastcgi_params;
-
-	}
-}

root/defaults/nginx.conf

@@ -1,98 +0,0 @@
-user abc;
-worker_processes 4;
-pid /run/nginx.pid;
-include /etc/nginx/modules/*.conf;
-
-events {
-	worker_connections 768;
-	# multi_accept on;
-}
-
-http {
-
-	##
-	# Basic Settings
-	##
-
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-	keepalive_timeout 65;
-	types_hash_max_size 2048;
-	# server_tokens off;
-
-	# server_names_hash_bucket_size 64;
-	# server_name_in_redirect off;
-
-	client_max_body_size 0;
-
-	include /etc/nginx/mime.types;
-	default_type application/octet-stream;
-
-	##
-	# Logging Settings
-	##
-
-	access_log /config/log/nginx/access.log;
-	error_log /config/log/nginx/error.log;
-
-	##
-	# Gzip Settings
-	##
-
-	gzip on;
-	gzip_disable "msie6";
-
-	# gzip_vary on;
-	# gzip_proxied any;
-	# gzip_comp_level 6;
-	# gzip_buffers 16 8k;
-	# gzip_http_version 1.1;
-	# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
-
-	##
-	# nginx-naxsi config
-	##
-	# Uncomment it if you installed nginx-naxsi
-	##
-
-	#include /etc/nginx/naxsi_core.rules;
-
-	##
-	# nginx-passenger config
-	##
-	# Uncomment it if you installed nginx-passenger
-	##
-
-	#passenger_root /usr;
-	#passenger_ruby /usr/bin/ruby;
-
-	##
-	# Virtual Host Configs
-	##
-	include /etc/nginx/conf.d/*.conf;
-	include /config/nginx/site-confs/*;
-}
-
-
-#mail {
-#	# See sample authentication script at:
-#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-#
-#	# auth_http localhost/auth.php;
-#	# pop3_capabilities "TOP" "USER";
-#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
-#
-#	server {
-#		listen     localhost:110;
-#		protocol   pop3;
-#		proxy      on;
-#	}
-#
-#	server {
-#		listen     localhost:143;
-#		protocol   imap;
-#		proxy      on;
-#	}
-#}
-daemon off;

root/defaults/nginx/site-confs/default.conf.sample

@@ -0,0 +1,34 @@
+## Version 2022/11/14 - Changelog: https://github.com/linuxserver/docker-heimdall/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+
+    server_name _;
+
+    root /app/www/public;
+    index index.html index.htm index.php;
+
+    location / {
+        # enable for basic auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        try_files $uri $uri/ /index.html /index.php$is_args$args;
+    }
+
+    location ~ ^(.+\.php)(.*)$ {
+        fastcgi_split_path_info ^(.+\.php)(.*)$;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    # deny access to .htaccess/.htpasswd files
+    location ~ /\.ht {
+        deny all;
+    }
+}

root/etc/cont-init.d/50-config

@@ -1,58 +1,62 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 # make our folders
 mkdir -p \
-	/config/www/{backgrounds,icons,avatars,SupportedApps} \
-	/var/www/localhost/heimdall \
-	/config/log/heimdall
+    /config/www/{avatars,backgrounds,icons,logs,SupportedApps} \
+    /app/www \
+    /config/log/heimdall
 
 # install heimdall if necessary
-[[ -f /heimdall/heimdall.tar.gz ]] && \
- echo "New container detected, installing Heimdall" && \
- tar xf \
- 	/heimdall/heimdall.tar.gz -C \
-	/var/www/localhost/heimdall --strip-components=1 && \
- echo -e '\n# Heimdall user authorization\nfastcgi_param  PHP_AUTH_USER $remote_user;\nfastcgi_param  PHP_AUTH_PW $http_authorization;' >> \
-	/etc/nginx/fastcgi_params && \
- rm -rf /heimdall && \
- cp /var/www/localhost/heimdall/storage/app/searchproviders.yaml /var/www/localhost/heimdall/storage/app/searchproviders.yaml.orig && \
- chown -R abc:abc /var/www/localhost/heimdall
+if [[ -f /heimdall/heimdall.tar.gz ]]; then
+    echo "New container detected, installing Heimdall"
+    tar xf \
+        /heimdall/heimdall.tar.gz -C \
+        /app/www --strip-components=1
+    echo -e '\n# Heimdall user authorization\nfastcgi_param  PHP_AUTH_USER $remote_user;\nfastcgi_param  PHP_AUTH_PW $http_authorization;' >> \
+        /etc/nginx/fastcgi_params
+    cp /app/www/storage/app/searchproviders.yaml /app/www/storage/app/searchproviders.yaml.orig
+fi
 
 # create symlinks
-
-symlinks=( \
-/var/www/localhost/heimdall/storage/app/public/avatars \
-/var/www/localhost/heimdall/storage/app/public/backgrounds \
-/var/www/localhost/heimdall/storage/app/public/icons \
-/var/www/localhost/heimdall/app/SupportedApps \
-/var/www/localhost/heimdall/database/app.sqlite \
-/var/www/localhost/heimdall/.env )
-
-for i in "${symlinks[@]}"
-do
-[[ -e "$i" && ! -L "$i" ]] && rm -rf "$i"
-[[ ! -L "$i" ]] && ln -s /config/www/"$(basename "$i")" "$i"
+symlinks=(
+    /app/www/storage/app/public/avatars
+    /app/www/storage/app/public/backgrounds
+    /app/www/storage/app/public/icons
+    /app/www/storage/logs
+    /app/www/app/SupportedApps
+    /app/www/database/app.sqlite
+    /app/www/.env
+)
+for i in "${symlinks[@]}"; do
+    if [[ -e "${i}" && ! -L "${i}" ]]; then
+        rm -rf "${i}"
+    fi
+    if [[ ! -L "${i}" ]]; then
+        ln -s /config/www/"$(basename "${i}")" "${i}"
+    fi
 done
 
-[[ -e "/var/www/localhost/heimdall/storage/logs/laravel.log" && ! -L "/var/www/localhost/heimdall/storage/logs/laravel.log" ]] \
-	&& rm -rf "/var/www/localhost/heimdall/storage/logs/laravel.log"
-[[ ! -L "/var/www/localhost/heimdall/storage/logs/laravel.log" ]] && \
-	ln -s "/config/log/heimdall/laravel.log" "/var/www/localhost/heimdall/storage/logs/laravel.log"
+# copy searchproviders if not exists and symlink
+if [[ ! -f /config/www/searchproviders.yaml ]]; then
+    cp /app/www/storage/app/searchproviders.yaml.orig /config/www/searchproviders.yaml
+fi
+rm -rf /app/www/storage/app/searchproviders.yaml
+ln -s /config/www/searchproviders.yaml /app/www/storage/app/searchproviders.yaml
+
+# tidy up install files & set permissions
+if [[ -f /heimdall/heimdall.tar.gz ]]; then
+    rm -rf /heimdall
+    chown -R abc:abc /app/www
+    chown -R abc:abc /config
+fi
 
 # copy .env if not exists
-[[ ! -f /config/www/.env ]] && \
-  cp /var/www/localhost/heimdall/.env.example /config/www/.env && \
-  echo "Creating app key. This may take a while on slower systems" && \
-  php /var/www/localhost/heimdall/artisan key:generate
-# copy searchproviders if not exists and symlink
-[[ ! -f /config/www/searchproviders.yaml ]] && \
-  cp /var/www/localhost/heimdall/storage/app/searchproviders.yaml.orig /config/www/searchproviders.yaml
-rm -rf /var/www/localhost/heimdall/storage/app/searchproviders.yaml
-ln -s /config/www/searchproviders.yaml /var/www/localhost/heimdall/storage/app/searchproviders.yaml
+if [[ ! -f /config/www/.env ]]; then
+    install -g abc -o abc /app/www/.env.example /config/www/.env
+    echo "Creating app key. This may take a while on slower systems"
+    s6-setuidgid abc php /app/www/artisan key:generate
+fi
+
 # set queue driver to database
 sed -i 's/QUEUE_DRIVER=sync/QUEUE_DRIVER=database/' /config/www/.env
-
-# permissions
-echo "Setting permissions"
-chown -R abc:abc \
-	/config

root/etc/logrotate.d/heimdall

@@ -1,9 +0,0 @@
-/config/log/heimdall/laravel.log {
-        size 5M
-        rotate 5
-        compress
-        nodateext
-        notifempty
-        missingok
-        su abc abc
-}

root/etc/services.d/queue/run

@@ -1,4 +1,4 @@
 #!/usr/bin/with-contenv bash
 
 exec \
-       s6-setuidgid abc php /var/www/localhost/heimdall/artisan queue:work database --sleep=3 --tries=3
+    s6-setuidgid abc php /app/www/artisan queue:work database --sleep=3 --tries=3

root/migrations/02-default-location

@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+
+DEFAULT_CONF="/config/nginx/site-confs/default.conf"
+OLD_ROOT="root /var/www/localhost/heimdall/public;"
+NEW_ROOT="root /app/www/public;"
+
+if grep -q "${OLD_ROOT}" "${DEFAULT_CONF}" 2>/dev/null; then
+    echo "updating root in ${DEFAULT_CONF}"
+    sed -i "s|${OLD_ROOT}|${NEW_ROOT}|" "${DEFAULT_CONF}"
+fi

root/var/www/localhost/heimdall/public/index.html

@@ -0,0 +1,40 @@
+<html>
+    <head>
+        <title>Upgrade Required!</title>
+        <style>
+        body{
+            font-family: Helvetica, Arial, sans-serif;
+        }
+        .message{
+            width:440px;
+            padding:20px 40px;
+            margin:0 auto;
+            background-color:#f9f9f9;
+            border:1px solid #ddd;
+            color: #1e3d62;
+        }
+        center{
+            margin:40px 0;
+        }
+        h1{
+            font-size: 18px;
+            line-height: 26px;
+        }
+        p{
+            font-size: 12px;
+        }
+        a{
+            color: rgb(207, 48, 139);
+        }
+        </style>
+    </head>
+    <body>
+        <div class="message">
+            <h1>Upgrade Required!</h1>
+            <p>The application inside this image has been moved to a new folder.</p>
+            <p>You will need to update your <strong>/config/nginx/nginx.conf</strong> and <strong>/config/nginx/site-confs/default.conf</strong> in order for the application to work.</p>
+            <p>New config samples are located at <strong>/config/nginx/nginx.conf.sample</strong> and <strong>/config/nginx/site-confs/default.conf.sample</strong></p>
+            <p>Please review our announcement: <a target="_blank" href="https://info.linuxserver.io/issues/2022-08-20-nginx-base/">Significant changes to nginx based images</a></p>
+        </div>
+    </body>
+</html>