Merge branch 'master' into standalone-dns-validation

2025-10-31 13:07:44 +09:00 · 2021-12-12 01:06:20 +01:00
parent 2878d84050 682689d0fc
commit 1ff4691000
8 changed files with 8 additions and 162 deletions
--- a/README.md
+++ b/README.md
@@ -161,7 +161,6 @@ services:
      - ONLY_SUBDOMAINS=false #optional
      - EXTRA_DOMAINS= #optional
      - STAGING=false #optional
-      - MAXMINDDB_LICENSE_KEY= #optional
    volumes:
      - /path/to/appdata/config:/config
    ports:
@@ -190,7 +189,6 @@ docker run -d \
  -e ONLY_SUBDOMAINS=false `#optional` \
  -e EXTRA_DOMAINS= `#optional` \
  -e STAGING=false `#optional` \
-  -e MAXMINDDB_LICENSE_KEY= `#optional` \
  -p 443:443 \
  -p 80:80 `#optional` \
  -v /path/to/appdata/config:/config \
@@ -220,7 +218,6 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
 | `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` |
 | `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. |
-| `-e MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. |
 | `-v /config` | All the config files including the webroot reside here. |

 ## Environment variables from files (Docker secrets)
@@ -332,6 +329,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64

 ## Versions

+* **30.11.21:** - Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)
 * **22.11.21:** - Added support for Infomaniak DNS for certificate generation.
 * **20.11.21:** - Added support for dnspod validation.
 * **15.11.21:** - Added support for deSEC DNS for wildcard certificate generation.
--- a/package_versions.txt
+++ b/package_versions.txt
@@ -86,7 +86,7 @@ libxt-1.2.1-r0
 libzip-1.7.3-r2
 linux-pam-1.5.1-r1
 logrotate-3.18.1-r0
-lz4-libs-1.9.3-r0
+lz4-libs-1.9.3-r1
 memcached-1.6.9-r0
 mpdecimal-2.5.1-r1
 musl-1.2.2-r3
@@ -133,8 +133,8 @@ php7-ctype-7.4.26-r0
 php7-curl-7.4.26-r0
 php7-dom-7.4.26-r0
 php7-exif-7.4.26-r0
-php7-fileinfo-7.4.25-r0
-php7-fpm-7.4.25-r0
+php7-fileinfo-7.4.26-r0
+php7-fpm-7.4.26-r0
 php7-ftp-7.4.26-r0
 php7-gd-7.4.26-r0
 php7-gmp-7.4.26-r0
@@ -164,7 +164,7 @@ php7-pgsql-7.4.26-r0
 php7-phar-7.4.26-r0
 php7-posix-7.4.26-r0
 php7-session-7.4.26-r0
-php7-simplexml-7.4.25-r0
+php7-simplexml-7.4.26-r0
 php7-soap-7.4.26-r0
 php7-sockets-7.4.26-r0
 php7-sodium-7.4.26-r0
@@ -173,7 +173,7 @@ php7-tokenizer-7.4.26-r0
 php7-xml-7.4.26-r0
 php7-xmlreader-7.4.26-r0
 php7-xmlrpc-7.4.26-r0
-php7-xmlwriter-7.4.25-r0
+php7-xmlwriter-7.4.26-r0
 php7-xsl-7.4.26-r0
 php7-zip-7.4.26-r0
 pinentry-1.1.1-r0
@@ -209,7 +209,7 @@ py3-six-1.15.0-r1
 py3-toml-0.10.2-r2
 py3-urllib3-1.26.5-r0
 py3-webencodings-0.5.1-r4
-python3-3.9.5-r1
+python3-3.9.5-r2
 readline-8.1.0-r0
 s6-ipcserver-2.10.0.3-r0
 scanelf-1.3.2-r0
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -58,7 +58,6 @@ opt_param_env_vars:
  - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
  - { env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`" }
  - { env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes." }
-  - { env_var: "MAXMINDDB_LICENSE_KEY", env_value: "", desc: "Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly."}
 opt_param_usage_include_vols: false
 opt_param_volumes:
  - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Configuration files." }
@@ -155,6 +154,7 @@ app_setup_nginx_reverse_proxy_block: ""

 # changelog
 changelogs:
+  - { date: "30.11.21:", desc: "Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)" }
  - { date: "24.11.21:", desc: "Added support for standalone DNS validation." }
  - { date: "22.11.21:", desc: "Added support for Infomaniak DNS for certificate generation." }
  - { date: "20.11.21:", desc: "Added support for dnspod validation." }
--- a/root/defaults/default
+++ b/root/defaults/default
@@ -32,12 +32,6 @@ server {
    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

-    # enable for geo blocking
-    # See /config/nginx/geoip2.conf for more information.
-    #if ($allowed_country = no) {
-    #return 444;
-    #}
-
    client_max_body_size 0;

    location / {
--- a/root/defaults/geoip2.conf
+++ b/root/defaults/geoip2.conf
@@ -1,123 +0,0 @@
-## Version 2020/10/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf
-# To enable, uncommment the Geoip2 config line in nginx.conf
-# Add the -e MAXMINDDB_LICENSE_KEY=<licensekey> to automatically download the Geolite2 database.
-# A Maxmind license key can be acquired here: https://www.maxmind.com/en/geolite2/signup
-
-geoip2 /config/geoip2db/GeoLite2-City.mmdb {
-    auto_reload 1w;
-    $geoip2_data_city_name   city names en;
-    $geoip2_data_postal_code postal code;
-    $geoip2_data_latitude    location latitude;
-    $geoip2_data_longitude   location longitude;
-    $geoip2_data_state_name  subdivisions 0 names en;
-    $geoip2_data_state_code  subdivisions 0 iso_code;
-    $geoip2_data_continent_code   continent code;
-    $geoip2_data_country_iso_code country iso_code;
-}
-
-# GEOIP2 COUNTRY CONFIG
-map $geoip2_data_country_iso_code $allowed_country {
-    # default must be yes or no
-    # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
-    default yes;
-
-    # Below you will setup conditions with yes or no
-    # ex: <condition> <yes/no>;
-
-    # allow United Kingdom.
-    #GB yes;
-}
-
-# GEOIP2 CITY CONFIG
-map $geoip2_data_city_name $allowed_city {
-    # default must be yes or no
-    # If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
-    default yes;
-
-    # Below you will setup conditions with yes or no
-    # ex: <condition> <yes/no>;
-
-    # allow Inverness.
-    #Inverness yes;
-}
-
-# ALLOW LOCAL ACCESS
-geo $allow_list {
-    default yes; # Set this to no if $allowed_country or $allowed_city default is no. 
-    # IP/CIDR yes; # e.g. 192.168.1.0/24 yes;
-}
-
-# Server config example:
-# Add the following if statements inside any server context where you want to geo block countries.
-
-########################################
-#    if ($allow_list = yes) {
-#       set $allowed_country yes;
-#    }
-#    if ($allowed_country = no) {
-#       return 444;
-#    }
-#########################################
-
-# Add the following if statements inside any server context where you want to geo block cities.
-########################################
-#    if ($allow_list = yes) {
-#       set $allowed_country yes;
-#    }
-#    if ($allowed_city = no) {
-#       return 444;
-#    }
-#########################################
-
-# Example using a config from proxy-confs
-
-#server {
-#    listen 443 ssl;
-#    listen [::]:443 ssl;
-#
-#    server_name unifi.*;
-#
-#    include /config/nginx/ssl.conf;
-#
-#    client_max_body_size 0;
-#
-#    # enable for ldap auth, fill in ldap details in ldap.conf
-#    #include /config/nginx/ldap.conf;
-#
-#    # enable for Authelia
-#    #include /config/nginx/authelia-server.conf;
-
-
-#   # Allow lan access if default is set to no
-#   if ($allow_list = yes) {
-#       set $allowed_country yes;
-#   }
-#   # Country geo block
-#   if ($allowed_country = no) {
-#       return 444;
-#   }
-
-
-#
-#    location / {
-#        # enable the next two lines for http auth
-#        #auth_basic "Restricted";
-#        #auth_basic_user_file /config/nginx/.htpasswd;
-#
-#        # enable the next two lines for ldap auth
-#        #auth_request /auth;
-#        #error_page 401 =200 /ldaplogin;
-#
-#        # enable for Authelia
-#        #include /config/nginx/authelia-location.conf;
-#
-#        include /config/nginx/proxy.conf;
-#        resolver 127.0.0.11 valid=30s;
-#        set $upstream_app unifi-controller;
-#        set $upstream_port 8443;
-#        set $upstream_proto https;
-#        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-#
-#        proxy_buffering off;
-#    }
-#}
--- a/root/defaults/nginx.conf
+++ b/root/defaults/nginx.conf
@@ -115,14 +115,6 @@ http {
    ##
    include /config/nginx/site-confs/*;
    #Removed lua. Do not remove this comment
-
-    ##
-    # Geoip2 config
-    ##
-    # Uncomment to add the Geoip2 configs needed to geo block countries/cities.
-    ##
-
-    #include /config/nginx/geoip2.conf;
 }

 #mail {
--- a/root/etc/cont-init.d/50-config
+++ b/root/etc/cont-init.d/50-config
@@ -76,8 +76,6 @@ cp /config/fail2ban/jail.local /etc/fail2ban/jail.local
    cp /defaults/authelia-server.conf /config/nginx/authelia-server.conf
 [[ ! -f /config/nginx/authelia-location.conf ]] && \
    cp /defaults/authelia-location.conf /config/nginx/authelia-location.conf
-[[ ! -f /config/nginx/geoip2.conf ]] && \
-    cp /defaults/geoip2.conf /config/nginx/geoip2.conf
 [[ ! -f /config/www/502.html ]] &&
    cp /defaults/502.html /config/www/502.html

@@ -365,18 +363,6 @@ fi
    rm -rf /var/lib/libmaxminddb
 [[ ! -d /var/lib/libmaxminddb ]] && \
    ln -s /config/geoip2db /var/lib/libmaxminddb
-# check GeoIP2 database
-if [ -n "$MAXMINDDB_LICENSE_KEY" ]; then
-    sed -i "s|.*MAXMINDDB_LICENSE_KEY.*|MAXMINDDB_LICENSE_KEY=\"${MAXMINDDB_LICENSE_KEY}\"|g" /etc/libmaxminddb.cron.conf
-    if [ ! -f /var/lib/libmaxminddb/GeoLite2-City.mmdb ]; then
-        echo "Downloading GeoIP2 City database."
-        /etc/periodic/weekly/libmaxminddb
-    fi
-elif [ -f /var/lib/libmaxminddb/GeoLite2-City.mmdb ]; then
-    echo -e "Currently using the user provided GeoLite2-City.mmdb.\nIf you want to enable weekly auto-updates of the database, retrieve a free license key from MaxMind,\nand add a new env variable \"MAXMINDDB_LICENSE_KEY\", set to your license key."
-else
-    echo -e "Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,\nand add a new env variable \"MAXMINDDB_LICENSE_KEY\", set to your license key."
-fi

 # logfiles needed by fail2ban
 [[ ! -f /config/log/nginx/error.log ]] && \
--- a/root/etc/cont-init.d/70-templates
+++ b/root/etc/cont-init.d/70-templates
@@ -3,7 +3,6 @@
 nginx_confs=( \
    authelia-location.conf \
    authelia-server.conf \
-    geoip2.conf \
    ldap.conf \
    nginx.conf \
    proxy.conf \