From 3539bd10f082a9eeae7f219bac9eab00aba213f1 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 20 Jan 2023 22:42:13 -0600 Subject: [PATCH 1/5] Rebase to alpine 3.17 with php8.1 --- Dockerfile | 112 ++++++++---------- Dockerfile.aarch64 | 112 ++++++++---------- Dockerfile.armhf | 112 ++++++++---------- README.md | 1 + readme-vars.yml | 1 + root/etc/cont-init.d/43-crontabs | 11 -- .../dependencies.d/init-nginx-config | 0 .../s6-rc.d/init-certbot-config/run} | 4 +- .../s6-rc.d/init-certbot-config/type | 1 + .../s6-overlay/s6-rc.d/init-certbot-config/up | 1 + .../dependencies.d/init-outdated-config | 0 .../dependencies.d/init-fail2ban-config | 0 .../s6-rc.d/init-crontabs-config/run | 17 +++ .../s6-rc.d/init-crontabs-config/type | 1 + .../s6-rc.d/init-crontabs-config/up | 1 + .../dependencies.d/init-samples-config | 0 .../s6-rc.d/init-fail2ban-config/run} | 0 .../s6-rc.d/init-fail2ban-config/type | 1 + .../s6-rc.d/init-fail2ban-config/up | 1 + .../dependencies.d/init-require-url | 0 .../s6-rc.d/init-folders-config/run} | 0 .../s6-rc.d/init-folders-config/type | 1 + .../s6-overlay/s6-rc.d/init-folders-config/up | 1 + .../dependencies.d/init-crontabs-config | 0 .../s6-rc.d/init-nginx-config/run} | 0 .../s6-overlay/s6-rc.d/init-nginx-config/type | 1 + .../s6-overlay/s6-rc.d/init-nginx-config/up | 1 + .../dependencies.d/init-renew | 0 .../s6-rc.d/init-outdated-config/run} | 0 .../s6-rc.d/init-outdated-config/type | 1 + .../s6-rc.d/init-outdated-config/up | 1 + .../dependencies.d/init-certbot-config | 0 .../s6-rc.d/init-permissions-config/run} | 2 +- .../s6-rc.d/init-permissions-config/type | 1 + .../s6-rc.d/init-permissions-config/up | 1 + .../dependencies.d/init-permissions-config | 0 .../s6-rc.d/init-renew/run} | 0 root/etc/s6-overlay/s6-rc.d/init-renew/type | 1 + root/etc/s6-overlay/s6-rc.d/init-renew/up | 1 + .../dependencies.d/init-test-run | 0 .../s6-rc.d/init-require-url/run} | 0 .../s6-overlay/s6-rc.d/init-require-url/type | 1 + .../s6-overlay/s6-rc.d/init-require-url/up | 1 + .../dependencies.d/init-folders-config | 0 .../s6-rc.d/init-samples-config/run} | 0 .../s6-rc.d/init-samples-config/type | 1 + .../s6-overlay/s6-rc.d/init-samples-config/up | 1 + .../dependencies.d/init-nginx-end | 0 .../s6-rc.d/init-test-run/run} | 0 .../etc/s6-overlay/s6-rc.d/init-test-run/type | 1 + root/etc/s6-overlay/s6-rc.d/init-test-run/up | 1 + .../svc-fail2ban/dependencies.d/init-services | 0 .../s6-rc.d/svc-fail2ban}/run | 0 root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type | 1 + .../user/contents.d/init-certbot-config | 0 .../user/contents.d/init-crontabs-config | 0 .../user/contents.d/init-fail2ban-config | 0 .../user/contents.d/init-folders-config | 0 .../s6-rc.d/user/contents.d/init-nginx-config | 0 .../user/contents.d/init-outdated-config | 0 .../user/contents.d/init-permissions-config | 0 .../s6-rc.d/user/contents.d/init-renew | 0 .../s6-rc.d/user/contents.d/init-require-url | 0 .../user/contents.d/init-samples-config | 0 .../s6-rc.d/user/contents.d/init-test-run | 0 .../s6-rc.d/user/contents.d/svc-fail2ban | 0 66 files changed, 201 insertions(+), 194 deletions(-) delete mode 100644 root/etc/cont-init.d/43-crontabs create mode 100644 root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config rename root/etc/{cont-init.d/50-certbot => s6-overlay/s6-rc.d/init-certbot-config/run} (99%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-certbot-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-certbot-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config create mode 100644 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config create mode 100755 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run create mode 100644 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config rename root/etc/{cont-init.d/42-fail2ban => s6-overlay/s6-rc.d/init-fail2ban-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url rename root/etc/{cont-init.d/40-folders => s6-overlay/s6-rc.d/init-folders-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-folders-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-folders-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config rename root/etc/{cont-init.d/45-nginx => s6-overlay/s6-rc.d/init-nginx-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-nginx-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-nginx-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew rename root/etc/{cont-init.d/70-outdated => s6-overlay/s6-rc.d/init-outdated-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-outdated-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-outdated-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config rename root/etc/{cont-init.d/55-permissions => s6-overlay/s6-rc.d/init-permissions-config/run} (88%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-permissions-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-permissions-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config rename root/etc/{cont-init.d/60-renew => s6-overlay/s6-rc.d/init-renew/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-renew/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-renew/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run rename root/etc/{cont-init.d/31-require-url => s6-overlay/s6-rc.d/init-require-url/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-require-url/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-require-url/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config rename root/etc/{cont-init.d/41-samples => s6-overlay/s6-rc.d/init-samples-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-samples-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-samples-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end rename root/etc/{cont-init.d/30-test-run => s6-overlay/s6-rc.d/init-test-run/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-test-run/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-test-run/up create mode 100644 root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services rename root/etc/{services.d/fail2ban => s6-overlay/s6-rc.d/svc-fail2ban}/run (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban diff --git a/Dockerfile b/Dockerfile index ab09327..fc57d87 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15 +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17 # set version label ARG BUILD_DATE @@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ + build-base \ cargo \ - g++ \ - gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -24,11 +25,9 @@ RUN \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ - curl \ fail2ban \ gnupg \ memcached \ - nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ @@ -46,62 +45,58 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php8-bcmath \ - php8-bz2 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-exif \ - php8-ftp \ - php8-gd \ - php8-gmp \ - php8-iconv \ - php8-imap \ - php8-intl \ - php8-ldap \ - php8-mysqli \ - php8-mysqlnd \ - php8-opcache \ - php8-pdo_mysql \ - php8-pdo_odbc \ - php8-pdo_pgsql \ - php8-pdo_sqlite \ - php8-pear \ - php8-pecl-apcu \ - php8-pecl-mailparse \ - php8-pecl-mcrypt \ - php8-pecl-memcached \ - php8-pecl-redis \ - php8-pgsql \ - php8-phar \ - php8-posix \ - php8-soap \ - php8-sockets \ - php8-sodium \ - php8-sqlite3 \ - php8-tokenizer \ - php8-xml \ - php8-xmlreader \ - php8-xsl \ - php8-zip \ - py3-cryptography \ - py3-future \ - py3-pip \ + php81-bcmath \ + php81-bz2 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-exif \ + php81-ftp \ + php81-gd \ + php81-gmp \ + php81-iconv \ + php81-imap \ + php81-intl \ + php81-ldap \ + php81-mysqli \ + php81-mysqlnd \ + php81-opcache \ + php81-pdo_mysql \ + php81-pdo_odbc \ + php81-pdo_pgsql \ + php81-pdo_sqlite \ + php81-pear \ + php81-pecl-apcu \ + php81-pecl-mailparse \ + php81-pecl-mcrypt \ + php81-pecl-memcached \ + php81-pecl-redis \ + php81-pgsql \ + php81-phar \ + php81-posix \ + php81-soap \ + php81-sockets \ + php81-sodium \ + php81-sqlite3 \ + php81-tokenizer \ + php81-xmlreader \ + php81-xsl \ + php81-zip \ whois && \ apk add --no-cache \ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php8-pecl-xmlrpc && \ + php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT="certbot"; \ - else \ - CERTBOT="certbot==${CERTBOT_VERSION}"; \ + CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - pip3 install -U \ - pip wheel && \ - pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \ + python3 -m ensurepip && \ + pip3 install -U --no-cache-dir \ + pip \ + wheel && \ + pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ acme==${CERTBOT_VERSION} \ - ${CERTBOT} \ + certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ @@ -141,6 +136,7 @@ RUN \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ + future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ @@ -176,14 +172,10 @@ RUN \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ - for cleanfiles in *.pyc *.pyo; \ - do \ - find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ - ; done && \ rm -rf \ /tmp/* \ - /root/.cache \ - /root/.cargo + $HOME/.cache \ + $HOME/.cargo # copy local files COPY root/ / diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 3694742..208090e 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,4 +1,6 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15 +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17 # set version label ARG BUILD_DATE @@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ + build-base \ cargo \ - g++ \ - gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -24,11 +25,9 @@ RUN \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ - curl \ fail2ban \ gnupg \ memcached \ - nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ @@ -46,62 +45,58 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php8-bcmath \ - php8-bz2 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-exif \ - php8-ftp \ - php8-gd \ - php8-gmp \ - php8-iconv \ - php8-imap \ - php8-intl \ - php8-ldap \ - php8-mysqli \ - php8-mysqlnd \ - php8-opcache \ - php8-pdo_mysql \ - php8-pdo_odbc \ - php8-pdo_pgsql \ - php8-pdo_sqlite \ - php8-pear \ - php8-pecl-apcu \ - php8-pecl-mailparse \ - php8-pecl-mcrypt \ - php8-pecl-memcached \ - php8-pecl-redis \ - php8-pgsql \ - php8-phar \ - php8-posix \ - php8-soap \ - php8-sockets \ - php8-sodium \ - php8-sqlite3 \ - php8-tokenizer \ - php8-xml \ - php8-xmlreader \ - php8-xsl \ - php8-zip \ - py3-cryptography \ - py3-future \ - py3-pip \ + php81-bcmath \ + php81-bz2 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-exif \ + php81-ftp \ + php81-gd \ + php81-gmp \ + php81-iconv \ + php81-imap \ + php81-intl \ + php81-ldap \ + php81-mysqli \ + php81-mysqlnd \ + php81-opcache \ + php81-pdo_mysql \ + php81-pdo_odbc \ + php81-pdo_pgsql \ + php81-pdo_sqlite \ + php81-pear \ + php81-pecl-apcu \ + php81-pecl-mailparse \ + php81-pecl-mcrypt \ + php81-pecl-memcached \ + php81-pecl-redis \ + php81-pgsql \ + php81-phar \ + php81-posix \ + php81-soap \ + php81-sockets \ + php81-sodium \ + php81-sqlite3 \ + php81-tokenizer \ + php81-xmlreader \ + php81-xsl \ + php81-zip \ whois && \ apk add --no-cache \ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php8-pecl-xmlrpc && \ + php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT="certbot"; \ - else \ - CERTBOT="certbot==${CERTBOT_VERSION}"; \ + CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - pip3 install -U \ - pip wheel && \ - pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \ + python3 -m ensurepip && \ + pip3 install -U --no-cache-dir \ + pip \ + wheel && \ + pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ acme==${CERTBOT_VERSION} \ - ${CERTBOT} \ + certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ @@ -141,6 +136,7 @@ RUN \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ + future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ @@ -176,14 +172,10 @@ RUN \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ - for cleanfiles in *.pyc *.pyo; \ - do \ - find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ - ; done && \ rm -rf \ /tmp/* \ - /root/.cache \ - /root/.cargo + $HOME/.cache \ + $HOME/.cargo # copy local files COPY root/ / diff --git a/Dockerfile.armhf b/Dockerfile.armhf index a114459..7092d9a 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,4 +1,6 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15 +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17 # set version label ARG BUILD_DATE @@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ + build-base \ cargo \ - g++ \ - gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -24,11 +25,9 @@ RUN \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ - curl \ fail2ban \ gnupg \ memcached \ - nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ @@ -46,62 +45,58 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php8-bcmath \ - php8-bz2 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-exif \ - php8-ftp \ - php8-gd \ - php8-gmp \ - php8-iconv \ - php8-imap \ - php8-intl \ - php8-ldap \ - php8-mysqli \ - php8-mysqlnd \ - php8-opcache \ - php8-pdo_mysql \ - php8-pdo_odbc \ - php8-pdo_pgsql \ - php8-pdo_sqlite \ - php8-pear \ - php8-pecl-apcu \ - php8-pecl-mailparse \ - php8-pecl-mcrypt \ - php8-pecl-memcached \ - php8-pecl-redis \ - php8-pgsql \ - php8-phar \ - php8-posix \ - php8-soap \ - php8-sockets \ - php8-sodium \ - php8-sqlite3 \ - php8-tokenizer \ - php8-xml \ - php8-xmlreader \ - php8-xsl \ - php8-zip \ - py3-cryptography \ - py3-future \ - py3-pip \ + php81-bcmath \ + php81-bz2 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-exif \ + php81-ftp \ + php81-gd \ + php81-gmp \ + php81-iconv \ + php81-imap \ + php81-intl \ + php81-ldap \ + php81-mysqli \ + php81-mysqlnd \ + php81-opcache \ + php81-pdo_mysql \ + php81-pdo_odbc \ + php81-pdo_pgsql \ + php81-pdo_sqlite \ + php81-pear \ + php81-pecl-apcu \ + php81-pecl-mailparse \ + php81-pecl-mcrypt \ + php81-pecl-memcached \ + php81-pecl-redis \ + php81-pgsql \ + php81-phar \ + php81-posix \ + php81-soap \ + php81-sockets \ + php81-sodium \ + php81-sqlite3 \ + php81-tokenizer \ + php81-xmlreader \ + php81-xsl \ + php81-zip \ whois && \ apk add --no-cache \ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php8-pecl-xmlrpc && \ + php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT="certbot"; \ - else \ - CERTBOT="certbot==${CERTBOT_VERSION}"; \ + CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - pip3 install -U \ - pip wheel && \ - pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \ + python3 -m ensurepip && \ + pip3 install -U --no-cache-dir \ + pip \ + wheel && \ + pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ acme==${CERTBOT_VERSION} \ - ${CERTBOT} \ + certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ @@ -141,6 +136,7 @@ RUN \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ + future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ @@ -176,14 +172,10 @@ RUN \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ - for cleanfiles in *.pyc *.pyo; \ - do \ - find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ - ; done && \ rm -rf \ /tmp/* \ - /root/.cache \ - /root/.cargo + $HOME/.cache \ + $HOME/.cargo # copy local files COPY root/ / diff --git a/README.md b/README.md index 51d5465..e437d07 100755 --- a/README.md +++ b/README.md @@ -335,6 +335,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **20.01.23:** - Rebase to alpine 3.17 with php8.1. * **16.01.23:** - Remove nchan module because it keeps causing crashes. * **08.12.22:** - Revamp certbot init. * **03.12.22:** - Remove defunct cloudxns plugin. diff --git a/readme-vars.yml b/readme-vars.yml index a98d47d..afdd04f 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -154,6 +154,7 @@ app_setup_block: | # changelog changelogs: + - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." } - { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." } - { date: "08.12.22:", desc: "Revamp certbot init."} - { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."} diff --git a/root/etc/cont-init.d/43-crontabs b/root/etc/cont-init.d/43-crontabs deleted file mode 100644 index 30065b7..0000000 --- a/root/etc/cont-init.d/43-crontabs +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/with-contenv bash -# shellcheck shell=bash - -# copy crontabs if needed -if [[ ! -f /config/crontabs/root ]]; then - cp /etc/crontabs/root /config/crontabs/ -fi - -# import user crontabs -rm /etc/crontabs/* -cp /config/crontabs/* /etc/crontabs/ diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run old mode 100644 new mode 100755 similarity index 99% rename from root/etc/cont-init.d/50-certbot rename to root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index 30656e3..e1a7d47 --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -31,12 +31,12 @@ fi # copy dns default configs cp -n /defaults/dns-conf/* /config/dns-conf/ -chown -R abc:abc /config/dns-conf +lsiown -R abc:abc /config/dns-conf # copy default renewal hooks chmod -R +x /defaults/etc/letsencrypt/renewal-hooks cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ -chown -R abc:abc /config/etc/letsencrypt/renewal-hooks +lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks # create original config file if it doesn't exist, move non-hidden legacy file to hidden if [[ -f "/config/donoteditthisfile.conf" ]]; then diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/type b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/up b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/up new file mode 100644 index 0000000..c8bbd6e --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-certbot-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config b/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run new file mode 100755 index 0000000..5ca0899 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run @@ -0,0 +1,17 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# if root crontabs do not exist in config +# copy root crontab from system +if [[ ! -f /config/crontabs/root ]] && crontab -l -u root; then + crontab -l -u root >/config/crontabs/root +fi + +# if root crontabs still do not exist in config (were not copied from system) +# copy root crontab from included defaults +if [[ ! -f /config/crontabs/root ]]; then + cp /etc/crontabs/root /config/crontabs/ +fi + +# import user crontabs +crontab -u root /config/crontabs/root diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up new file mode 100644 index 0000000..006d814 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-crontabs-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/42-fail2ban b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/42-fail2ban rename to root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up new file mode 100644 index 0000000..e2e5256 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url b/root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/40-folders b/root/etc/s6-overlay/s6-rc.d/init-folders-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/40-folders rename to root/etc/s6-overlay/s6-rc.d/init-folders-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders-config/type b/root/etc/s6-overlay/s6-rc.d/init-folders-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-folders-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders-config/up b/root/etc/s6-overlay/s6-rc.d/init-folders-config/up new file mode 100644 index 0000000..7607e6f --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-folders-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-folders-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/45-nginx b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/45-nginx rename to root/etc/s6-overlay/s6-rc.d/init-nginx-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/type b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/up b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/up new file mode 100644 index 0000000..9adcea4 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-nginx-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/70-outdated b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/70-outdated rename to root/etc/s6-overlay/s6-rc.d/init-outdated-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-outdated-config/type b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-outdated-config/up b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/up new file mode 100644 index 0000000..9257bfe --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-outdated-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/55-permissions b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/run old mode 100644 new mode 100755 similarity index 88% rename from root/etc/cont-init.d/55-permissions rename to root/etc/s6-overlay/s6-rc.d/init-permissions-config/run index 4c50bd8..3a55fc0 --- a/root/etc/cont-init.d/55-permissions +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/run @@ -2,7 +2,7 @@ # shellcheck shell=bash # permissions -chown -R abc:abc \ +lsiown -R abc:abc \ /config chmod -R 0644 /etc/logrotate.d chmod -R +r /config/log diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions-config/type b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions-config/up b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/up new file mode 100644 index 0000000..6f2202f --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-permissions-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config b/root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/60-renew b/root/etc/s6-overlay/s6-rc.d/init-renew/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/60-renew rename to root/etc/s6-overlay/s6-rc.d/init-renew/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-renew/type b/root/etc/s6-overlay/s6-rc.d/init-renew/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-renew/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-renew/up b/root/etc/s6-overlay/s6-rc.d/init-renew/up new file mode 100644 index 0000000..285a1f4 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-renew/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-renew/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run b/root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/31-require-url b/root/etc/s6-overlay/s6-rc.d/init-require-url/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/31-require-url rename to root/etc/s6-overlay/s6-rc.d/init-require-url/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-require-url/type b/root/etc/s6-overlay/s6-rc.d/init-require-url/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-require-url/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-require-url/up b/root/etc/s6-overlay/s6-rc.d/init-require-url/up new file mode 100644 index 0000000..df39f4d --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-require-url/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-require-url/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config b/root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/41-samples b/root/etc/s6-overlay/s6-rc.d/init-samples-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/41-samples rename to root/etc/s6-overlay/s6-rc.d/init-samples-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-samples-config/type b/root/etc/s6-overlay/s6-rc.d/init-samples-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-samples-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-samples-config/up b/root/etc/s6-overlay/s6-rc.d/init-samples-config/up new file mode 100644 index 0000000..bc2cbf6 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-samples-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-samples-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end b/root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/30-test-run b/root/etc/s6-overlay/s6-rc.d/init-test-run/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/30-test-run rename to root/etc/s6-overlay/s6-rc.d/init-test-run/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-test-run/type b/root/etc/s6-overlay/s6-rc.d/init-test-run/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-test-run/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-test-run/up b/root/etc/s6-overlay/s6-rc.d/init-test-run/up new file mode 100644 index 0000000..5f836df --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-test-run/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-test-run/run diff --git a/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/services.d/fail2ban/run b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/services.d/fail2ban/run rename to root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run diff --git a/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type @@ -0,0 +1 @@ +longrun diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban b/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban new file mode 100644 index 0000000..e69de29 From c7d1a460263cde2766b27f1ca268d9f60cd6670d Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 20 Jan 2023 22:53:22 -0600 Subject: [PATCH 2/5] Install pecl-mcrypt from edge --- Dockerfile | 5 ++--- Dockerfile.aarch64 | 5 ++--- Dockerfile.armhf | 5 ++--- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index fc57d87..04d82a1 100755 --- a/Dockerfile +++ b/Dockerfile @@ -68,7 +68,6 @@ RUN \ php81-pear \ php81-pecl-apcu \ php81-pecl-mailparse \ - php81-pecl-mcrypt \ php81-pecl-memcached \ php81-pecl-redis \ php81-pgsql \ @@ -83,8 +82,8 @@ RUN \ php81-xsl \ php81-zip \ whois && \ - apk add --no-cache \ - --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php81-pecl-mcrypt && \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 208090e..361445c 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -68,7 +68,6 @@ RUN \ php81-pear \ php81-pecl-apcu \ php81-pecl-mailparse \ - php81-pecl-mcrypt \ php81-pecl-memcached \ php81-pecl-redis \ php81-pgsql \ @@ -83,8 +82,8 @@ RUN \ php81-xsl \ php81-zip \ whois && \ - apk add --no-cache \ - --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php81-pecl-mcrypt && \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 7092d9a..30f5c84 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -68,7 +68,6 @@ RUN \ php81-pear \ php81-pecl-apcu \ php81-pecl-mailparse \ - php81-pecl-mcrypt \ php81-pecl-memcached \ php81-pecl-redis \ php81-pgsql \ @@ -83,8 +82,8 @@ RUN \ php81-xsl \ php81-zip \ whois && \ - apk add --no-cache \ - --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php81-pecl-mcrypt && \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ From 1771853341bb9dba5cdaba78b4152ed2cfa9e4a1 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 20 Jan 2023 22:56:36 -0600 Subject: [PATCH 3/5] Install pecl-mcrypt from edge (fix syntax) --- Dockerfile | 2 +- Dockerfile.aarch64 | 2 +- Dockerfile.armhf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 04d82a1..ebea490 100755 --- a/Dockerfile +++ b/Dockerfile @@ -83,7 +83,7 @@ RUN \ php81-zip \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php81-pecl-mcrypt && \ + php81-pecl-mcrypt \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 361445c..dae457d 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -83,7 +83,7 @@ RUN \ php81-zip \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php81-pecl-mcrypt && \ + php81-pecl-mcrypt \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 30f5c84..bf7e3eb 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -83,7 +83,7 @@ RUN \ php81-zip \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php81-pecl-mcrypt && \ + php81-pecl-mcrypt \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ From cf21b8c68e08aaff8a7de254f99379993243f3b1 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 20 Jan 2023 23:32:43 -0600 Subject: [PATCH 4/5] replace nginx service location in renewal hooks --- root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx | 4 ++-- root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx | 2 +- root/etc/s6-overlay/s6-rc.d/init-certbot-config/run | 3 +++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx index 781831d..723d69c 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx @@ -6,10 +6,10 @@ if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then if pgrep -f "s6-supervise nginx" >/dev/null; then - s6-svc -u /run/service/nginx + s6-svc -u /run/service/svc-nginx fi else if pgrep -f "nginx:" >/dev/null; then - s6-svc -h /run/service/nginx + s6-svc -h /run/service/svc-nginx fi fi diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx index cb493ea..a8fb50f 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx @@ -6,6 +6,6 @@ if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then if pgrep -f "nginx:" >/dev/null; then - s6-svc -d /run/service/nginx + s6-svc -d /run/service/svc-nginx fi fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index e1a7d47..5e468eb 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -38,6 +38,9 @@ chmod -R +x /defaults/etc/letsencrypt/renewal-hooks cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks +# replace nginx service location in renewal hooks +find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \; + # create original config file if it doesn't exist, move non-hidden legacy file to hidden if [[ -f "/config/donoteditthisfile.conf" ]]; then mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf From 3980ee1ecf31293c6e5d7533a7b404543339ee3b Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 21 Jan 2023 08:13:33 -0600 Subject: [PATCH 5/5] Formatting (tabs) --- .../etc/letsencrypt/renewal-hooks/post/10-nginx | 12 ++++++------ .../etc/letsencrypt/renewal-hooks/pre/10-nginx | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx index 723d69c..43830ed 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx @@ -5,11 +5,11 @@ . /config/.donoteditthisfile.conf if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then - if pgrep -f "s6-supervise nginx" >/dev/null; then - s6-svc -u /run/service/svc-nginx - fi + if pgrep -f "s6-supervise nginx" >/dev/null; then + s6-svc -u /run/service/svc-nginx + fi else - if pgrep -f "nginx:" >/dev/null; then - s6-svc -h /run/service/svc-nginx - fi + if pgrep -f "nginx:" >/dev/null; then + s6-svc -h /run/service/svc-nginx + fi fi diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx index a8fb50f..64c8674 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx @@ -5,7 +5,7 @@ . /config/.donoteditthisfile.conf if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then - if pgrep -f "nginx:" >/dev/null; then - s6-svc -d /run/service/svc-nginx - fi + if pgrep -f "nginx:" >/dev/null; then + s6-svc -d /run/service/svc-nginx + fi fi