linuxserver/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2025-10-31 21:17:42 +09:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Adjust auth confs to fix cookie header conflict

Browse Source
This commit is contained in:
Eric Nemchik
2023-04-27 18:48:27 +00:00
committed by GitHub
parent 9cdedad1c8
commit d8f252dd73
12 changed files with 133 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/call_issue_pr_tracker.yml vendored
View File

@@ -2,9 +2,11 @@ name: Issue & PR Tracker
on: on:
issues: issues:
types: [opened,reopened,labeled,unlabeled] types: [opened,reopened,labeled,unlabeled,closed]
pull_request_target: pull_request_target:
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled] types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed]
pull_request_review:
types: [submitted,edited,dismissed]
jobs: jobs:
manage-project: manage-project:

8
.github/workflows/external_trigger.yml vendored
View File

@@ -14,9 +14,11 @@ jobs:
run: | run: |
if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then
echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****" echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
fi fi
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****" echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving external version ****" echo "**** Retrieving external version ****"
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version') EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
@@ -30,6 +32,7 @@ jobs:
fi fi
EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
echo "**** External version: ${EXT_RELEASE} ****" echo "**** External version: ${EXT_RELEASE} ****"
echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving last pushed version ****" echo "**** Retrieving last pushed version ****"
image="linuxserver/swag" image="linuxserver/swag"
tag="latest" tag="latest"
@@ -65,14 +68,18 @@ jobs:
exit 1 exit 1
fi fi
echo "**** Last pushed version: ${IMAGE_VERSION} ****" echo "**** Last pushed version: ${IMAGE_VERSION} ****"
echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY
if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
else else
echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY
response=$(curl -iX POST \ response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
@@ -82,6 +89,7 @@ jobs:
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}" buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****" echo "**** Jenkins job build url: ${buildurl} ****"
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****" echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \ curl -iX POST \
"${buildurl}submitDescription" \ "${buildurl}submitDescription" \

18
.github/workflows/external_trigger_scheduler.yml vendored
View File

@@ -2,7 +2,7 @@ name: External Trigger Scheduler
on: on:
schedule: schedule:
- cron: '50 * * * *' - cron: '2 * * * *'
workflow_dispatch: workflow_dispatch:
jobs: jobs:
@@ -17,18 +17,18 @@ jobs:
run: | run: |
echo "**** Branches found: ****" echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes git for-each-ref --format='%(refname:short)' refs/remotes
echo "**** Pulling the yq docker image ****"
docker pull ghcr.io/linuxserver/yq
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
do do
br=$(echo "$br" | sed 's|origin/||g') br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****" echo "**** Evaluating branch ${br} ****"
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \ ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml)
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch) ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
if [ "$br" == "$ls_branch" ]; then ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
echo "**** Branch ${br} appears to be live; checking workflow. ****" if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****"
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
curl -iX POST \ curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \ -H "Authorization: token ${{ secrets.CR_PAT }}" \
-H "Accept: application/vnd.github.v3+json" \ -H "Accept: application/vnd.github.v3+json" \
@@ -36,8 +36,10 @@ jobs:
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches
else else
echo "**** Workflow doesn't exist; skipping trigger. ****" echo "**** Workflow doesn't exist; skipping trigger. ****"
echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
fi fi
else else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****" echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****"
echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
fi fi
done done

4
.github/workflows/package_trigger.yml vendored
View File

@@ -14,13 +14,16 @@ jobs:
run: | run: |
if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then
echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****" echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
echo "Github secret \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
fi fi
if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
fi fi
echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****" echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****"
echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY
response=$(curl -iX POST \ response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
@@ -30,6 +33,7 @@ jobs:
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}" buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****" echo "**** Jenkins job build url: ${buildurl} ****"
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****" echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \ curl -iX POST \
"${buildurl}submitDescription" \ "${buildurl}submitDescription" \

8
.github/workflows/package_trigger_scheduler.yml vendored
View File

@@ -17,18 +17,16 @@ jobs:
run: | run: |
echo "**** Branches found: ****" echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes git for-each-ref --format='%(refname:short)' refs/remotes
echo "**** Pulling the yq docker image ****"
docker pull ghcr.io/linuxserver/yq
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
do do
br=$(echo "$br" | sed 's|origin/||g') br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****" echo "**** Evaluating branch ${br} ****"
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \ ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml | yq -r '.ls_branch')
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
if [ "${br}" == "${ls_branch}" ]; then if [ "${br}" == "${ls_branch}" ]; then
echo "**** Branch ${br} appears to be live; checking workflow. ****" echo "**** Branch ${br} appears to be live; checking workflow. ****"
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
triggered_branches="${triggered_branches}${br} " triggered_branches="${triggered_branches}${br} "
curl -iX POST \ curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \ -H "Authorization: token ${{ secrets.CR_PAT }}" \
@@ -38,9 +36,11 @@ jobs:
sleep 30 sleep 30
else else
echo "**** Workflow doesn't exist; skipping trigger. ****" echo "**** Workflow doesn't exist; skipping trigger. ****"
echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY
fi fi
else else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****" echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
fi fi
done done
echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"

91
Jenkinsfile vendored
View File

@@ -40,10 +40,11 @@ pipeline {
// Setup all the basic environment variables needed for the build // Setup all the basic environment variables needed for the build
stage("Set ENV Variables base"){ stage("Set ENV Variables base"){
steps{ steps{
sh '''docker pull quay.io/skopeo/stable:v1 || : '''
script{ script{
env.EXIT_STATUS = '' env.EXIT_STATUS = ''
env.LS_RELEASE = sh( env.LS_RELEASE = sh(
script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
returnStdout: true).trim() returnStdout: true).trim()
env.LS_RELEASE_NOTES = sh( env.LS_RELEASE_NOTES = sh(
script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''', script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''',
@@ -228,7 +229,7 @@ pipeline {
script{ script{
env.SHELLCHECK_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml' env.SHELLCHECK_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml'
} }
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash''' sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-jenkins-builder/master/checkrun.sh | /bin/bash'''
sh '''#! /bin/bash sh '''#! /bin/bash
docker run --rm \ docker run --rm \
-v ${WORKSPACE}:/mnt \ -v ${WORKSPACE}:/mnt \
@@ -376,6 +377,26 @@ pipeline {
} }
} }
} }
// If this is a master build check the S6 service file perms
stage("Check S6 Service file Permissions"){
when {
branch "master"
environment name: 'CHANGE_ID', value: ''
environment name: 'EXIT_STATUS', value: ''
}
steps {
script{
sh '''#! /bin/bash
WRONG_PERM=$(find ./ -path "./.git" -prune -o \\( -name "run" -o -name "finish" -o -name "check" \\) -not -perm -u=x,g=x,o=x -print)
if [[ -n "${WRONG_PERM}" ]]; then
echo "The following S6 service files are missing the executable bit; canceling the faulty build: ${WRONG_PERM}"
exit 1
else
echo "S6 service file perms look good."
fi '''
}
}
}
/* ####################### /* #######################
GitLab Mirroring GitLab Mirroring
####################### */ ####################### */
@@ -668,6 +689,7 @@ pipeline {
]) { ]) {
script{ script{
env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json'
} }
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -694,8 +716,6 @@ pipeline {
-e WEB_SCREENSHOT=\"${CI_WEB}\" \ -e WEB_SCREENSHOT=\"${CI_WEB}\" \
-e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_AUTH=\"${CI_AUTH}\" \
-e WEB_PATH=\"${CI_WEBPATH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \
-e DO_REGION="ams3" \
-e DO_BUCKET="lsio-ci" \
-t ghcr.io/linuxserver/ci:latest \ -t ghcr.io/linuxserver/ci:latest \
python3 test_build.py''' python3 test_build.py'''
} }
@@ -949,8 +969,67 @@ pipeline {
environment name: 'EXIT_STATUS', value: '' environment name: 'EXIT_STATUS', value: ''
} }
steps { steps {
sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/issues/${PULL_REQUEST}/comments \ sh '''#! /bin/bash
-d '{"body": "I am a bot, here are the test results for this PR: \\n'${CI_URL}' \\n'${SHELLCHECK_URL}'"}' ''' # Function to retrieve JSON data from URL
get_json() {
local url="$1"
local response=$(curl -s "$url")
if [ $? -ne 0 ]; then
echo "Failed to retrieve JSON data from $url"
return 1
fi
local json=$(echo "$response" | jq .)
if [ $? -ne 0 ]; then
echo "Failed to parse JSON data from $url"
return 1
fi
echo "$json"
}
build_table() {
local data="$1"
# Get the keys in the JSON data
local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
# Check if keys are empty
if [ -z "$keys" ]; then
echo "JSON report data does not contain any keys or the report does not exist."
return 1
fi
# Build table header
local header="| Tag | Passed |\\n| --- | --- |\\n"
# Loop through the JSON data to build the table rows
local rows=""
for build in $keys; do
local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
if [ "$status" = "true" ]; then
status="✅"
else
status="❌"
fi
local row="| "$build" | "$status" |\\n"
rows="${rows}${row}"
done
local table="${header}${rows}"
local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
echo "$escaped_table"
}
# Retrieve JSON data from URL
data=$(get_json "$CI_JSON_URL")
# Create table from JSON data
table=$(build_table "$data")
echo -e "$table"
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"'''
} }
} }
} }

2
README.md
View File

@@ -336,7 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-server.conf - Simplify auth configs and include updates for Authelia 4.38. * **27.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug.
* **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik. * **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik.
* **25.03.23:** - Fix renewal post hook. * **25.03.23:** - Fix renewal post hook.
* **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0). * **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0).

2
readme-vars.yml
View File

@@ -154,7 +154,7 @@ app_setup_block: |
# changelog # changelog
changelogs: changelogs:
- { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-server.conf - Simplify auth configs and include updates for Authelia 4.38." } - { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." }
- { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." } - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." }
- { date: "25.03.23:", desc: "Fix renewal post hook." } - { date: "25.03.23:", desc: "Fix renewal post hook." }
- { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." } - { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." }

13
root/defaults/nginx/authelia-location.conf.sample
View File

@@ -1,28 +1,27 @@
## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample ## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia # Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /authelia/api/authz/auth-request; auth_request /authelia/api/verify;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @authelia_proxy_signin; error_page 401 = @authelia_proxy_signin;
## Translate response headers from Authelia into variables ## Translate the user information response headers from the auth subrequest into variables
auth_request_set $email $upstream_http_remote_email; auth_request_set $email $upstream_http_remote_email;
auth_request_set $groups $upstream_http_remote_groups; auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name; auth_request_set $name $upstream_http_remote_name;
auth_request_set $user $upstream_http_remote_user; auth_request_set $user $upstream_http_remote_user;
## Inject the response header variables into the request made to the actual upstream ## Inject the user information into the request made to the actual upstream
proxy_set_header Remote-Email $email; proxy_set_header Remote-Email $email;
proxy_set_header Remote-Groups $groups; proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name; proxy_set_header Remote-Name $name;
proxy_set_header Remote-User $user; proxy_set_header Remote-User $user;
## Include the Set-Cookie header if present. ## Translate the Set-Cookie response header from auth subrequest into a variable
auth_request_set $set_cookie $upstream_http_set_cookie; auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
## Set $redirection_url to the location header of the response from the auth request ## Translate the Location response header from auth subrequest into a variable
auth_request_set $redirection_url $upstream_http_location; auth_request_set $redirection_url $upstream_http_location;

8
root/defaults/nginx/authelia-server.conf.sample
View File

@@ -1,4 +1,4 @@
## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample ## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia # Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
@@ -11,8 +11,7 @@ location ^~ /authelia {
set $upstream_authelia authelia; set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091; proxy_pass http://$upstream_authelia:9091;
## Include the Set-Cookie header if present. ## Include the Set-Cookie header if present
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie; add_header Set-Cookie $set_cookie;
proxy_pass_request_body off; proxy_pass_request_body off;
@@ -23,8 +22,7 @@ location ^~ /authelia {
location @authelia_proxy_signin { location @authelia_proxy_signin {
internal; internal;
## Include the Set-Cookie header if present. ## Include the Set-Cookie header if present
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie; add_header Set-Cookie $set_cookie;
## Set the $target_url variable based on the original request. ## Set the $target_url variable based on the original request.

9
root/defaults/nginx/authentik-location.conf.sample
View File

@@ -1,4 +1,4 @@
## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample ## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
@@ -7,20 +7,19 @@ auth_request /outpost.goauthentik.io/auth/nginx;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @goauthentik_proxy_signin; error_page 401 = @goauthentik_proxy_signin;
## Translate response headers from Authentik into variables ## Translate the user information response headers from the auth subrequest into variables
auth_request_set $authentik_email $upstream_http_x_authentik_email; auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups; auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_name $upstream_http_x_authentik_name; auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid; auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
auth_request_set $authentik_username $upstream_http_x_authentik_username; auth_request_set $authentik_username $upstream_http_x_authentik_username;
## Inject the response header variables into the request made to the actual upstream ## Inject the user information into the request made to the actual upstream
proxy_set_header X-authentik-email $authentik_email; proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-groups $authentik_groups; proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-name $authentik_name; proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid; proxy_set_header X-authentik-uid $authentik_uid;
proxy_set_header X-authentik-username $authentik_username; proxy_set_header X-authentik-username $authentik_username;
## Include the Set-Cookie header if present. ## Translate the Set-Cookie response header from auth subrequest into a variable
auth_request_set $set_cookie $upstream_http_set_cookie; auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;

8
root/defaults/nginx/authentik-server.conf.sample
View File

@@ -1,4 +1,4 @@
## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample ## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
@@ -10,8 +10,7 @@ location ^~ /outpost.goauthentik.io {
set $upstream_authentik authentik-server; set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000; proxy_pass http://$upstream_authentik:9000;
## Include the Set-Cookie header if present. ## Include the Set-Cookie header if present
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie; add_header Set-Cookie $set_cookie;
proxy_pass_request_body off; proxy_pass_request_body off;
@@ -22,8 +21,7 @@ location ^~ /outpost.goauthentik.io {
location @goauthentik_proxy_signin { location @goauthentik_proxy_signin {
internal; internal;
## Include the Set-Cookie header if present. ## Include the Set-Cookie header if present
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie; add_header Set-Cookie $set_cookie;
## Set the $target_url variable based on the original request. ## Set the $target_url variable based on the original request.