diff --git a/Dockerfile b/Dockerfile index 2c5e8d4..19e2953 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15 +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17 # set version label ARG BUILD_DATE @@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ + build-base \ cargo \ - g++ \ - gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -24,11 +25,9 @@ RUN \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ - curl \ fail2ban \ gnupg \ memcached \ - nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ @@ -36,7 +35,6 @@ RUN \ nginx-mod-http-geoip2 \ nginx-mod-http-headers-more \ nginx-mod-http-image-filter \ - nginx-mod-http-nchan \ nginx-mod-http-perl \ nginx-mod-http-redis2 \ nginx-mod-http-set-misc \ @@ -47,61 +45,56 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php8-bcmath \ - php8-bz2 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-exif \ - php8-ftp \ - php8-gd \ - php8-gmp \ - php8-iconv \ - php8-imap \ - php8-intl \ - php8-ldap \ - php8-mysqli \ - php8-mysqlnd \ - php8-opcache \ - php8-pdo_mysql \ - php8-pdo_odbc \ - php8-pdo_pgsql \ - php8-pdo_sqlite \ - php8-pear \ - php8-pecl-apcu \ - php8-pecl-mailparse \ - php8-pecl-mcrypt \ - php8-pecl-memcached \ - php8-pecl-redis \ - php8-pgsql \ - php8-phar \ - php8-posix \ - php8-soap \ - php8-sockets \ - php8-sodium \ - php8-sqlite3 \ - php8-tokenizer \ - php8-xml \ - php8-xmlreader \ - php8-xsl \ - php8-zip \ - py3-cryptography \ - py3-future \ - py3-pip \ + php81-bcmath \ + php81-bz2 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-exif \ + php81-ftp \ + php81-gd \ + php81-gmp \ + php81-iconv \ + php81-imap \ + php81-intl \ + php81-ldap \ + php81-mysqli \ + php81-mysqlnd \ + php81-opcache \ + php81-pdo_mysql \ + php81-pdo_odbc \ + php81-pdo_pgsql \ + php81-pdo_sqlite \ + php81-pear \ + php81-pecl-apcu \ + php81-pecl-mailparse \ + php81-pecl-memcached \ + php81-pecl-redis \ + php81-pgsql \ + php81-phar \ + php81-posix \ + php81-soap \ + php81-sockets \ + php81-sodium \ + php81-sqlite3 \ + php81-tokenizer \ + php81-xmlreader \ + php81-xsl \ + php81-zip \ whois && \ - apk add --no-cache \ - --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php8-pecl-xmlrpc && \ + apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php81-pecl-mcrypt \ + php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT="certbot"; \ - else \ - CERTBOT="certbot==${CERTBOT_VERSION}"; \ + CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - pip3 install -U \ - pip wheel && \ - pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \ - ${CERTBOT} \ + python3 -m ensurepip && \ + pip3 install -U --no-cache-dir \ + pip \ + wheel && \ + pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ + certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ @@ -141,6 +134,7 @@ RUN \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ + future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ @@ -176,14 +170,10 @@ RUN \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ - for cleanfiles in *.pyc *.pyo; \ - do \ - find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ - ; done && \ rm -rf \ /tmp/* \ - /root/.cache \ - /root/.cargo + $HOME/.cache \ + $HOME/.cargo # copy local files COPY root/ / diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index da726f6..cd455f4 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,4 +1,6 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15 +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17 # set version label ARG BUILD_DATE @@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ + build-base \ cargo \ - g++ \ - gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -24,11 +25,9 @@ RUN \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ - curl \ fail2ban \ gnupg \ memcached \ - nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ @@ -36,7 +35,6 @@ RUN \ nginx-mod-http-geoip2 \ nginx-mod-http-headers-more \ nginx-mod-http-image-filter \ - nginx-mod-http-nchan \ nginx-mod-http-perl \ nginx-mod-http-redis2 \ nginx-mod-http-set-misc \ @@ -47,61 +45,56 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php8-bcmath \ - php8-bz2 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-exif \ - php8-ftp \ - php8-gd \ - php8-gmp \ - php8-iconv \ - php8-imap \ - php8-intl \ - php8-ldap \ - php8-mysqli \ - php8-mysqlnd \ - php8-opcache \ - php8-pdo_mysql \ - php8-pdo_odbc \ - php8-pdo_pgsql \ - php8-pdo_sqlite \ - php8-pear \ - php8-pecl-apcu \ - php8-pecl-mailparse \ - php8-pecl-mcrypt \ - php8-pecl-memcached \ - php8-pecl-redis \ - php8-pgsql \ - php8-phar \ - php8-posix \ - php8-soap \ - php8-sockets \ - php8-sodium \ - php8-sqlite3 \ - php8-tokenizer \ - php8-xml \ - php8-xmlreader \ - php8-xsl \ - php8-zip \ - py3-cryptography \ - py3-future \ - py3-pip \ + php81-bcmath \ + php81-bz2 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-exif \ + php81-ftp \ + php81-gd \ + php81-gmp \ + php81-iconv \ + php81-imap \ + php81-intl \ + php81-ldap \ + php81-mysqli \ + php81-mysqlnd \ + php81-opcache \ + php81-pdo_mysql \ + php81-pdo_odbc \ + php81-pdo_pgsql \ + php81-pdo_sqlite \ + php81-pear \ + php81-pecl-apcu \ + php81-pecl-mailparse \ + php81-pecl-memcached \ + php81-pecl-redis \ + php81-pgsql \ + php81-phar \ + php81-posix \ + php81-soap \ + php81-sockets \ + php81-sodium \ + php81-sqlite3 \ + php81-tokenizer \ + php81-xmlreader \ + php81-xsl \ + php81-zip \ whois && \ - apk add --no-cache \ - --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php8-pecl-xmlrpc && \ + apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php81-pecl-mcrypt \ + php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT="certbot"; \ - else \ - CERTBOT="certbot==${CERTBOT_VERSION}"; \ + CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - pip3 install -U \ - pip wheel && \ - pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \ - ${CERTBOT} \ + python3 -m ensurepip && \ + pip3 install -U --no-cache-dir \ + pip \ + wheel && \ + pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ + certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ @@ -141,6 +134,7 @@ RUN \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ + future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ @@ -176,14 +170,10 @@ RUN \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ - for cleanfiles in *.pyc *.pyo; \ - do \ - find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ - ; done && \ rm -rf \ /tmp/* \ - /root/.cache \ - /root/.cargo + $HOME/.cache \ + $HOME/.cargo # copy local files COPY root/ / diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 2fdd246..1ac580e 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,4 +1,6 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15 +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17 # set version label ARG BUILD_DATE @@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ + build-base \ cargo \ - g++ \ - gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -24,11 +25,9 @@ RUN \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ - curl \ fail2ban \ gnupg \ memcached \ - nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ @@ -36,7 +35,6 @@ RUN \ nginx-mod-http-geoip2 \ nginx-mod-http-headers-more \ nginx-mod-http-image-filter \ - nginx-mod-http-nchan \ nginx-mod-http-perl \ nginx-mod-http-redis2 \ nginx-mod-http-set-misc \ @@ -47,61 +45,56 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php8-bcmath \ - php8-bz2 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-exif \ - php8-ftp \ - php8-gd \ - php8-gmp \ - php8-iconv \ - php8-imap \ - php8-intl \ - php8-ldap \ - php8-mysqli \ - php8-mysqlnd \ - php8-opcache \ - php8-pdo_mysql \ - php8-pdo_odbc \ - php8-pdo_pgsql \ - php8-pdo_sqlite \ - php8-pear \ - php8-pecl-apcu \ - php8-pecl-mailparse \ - php8-pecl-mcrypt \ - php8-pecl-memcached \ - php8-pecl-redis \ - php8-pgsql \ - php8-phar \ - php8-posix \ - php8-soap \ - php8-sockets \ - php8-sodium \ - php8-sqlite3 \ - php8-tokenizer \ - php8-xml \ - php8-xmlreader \ - php8-xsl \ - php8-zip \ - py3-cryptography \ - py3-future \ - py3-pip \ + php81-bcmath \ + php81-bz2 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-exif \ + php81-ftp \ + php81-gd \ + php81-gmp \ + php81-iconv \ + php81-imap \ + php81-intl \ + php81-ldap \ + php81-mysqli \ + php81-mysqlnd \ + php81-opcache \ + php81-pdo_mysql \ + php81-pdo_odbc \ + php81-pdo_pgsql \ + php81-pdo_sqlite \ + php81-pear \ + php81-pecl-apcu \ + php81-pecl-mailparse \ + php81-pecl-memcached \ + php81-pecl-redis \ + php81-pgsql \ + php81-phar \ + php81-posix \ + php81-soap \ + php81-sockets \ + php81-sodium \ + php81-sqlite3 \ + php81-tokenizer \ + php81-xmlreader \ + php81-xsl \ + php81-zip \ whois && \ - apk add --no-cache \ - --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php8-pecl-xmlrpc && \ + apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php81-pecl-mcrypt \ + php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT="certbot"; \ - else \ - CERTBOT="certbot==${CERTBOT_VERSION}"; \ + CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - pip3 install -U \ - pip wheel && \ - pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \ - ${CERTBOT} \ + python3 -m ensurepip && \ + pip3 install -U --no-cache-dir \ + pip \ + wheel && \ + pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ + certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ @@ -141,6 +134,7 @@ RUN \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ + future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ @@ -176,14 +170,10 @@ RUN \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ - for cleanfiles in *.pyc *.pyo; \ - do \ - find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ - ; done && \ rm -rf \ /tmp/* \ - /root/.cache \ - /root/.cargo + $HOME/.cache \ + $HOME/.cargo # copy local files COPY root/ / diff --git a/README.md b/README.md index 4615612..e437d07 100755 --- a/README.md +++ b/README.md @@ -335,6 +335,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **20.01.23:** - Rebase to alpine 3.17 with php8.1. +* **16.01.23:** - Remove nchan module because it keeps causing crashes. +* **08.12.22:** - Revamp certbot init. * **03.12.22:** - Remove defunct cloudxns plugin. * **22.11.22:** - Pin acme to the same version as certbot. * **22.11.22:** - Pin certbot to 1.32.0 until plugin compatibility improves. diff --git a/package_versions.txt b/package_versions.txt index 3e8efb1..ab2fb52 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,229 +1,204 @@ -alpine-baselayout-3.2.0-r18 +alpine-baselayout-3.4.0-r0 +alpine-baselayout-data-3.4.0-r0 alpine-keys-2.4-r1 -apache2-utils-2.4.54-r0 -apk-tools-2.12.7-r3 -apr-1.7.0-r1 -apr-util-1.6.1-r11 -argon2-libs-20190702-r1 -bash-5.1.16-r0 -brotli-libs-1.0.9-r5 -busybox-1.34.1-r7 -c-client-2007f-r13 -ca-certificates-20220614-r0 -ca-certificates-bundle-20220614-r0 -coreutils-9.0-r2 -curl-7.80.0-r4 -expat-2.5.0-r0 -fail2ban-0.11.2-r1 -freetype-2.11.1-r2 -gdbm-1.22-r0 -git-2.34.5-r0 -git-perl-2.34.5-r0 -gmp-6.2.1-r1 -gnupg-2.2.31-r2 -gnupg-dirmngr-2.2.31-r2 -gnupg-gpgconf-2.2.31-r2 -gnupg-utils-2.2.31-r2 -gnupg-wks-client-2.2.31-r2 -gnutls-3.7.1-r1 -gpg-2.2.31-r2 -gpg-agent-2.2.31-r2 -gpg-wks-server-2.2.31-r2 -gpgsm-2.2.31-r2 -gpgv-2.2.31-r2 -icu-libs-69.1-r1 -ip6tables-1.8.7-r1 -iptables-1.8.7-r1 -libacl-2.2.53-r0 -libassuan-2.5.5-r0 -libattr-2.5.1-r1 -libbsd-0.11.3-r1 -libbz2-1.0.8-r1 +alpine-release-3.17.1-r0 +aom-libs-3.5.0-r0 +apache2-utils-2.4.55-r0 +apk-tools-2.12.10-r1 +apr-1.7.0-r2 +apr-util-1.6.1-r14 +argon2-libs-20190702-r2 +bash-5.2.15-r0 +brotli-libs-1.0.9-r9 +busybox-1.35.0-r29 +busybox-binsh-1.35.0-r29 +c-client-2007f-r14 +ca-certificates-20220614-r4 +ca-certificates-bundle-20220614-r4 +coreutils-9.1-r0 +curl-7.87.0-r1 +fail2ban-1.0.2-r0 +fontconfig-2.14.1-r0 +freetype-2.12.1-r0 +gdbm-1.23-r0 +git-2.38.3-r1 +git-perl-2.38.3-r1 +gmp-6.2.1-r2 +gnupg-2.2.40-r0 +gnupg-dirmngr-2.2.40-r0 +gnupg-gpgconf-2.2.40-r0 +gnupg-utils-2.2.40-r0 +gnupg-wks-client-2.2.40-r0 +gnutls-3.7.8-r2 +gpg-2.2.40-r0 +gpg-agent-2.2.40-r0 +gpg-wks-server-2.2.40-r0 +gpgsm-2.2.40-r0 +gpgv-2.2.40-r0 +icu-data-en-72.1-r1 +icu-libs-72.1-r1 +ip6tables-1.8.8-r2 +iptables-1.8.8-r2 +jq-1.6-r2 +libacl-2.3.1-r1 +libassuan-2.5.5-r1 +libattr-2.5.1-r2 +libavif-0.11.1-r0 +libbsd-0.11.7-r0 +libbz2-1.0.8-r4 libc-utils-0.7.2-r3 -libcap-2.61-r0 -libcrypto1.1-1.1.1s-r1 -libcurl-7.80.0-r4 -libedit-20210910.3.1-r0 -libevent-2.1.12-r4 -libffi-3.4.2-r1 -libgcc-10.3.1_git20211027-r0 -libgcrypt-1.9.4-r0 -libgd-2.3.2-r1 -libgpg-error-1.42-r1 -libice-1.0.10-r0 -libidn-1.38-r0 -libintl-0.21-r0 -libjpeg-turbo-2.1.2-r0 -libksba-1.6.0-r0 -libldap-2.6.2-r0 -libmaxminddb-1.6.0-r0 -libmcrypt-2.5.8-r9 -libmd-1.0.3-r0 -libmemcached-libs-1.0.18-r4 -libmnl-1.0.4-r2 -libnftnl-1.2.1-r0 -libpng-1.6.37-r1 -libpq-14.5-r0 -libproc-3.3.17-r0 -libretls-3.3.4-r3 -libsasl-2.1.28-r0 -libseccomp-2.5.2-r0 -libsm-1.2.3-r0 -libsodium-1.0.18-r0 -libssl1.1-1.1.1s-r1 -libstdc++-10.3.1_git20211027-r0 -libtasn1-4.18.0-r0 -libunistring-0.9.10-r1 -libuuid-2.37.4-r0 -libwebp-1.2.2-r0 -libx11-1.7.3.1-r0 -libxau-1.0.9-r0 -libxcb-1.14-r2 -libxdmcp-1.1.3-r0 -libxext-1.3.4-r0 -libxml2-2.9.14-r2 -libxpm-3.5.13-r0 -libxslt-1.1.35-r0 +libcrypto3-3.0.7-r2 +libcurl-7.87.0-r1 +libdav1d-1.0.0-r2 +libedit-20221030.3.1-r0 +libevent-2.1.12-r5 +libexpat-2.5.0-r0 +libffi-3.4.4-r0 +libgcc-12.2.1_git20220924-r4 +libgcrypt-1.10.1-r0 +libgd-2.3.3-r3 +libgpg-error-1.46-r1 +libice-1.0.10-r1 +libidn-1.41-r0 +libintl-0.21.1-r1 +libjpeg-turbo-2.1.4-r0 +libksba-1.6.3-r0 +libldap-2.6.3-r6 +libmaxminddb-libs-1.7.1-r0 +libmcrypt-2.5.8-r10 +libmd-1.0.4-r0 +libmemcached-libs-1.0.18-r5 +libmnl-1.0.5-r0 +libnftnl-1.2.4-r0 +libpng-1.6.38-r0 +libpq-15.1-r0 +libproc-3.3.17-r2 +libsasl-2.1.28-r3 +libseccomp-2.5.4-r0 +libsm-1.2.3-r1 +libsodium-1.0.18-r2 +libssl3-3.0.7-r2 +libstdc++-12.2.1_git20220924-r4 +libtasn1-4.19.0-r0 +libunistring-1.1-r0 +libuuid-2.38.1-r1 +libwebp-1.2.4-r1 +libx11-1.8.3-r0 +libxau-1.0.10-r0 +libxcb-1.15-r0 +libxdmcp-1.1.4-r0 +libxext-1.3.5-r0 +libxml2-2.10.3-r1 +libxpm-3.5.15-r0 +libxslt-1.1.37-r0 libxt-1.2.1-r0 -libzip-1.8.0-r1 -linux-pam-1.5.2-r0 -logrotate-3.18.1-r4 -lz4-libs-1.9.3-r1 -memcached-1.6.12-r0 +libzip-1.9.2-r2 +linux-pam-1.5.2-r1 +logrotate-3.20.1-r3 +lz4-libs-1.9.4-r1 +memcached-1.6.17-r0 mpdecimal-2.5.1-r1 -musl-1.2.2-r7 -musl-utils-1.2.2-r7 -nano-5.9-r0 -ncurses-libs-6.3_p20211120-r1 -ncurses-terminfo-base-6.3_p20211120-r1 -nettle-3.7.3-r0 -nghttp2-libs-1.46.0-r0 -nginx-1.20.2-r1 -nginx-mod-devel-kit-1.20.2-r1 -nginx-mod-http-brotli-1.20.2-r1 -nginx-mod-http-dav-ext-1.20.2-r1 -nginx-mod-http-echo-1.20.2-r1 -nginx-mod-http-fancyindex-1.20.2-r1 -nginx-mod-http-geoip2-1.20.2-r1 -nginx-mod-http-headers-more-1.20.2-r1 -nginx-mod-http-image-filter-1.20.2-r1 -nginx-mod-http-nchan-1.20.2-r1 -nginx-mod-http-perl-1.20.2-r1 -nginx-mod-http-redis2-1.20.2-r1 -nginx-mod-http-set-misc-1.20.2-r1 -nginx-mod-http-upload-progress-1.20.2-r1 -nginx-mod-http-xslt-filter-1.20.2-r1 -nginx-mod-mail-1.20.2-r1 -nginx-mod-rtmp-1.20.2-r1 -nginx-mod-stream-1.20.2-r1 -nginx-mod-stream-geoip2-1.20.2-r1 -nginx-vim-1.20.2-r1 -npth-1.6-r1 -oniguruma-6.9.7.1-r0 -openssl-1.1.1s-r1 -p11-kit-0.24.0-r1 -pcre-8.45-r1 -pcre2-10.40-r0 -perl-5.34.0-r1 +musl-1.2.3-r4 +musl-utils-1.2.3-r4 +nano-7.0-r0 +ncurses-libs-6.3_p20221119-r0 +ncurses-terminfo-base-6.3_p20221119-r0 +nettle-3.8.1-r0 +nghttp2-libs-1.51.0-r0 +nginx-1.22.1-r0 +nginx-mod-devel-kit-1.22.1-r0 +nginx-mod-http-brotli-1.22.1-r0 +nginx-mod-http-dav-ext-1.22.1-r0 +nginx-mod-http-echo-1.22.1-r0 +nginx-mod-http-fancyindex-1.22.1-r0 +nginx-mod-http-geoip2-1.22.1-r0 +nginx-mod-http-headers-more-1.22.1-r0 +nginx-mod-http-image-filter-1.22.1-r0 +nginx-mod-http-perl-1.22.1-r0 +nginx-mod-http-redis2-1.22.1-r0 +nginx-mod-http-set-misc-1.22.1-r0 +nginx-mod-http-upload-progress-1.22.1-r0 +nginx-mod-http-xslt-filter-1.22.1-r0 +nginx-mod-mail-1.22.1-r0 +nginx-mod-rtmp-1.22.1-r0 +nginx-mod-stream-1.22.1-r0 +nginx-mod-stream-geoip2-1.22.1-r0 +nginx-vim-1.22.1-r0 +npth-1.6-r2 +oniguruma-6.9.8-r0 +openssl-3.0.7-r2 +p11-kit-0.24.1-r1 +pcre-8.45-r2 +pcre2-10.42-r0 +perl-5.36.0-r0 perl-error-0.17029-r1 -perl-git-2.34.5-r0 -php8-8.0.25-r0 -php8-bcmath-8.0.25-r0 -php8-bz2-8.0.25-r0 -php8-common-8.0.25-r0 -php8-ctype-8.0.25-r0 -php8-curl-8.0.25-r0 -php8-dom-8.0.25-r0 -php8-exif-8.0.25-r0 -php8-fileinfo-8.0.25-r0 -php8-fpm-8.0.25-r0 -php8-ftp-8.0.25-r0 -php8-gd-8.0.25-r0 -php8-gmp-8.0.25-r0 -php8-iconv-8.0.25-r0 -php8-imap-8.0.25-r0 -php8-intl-8.0.25-r0 -php8-ldap-8.0.25-r0 -php8-mbstring-8.0.25-r0 -php8-mysqli-8.0.25-r0 -php8-mysqlnd-8.0.25-r0 -php8-opcache-8.0.25-r0 -php8-openssl-8.0.25-r0 -php8-pdo-8.0.25-r0 -php8-pdo_mysql-8.0.25-r0 -php8-pdo_odbc-8.0.25-r0 -php8-pdo_pgsql-8.0.25-r0 -php8-pdo_sqlite-8.0.25-r0 -php8-pear-8.0.25-r0 -php8-pecl-apcu-5.1.21-r0 -php8-pecl-igbinary-3.2.6-r0 -php8-pecl-mailparse-3.1.3-r0 -php8-pecl-mcrypt-1.0.4-r0 -php8-pecl-memcached-3.1.5-r1 -php8-pecl-redis-5.3.6-r0 -php8-pecl-xmlrpc-1.0.0_rc3-r0 -php8-pgsql-8.0.25-r0 -php8-phar-8.0.25-r0 -php8-posix-8.0.25-r0 -php8-session-8.0.25-r0 -php8-simplexml-8.0.25-r0 -php8-soap-8.0.25-r0 -php8-sockets-8.0.25-r0 -php8-sodium-8.0.25-r0 -php8-sqlite3-8.0.25-r0 -php8-tokenizer-8.0.25-r0 -php8-xml-8.0.25-r0 -php8-xmlreader-8.0.25-r0 -php8-xmlwriter-8.0.25-r0 -php8-xsl-8.0.25-r0 -php8-zip-8.0.25-r0 -pinentry-1.2.0-r0 -popt-1.18-r0 -procps-3.3.17-r0 -py3-appdirs-1.4.4-r2 -py3-asn1crypto-1.4.0-r1 -py3-cachecontrol-0.12.10-r0 -py3-certifi-2020.12.5-r1 -py3-cffi-1.14.5-r4 -py3-charset-normalizer-2.0.7-r0 -py3-colorama-0.4.4-r1 -py3-contextlib2-21.6.0-r1 -py3-cparser-2.20-r1 -py3-cryptography-3.3.2-r3 -py3-distlib-0.3.3-r0 -py3-distro-1.6.0-r0 -py3-future-0.18.2-r3 -py3-html5lib-1.1-r1 -py3-idna-3.3-r0 -py3-lockfile-0.12.2-r4 -py3-msgpack-1.0.2-r1 -py3-ordered-set-4.0.2-r2 -py3-packaging-20.9-r1 -py3-parsing-2.4.7-r2 -py3-pep517-0.12.0-r0 -py3-pip-20.3.4-r1 -py3-progress-1.6-r0 -py3-requests-2.26.0-r1 -py3-retrying-1.3.3-r2 -py3-setuptools-52.0.0-r4 -py3-six-1.16.0-r0 -py3-toml-0.10.2-r2 -py3-tomli-1.2.2-r0 -py3-urllib3-1.26.7-r0 -py3-webencodings-0.5.1-r4 -python3-3.9.15-r0 -readline-8.1.1-r0 -s6-ipcserver-2.11.0.0-r0 -scanelf-1.3.3-r0 -shadow-4.8.1-r1 -skalibs-2.11.0.0-r0 -sqlite-libs-3.36.0-r0 -ssl_client-1.34.1-r7 +perl-git-2.38.3-r1 +php81-8.1.14-r0 +php81-bcmath-8.1.14-r0 +php81-bz2-8.1.14-r0 +php81-common-8.1.14-r0 +php81-ctype-8.1.14-r0 +php81-curl-8.1.14-r0 +php81-dom-8.1.14-r0 +php81-exif-8.1.14-r0 +php81-fileinfo-8.1.14-r0 +php81-fpm-8.1.14-r0 +php81-ftp-8.1.14-r0 +php81-gd-8.1.14-r0 +php81-gmp-8.1.14-r0 +php81-iconv-8.1.14-r0 +php81-imap-8.1.14-r0 +php81-intl-8.1.14-r0 +php81-ldap-8.1.14-r0 +php81-mbstring-8.1.14-r0 +php81-mysqli-8.1.14-r0 +php81-mysqlnd-8.1.14-r0 +php81-opcache-8.1.14-r0 +php81-openssl-8.1.14-r0 +php81-pdo-8.1.14-r0 +php81-pdo_mysql-8.1.14-r0 +php81-pdo_odbc-8.1.14-r0 +php81-pdo_pgsql-8.1.14-r0 +php81-pdo_sqlite-8.1.14-r0 +php81-pear-8.1.14-r0 +php81-pecl-apcu-5.1.22-r0 +php81-pecl-igbinary-3.2.12-r0 +php81-pecl-mailparse-3.1.4-r0 +php81-pecl-mcrypt-1.0.4-r0 +php81-pecl-memcached-3.2.0-r0 +php81-pecl-redis-5.3.7-r0 +php81-pecl-xmlrpc-1.0.0_rc3-r0 +php81-pgsql-8.1.14-r0 +php81-phar-8.1.14-r0 +php81-posix-8.1.14-r0 +php81-session-8.1.14-r0 +php81-simplexml-8.1.14-r0 +php81-soap-8.1.14-r0 +php81-sockets-8.1.14-r0 +php81-sodium-8.1.14-r0 +php81-sqlite3-8.1.14-r0 +php81-tokenizer-8.1.14-r0 +php81-xml-8.1.14-r0 +php81-xmlreader-8.1.14-r0 +php81-xmlwriter-8.1.14-r0 +php81-xsl-8.1.14-r0 +php81-zip-8.1.14-r0 +pinentry-1.2.1-r0 +popt-1.19-r0 +procps-3.3.17-r2 +python3-3.10.9-r1 +readline-8.2.0-r0 +scanelf-1.3.5-r1 +shadow-4.13-r0 +skalibs-2.12.0.1-r0 +sqlite-libs-3.40.1-r0 +ssl_client-1.35.0-r29 +tiff-4.4.0-r1 tzdata-2022f-r1 -unixodbc-2.3.9-r1 -utmps-0.1.0.3-r0 -whois-5.5.10-r0 -xz-5.2.5-r1 -xz-libs-5.2.5-r1 -zlib-1.2.12-r3 -zstd-libs-1.5.0-r0 +unixodbc-2.3.11-r0 +utmps-libs-0.1.2.0-r1 +whois-5.5.14-r0 +xz-5.2.9-r0 +xz-libs-5.2.9-r0 +zlib-1.2.13-r0 +zstd-libs-1.5.2-r9 diff --git a/readme-vars.yml b/readme-vars.yml index a1325b3..afdd04f 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -152,11 +152,11 @@ app_setup_block: | Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate). -app_setup_nginx_reverse_proxy_snippet: false -app_setup_nginx_reverse_proxy_block: "" - # changelog changelogs: + - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." } + - { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." } + - { date: "08.12.22:", desc: "Revamp certbot init."} - { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."} - { date: "22.11.22:", desc: "Pin acme to the same version as certbot."} - { date: "22.11.22:", desc: "Pin certbot to 1.32.0 until plugin compatibility improves."} diff --git a/root/defaults/dns-conf/cpanel.ini b/root/defaults/dns-conf/cpanel.ini index ebe9ba1..9aa8b25 100644 --- a/root/defaults/dns-conf/cpanel.ini +++ b/root/defaults/dns-conf/cpanel.ini @@ -1,6 +1,15 @@ # Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials -# Replace with your values +# The url cPanel url # include the scheme and the port number (usually 2083 for https) -dns_cpanel_url = https://cpanel.example.com:2083 -dns_cpanel_username = username -dns_cpanel_password = 1234567890abcdef +cpanel_url = https://cpanel.exemple.com:2083 + +# The cPanel username +cpanel_username = user + +# The cPanel password +cpanel_password = hunter2 + +# The cPanel API Token +cpanel_token = EUTQ793EY7MIRX4EMXXXXXXXXXXOX4JF + +# You only need to configure API Token or Password. If you supply both, the API Token will be used diff --git a/root/defaults/dns-conf/directadmin.ini b/root/defaults/dns-conf/directadmin.ini index df27379..1561c06 100644 --- a/root/defaults/dns-conf/directadmin.ini +++ b/root/defaults/dns-conf/directadmin.ini @@ -12,10 +12,10 @@ # The DirectAdmin Server url # include the scheme and the port number (Normally 2222) -directadmin_url = https://my.directadminserver.com:2222 +dns_directadmin_url = https://my.directadminserver.com:2222 # The DirectAdmin username -directadmin_username = username +dns_directadmin_username = username # The DirectAdmin password -directadmin_password = aSuperStrongPassword +dns_directadmin_password = aSuperStrongPassword diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx index 781831d..43830ed 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx @@ -5,11 +5,11 @@ . /config/.donoteditthisfile.conf if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then - if pgrep -f "s6-supervise nginx" >/dev/null; then - s6-svc -u /run/service/nginx - fi + if pgrep -f "s6-supervise nginx" >/dev/null; then + s6-svc -u /run/service/svc-nginx + fi else - if pgrep -f "nginx:" >/dev/null; then - s6-svc -h /run/service/nginx - fi + if pgrep -f "nginx:" >/dev/null; then + s6-svc -h /run/service/svc-nginx + fi fi diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx index cb493ea..64c8674 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx @@ -5,7 +5,7 @@ . /config/.donoteditthisfile.conf if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then - if pgrep -f "nginx:" >/dev/null; then - s6-svc -d /run/service/nginx - fi + if pgrep -f "nginx:" >/dev/null; then + s6-svc -d /run/service/svc-nginx + fi fi diff --git a/root/etc/cont-init.d/43-crontabs b/root/etc/cont-init.d/43-crontabs deleted file mode 100644 index 30065b7..0000000 --- a/root/etc/cont-init.d/43-crontabs +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/with-contenv bash -# shellcheck shell=bash - -# copy crontabs if needed -if [[ ! -f /config/crontabs/root ]]; then - cp /etc/crontabs/root /config/crontabs/ -fi - -# import user crontabs -rm /etc/crontabs/* -cp /config/crontabs/* /etc/crontabs/ diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run old mode 100644 new mode 100755 similarity index 69% rename from root/etc/cont-init.d/50-certbot rename to root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index 4704700..5e468eb --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -31,20 +31,15 @@ fi # copy dns default configs cp -n /defaults/dns-conf/* /config/dns-conf/ -chown -R abc:abc /config/dns-conf - -# update plugin names in dns conf inis -sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini -sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini -sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini -sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini -sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini -sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini +lsiown -R abc:abc /config/dns-conf # copy default renewal hooks chmod -R +x /defaults/etc/letsencrypt/renewal-hooks cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ -chown -R abc:abc /config/etc/letsencrypt/renewal-hooks +lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks + +# replace nginx service location in renewal hooks +find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \; # create original config file if it doesn't exist, move non-hidden legacy file to hidden if [[ -f "/config/donoteditthisfile.conf" ]]; then @@ -59,6 +54,57 @@ fi # shellcheck source=/dev/null . /config/.donoteditthisfile.conf +# setting ORIGDOMAIN for use in revoke sections +if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then + ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}" +else + ORIGDOMAIN="${ORIGURL}" +fi + +# update plugin names in dns conf inis +sed -i 's|^certbot[-_]dns[-_]aliyun:||g' /config/dns-conf/aliyun.ini +sed -i 's|^certbot[-_]dns[-_]cpanel:||g' /config/dns-conf/cpanel.ini +sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' /config/dns-conf/cpanel.ini +sed -i 's|^directadmin[-_]|dns_directadmin_|g' /config/dns-conf/directadmin.ini +sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' /config/dns-conf/domeneshop.ini +sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' /config/dns-conf/gandi.ini +sed -i 's|^certbot[-_]dns[-_]inwx:||g' /config/dns-conf/inwx.ini +sed -i 's|^certbot[-_]dns[-_]transip:||g' /config/dns-conf/transip.ini + +# update plugin names in renewal conf +if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then + if [[ "${ORIGDNSPLUGIN}" =~ ^(aliyun)$ ]]; then + sed -i 's|^authenticator = certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(cpanel)$ ]]; then + sed -i 's|^authenticator = certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^authenticator = dns[-_]cpanel|authenticator = cpanel|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(directadmin)$ ]]; then + sed -i 's|^authenticator = directadmin|authenticator = dns-directadmin|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^directadmin[-_]|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then + sed -i 's|^authenticator = certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then + sed -i 's|^authenticator = certbot[-_]plugin[-_]gandi:dns|authenticator = dns-gandi|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then + sed -i 's|^authenticator = certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then + sed -i 's|^authenticator = certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi +fi + # set default validation to http if [[ -z "${VALIDATION}" ]]; then VALIDATION="http" @@ -84,6 +130,59 @@ if [[ "${VALIDATION}" = "dns" ]] && [[ "${DNSPLUGIN}" = "duckdns" ]]; then export EXTRA_DOMAINS="" fi +# setting the symlink for key location +rm -rf /config/keys/letsencrypt +if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then + DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}" + ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt +else + ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt +fi + +# checking for changes in cert variables, revoking certs if necessary +if [[ ! "${URL}" = "${ORIGURL}" ]] || + [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] || + [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] || + [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] || + [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] || + [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || + [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || + [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || + [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then + echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" + if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then + REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}") + REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") + REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") + if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then + echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping." + sleep infinity + fi + REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}" + elif [[ "${ORIGSTAGING}" = "true" ]]; then + REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory" + else + REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" + fi + if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then + certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true + fi + rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} +fi + +# saving new variables +echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf + +# Check if the cert is using the old LE root cert, revoke and regen if necessary +if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then + echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." + REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" + if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then + certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true + fi + rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} +fi + # if zerossl is selected or staging is set to true, use the relevant server if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then echo "ZeroSSL does not support staging mode, ignoring STAGING variable" @@ -151,33 +250,40 @@ else EMAILPARAM="--register-unsafely-without-email" fi +# alter extension for error message +if [[ "${DNSPLUGIN}" = "google" ]]; then + DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.json" +else + DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.ini" +fi + # setting the validation method to use if [[ "${VALIDATION}" = "dns" ]]; then - if [[ "${DNSPLUGIN}" = "route53" ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}" - elif [[ "${DNSPLUGIN}" =~ ^(azure|gandi)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi - PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini" - elif [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini --dns-duckdns-no-txt-restore ${PROPAGATIONPARAM}" - elif [[ "${DNSPLUGIN}" =~ ^(google)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" - elif [[ "${DNSPLUGIN}" =~ ^(acmedns|aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" - elif [[ "${DNSPLUGIN}" =~ ^(standalone)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then echo "standalone dns plugin does not support setting propagation time"; fi - PREFCHAL="-a dns-${DNSPLUGIN}" - elif [[ "${DNSPLUGIN}" =~ ^(directadmin)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" - else - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" + AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}" + DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}" + if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi + + # plugins that don't support setting credentials file + if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then + DNSCREDENTIALSPARAM="" fi + # plugins that don't support setting propagation + if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then + if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi + PROPAGATIONPARAM="" + fi + # plugins that use old parameter naming convention + if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then + AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}" + DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}" + if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi + fi + # don't restore txt records when using DuckDNS plugin + if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then + AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore" + fi + + PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}" echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected" elif [[ "${VALIDATION}" = "tls-sni" ]]; then PREFCHAL="--standalone --preferred-challenges http" @@ -187,63 +293,6 @@ else echo "http validation is selected" fi -# setting the symlink for key location -rm -rf /config/keys/letsencrypt -if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then - DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}" - ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt -else - ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt -fi - -# checking for changes in cert variables, revoking certs if necessary -if [[ ! "${URL}" = "${ORIGURL}" ]] || [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] || [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] || [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] || [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] || [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then - echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" - if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then - ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}" - else - ORIGDOMAIN="${ORIGURL}" - fi - if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then - REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}") - REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") - REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") - if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then - echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping." - sleep infinity - fi - REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}" - elif [[ "${ORIGSTAGING}" = "true" ]]; then - REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory" - else - REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" - fi - if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then - certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} - fi - rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} -fi - -# saving new variables -echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf - -# alter extension for error message -if [[ "${DNSPLUGIN}" = "google" ]]; then - FILENAME="${DNSPLUGIN}.json" -else - FILENAME="${DNSPLUGIN}.ini" -fi - -# Check if the cert is using the old LE root cert, revoke and regen if necessary -if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then - echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." - REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" - if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then - certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} - fi - rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} -fi - # generating certs if necessary if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then @@ -262,7 +311,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL} if [[ ! -d /config/keys/letsencrypt ]]; then if [[ "${VALIDATION}" = "dns" ]]; then - echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file." + echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file." else echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container" fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/type b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/up b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/up new file mode 100644 index 0000000..c8bbd6e --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-certbot-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config b/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run new file mode 100755 index 0000000..5ca0899 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run @@ -0,0 +1,17 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# if root crontabs do not exist in config +# copy root crontab from system +if [[ ! -f /config/crontabs/root ]] && crontab -l -u root; then + crontab -l -u root >/config/crontabs/root +fi + +# if root crontabs still do not exist in config (were not copied from system) +# copy root crontab from included defaults +if [[ ! -f /config/crontabs/root ]]; then + cp /etc/crontabs/root /config/crontabs/ +fi + +# import user crontabs +crontab -u root /config/crontabs/root diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up new file mode 100644 index 0000000..006d814 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-crontabs-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/42-fail2ban b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/42-fail2ban rename to root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up new file mode 100644 index 0000000..e2e5256 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url b/root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/40-folders b/root/etc/s6-overlay/s6-rc.d/init-folders-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/40-folders rename to root/etc/s6-overlay/s6-rc.d/init-folders-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders-config/type b/root/etc/s6-overlay/s6-rc.d/init-folders-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-folders-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders-config/up b/root/etc/s6-overlay/s6-rc.d/init-folders-config/up new file mode 100644 index 0000000..7607e6f --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-folders-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-folders-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/45-nginx b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/45-nginx rename to root/etc/s6-overlay/s6-rc.d/init-nginx-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/type b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/up b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/up new file mode 100644 index 0000000..9adcea4 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-nginx-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/70-outdated b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/70-outdated rename to root/etc/s6-overlay/s6-rc.d/init-outdated-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-outdated-config/type b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-outdated-config/up b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/up new file mode 100644 index 0000000..9257bfe --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-outdated-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/55-permissions b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/run old mode 100644 new mode 100755 similarity index 88% rename from root/etc/cont-init.d/55-permissions rename to root/etc/s6-overlay/s6-rc.d/init-permissions-config/run index 4c50bd8..3a55fc0 --- a/root/etc/cont-init.d/55-permissions +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/run @@ -2,7 +2,7 @@ # shellcheck shell=bash # permissions -chown -R abc:abc \ +lsiown -R abc:abc \ /config chmod -R 0644 /etc/logrotate.d chmod -R +r /config/log diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions-config/type b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions-config/up b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/up new file mode 100644 index 0000000..6f2202f --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-permissions-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config b/root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/60-renew b/root/etc/s6-overlay/s6-rc.d/init-renew/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/60-renew rename to root/etc/s6-overlay/s6-rc.d/init-renew/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-renew/type b/root/etc/s6-overlay/s6-rc.d/init-renew/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-renew/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-renew/up b/root/etc/s6-overlay/s6-rc.d/init-renew/up new file mode 100644 index 0000000..285a1f4 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-renew/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-renew/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run b/root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/31-require-url b/root/etc/s6-overlay/s6-rc.d/init-require-url/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/31-require-url rename to root/etc/s6-overlay/s6-rc.d/init-require-url/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-require-url/type b/root/etc/s6-overlay/s6-rc.d/init-require-url/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-require-url/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-require-url/up b/root/etc/s6-overlay/s6-rc.d/init-require-url/up new file mode 100644 index 0000000..df39f4d --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-require-url/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-require-url/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config b/root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/41-samples b/root/etc/s6-overlay/s6-rc.d/init-samples-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/41-samples rename to root/etc/s6-overlay/s6-rc.d/init-samples-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-samples-config/type b/root/etc/s6-overlay/s6-rc.d/init-samples-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-samples-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-samples-config/up b/root/etc/s6-overlay/s6-rc.d/init-samples-config/up new file mode 100644 index 0000000..bc2cbf6 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-samples-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-samples-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end b/root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/30-test-run b/root/etc/s6-overlay/s6-rc.d/init-test-run/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/30-test-run rename to root/etc/s6-overlay/s6-rc.d/init-test-run/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-test-run/type b/root/etc/s6-overlay/s6-rc.d/init-test-run/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-test-run/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-test-run/up b/root/etc/s6-overlay/s6-rc.d/init-test-run/up new file mode 100644 index 0000000..5f836df --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-test-run/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-test-run/run diff --git a/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/services.d/fail2ban/run b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/services.d/fail2ban/run rename to root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run diff --git a/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type @@ -0,0 +1 @@ +longrun diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban b/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban new file mode 100644 index 0000000..e69de29