From 77d02ad824a942a5ba0dc32ce7285145df235411 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 8 Dec 2022 15:22:14 +0000 Subject: [PATCH 01/22] Revamp certbot init --- readme-vars.yml | 1 + root/defaults/dns-conf/cpanel.ini | 17 ++- root/etc/cont-init.d/50-certbot | 214 +++++++++++++++++------------- 3 files changed, 138 insertions(+), 94 deletions(-) diff --git a/readme-vars.yml b/readme-vars.yml index a1325b3..238c756 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -157,6 +157,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "08.12.22:", desc: "Revamp certbot init."} - { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."} - { date: "22.11.22:", desc: "Pin acme to the same version as certbot."} - { date: "22.11.22:", desc: "Pin certbot to 1.32.0 until plugin compatibility improves."} diff --git a/root/defaults/dns-conf/cpanel.ini b/root/defaults/dns-conf/cpanel.ini index ebe9ba1..9aa8b25 100644 --- a/root/defaults/dns-conf/cpanel.ini +++ b/root/defaults/dns-conf/cpanel.ini @@ -1,6 +1,15 @@ # Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials -# Replace with your values +# The url cPanel url # include the scheme and the port number (usually 2083 for https) -dns_cpanel_url = https://cpanel.example.com:2083 -dns_cpanel_username = username -dns_cpanel_password = 1234567890abcdef +cpanel_url = https://cpanel.exemple.com:2083 + +# The cPanel username +cpanel_username = user + +# The cPanel password +cpanel_password = hunter2 + +# The cPanel API Token +cpanel_token = EUTQ793EY7MIRX4EMXXXXXXXXXXOX4JF + +# You only need to configure API Token or Password. If you supply both, the API Token will be used diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/cont-init.d/50-certbot index 4704700..1aa4422 100644 --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/cont-init.d/50-certbot @@ -33,14 +33,6 @@ fi cp -n /defaults/dns-conf/* /config/dns-conf/ chown -R abc:abc /config/dns-conf -# update plugin names in dns conf inis -sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini -sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini -sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini -sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini -sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini -sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini - # copy default renewal hooks chmod -R +x /defaults/etc/letsencrypt/renewal-hooks cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ @@ -59,6 +51,45 @@ fi # shellcheck source=/dev/null . /config/.donoteditthisfile.conf +# setting ORIGDOMAIN for use in revoke sections +if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then + ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}" +else + ORIGDOMAIN="${ORIGURL}" +fi + +# update plugin names in dns conf inis +sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini +sed -i 's|^certbot_dns_cpanel:||g' /config/dns-conf/cpanel.ini +sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini +sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini +sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini +sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini +sed -i 's|^dns_cpanel_|cpanel_|g' /config/dns-conf/cpanel.ini + +# update plugin names in renewal conf +if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then + if [[ "${ORIGDNSPLUGIN}" =~ ^(aliyun)$ ]]; then + sed -i 's|^certbot_dns_aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(cpanel)$ ]]; then + sed -i 's|^certbot_dns_cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^dns_cpanel_|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then + sed -i 's|^certbot_dns_domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then + sed -i 's|^certbot_dns_inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then + sed -i 's|^certbot_dns_transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then + sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi +fi + # set default validation to http if [[ -z "${VALIDATION}" ]]; then VALIDATION="http" @@ -84,6 +115,59 @@ if [[ "${VALIDATION}" = "dns" ]] && [[ "${DNSPLUGIN}" = "duckdns" ]]; then export EXTRA_DOMAINS="" fi +# setting the symlink for key location +rm -rf /config/keys/letsencrypt +if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then + DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}" + ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt +else + ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt +fi + +# checking for changes in cert variables, revoking certs if necessary +if [[ ! "${URL}" = "${ORIGURL}" ]] || + [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] || + [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] || + [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] || + [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] || + [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || + [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || + [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || + [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then + echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" + if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then + REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}") + REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") + REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") + if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then + echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping." + sleep infinity + fi + REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}" + elif [[ "${ORIGSTAGING}" = "true" ]]; then + REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory" + else + REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" + fi + if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then + certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true + fi + rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} +fi + +# saving new variables +echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf + +# Check if the cert is using the old LE root cert, revoke and regen if necessary +if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then + echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." + REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" + if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then + certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true + fi + rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} +fi + # if zerossl is selected or staging is set to true, use the relevant server if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then echo "ZeroSSL does not support staging mode, ignoring STAGING variable" @@ -151,33 +235,40 @@ else EMAILPARAM="--register-unsafely-without-email" fi +# alter extension for error message +if [[ "${DNSPLUGIN}" = "google" ]]; then + DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.json" +else + DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.ini" +fi + # setting the validation method to use if [[ "${VALIDATION}" = "dns" ]]; then - if [[ "${DNSPLUGIN}" = "route53" ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}" - elif [[ "${DNSPLUGIN}" =~ ^(azure|gandi)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi - PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini" - elif [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini --dns-duckdns-no-txt-restore ${PROPAGATIONPARAM}" - elif [[ "${DNSPLUGIN}" =~ ^(google)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" - elif [[ "${DNSPLUGIN}" =~ ^(acmedns|aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" - elif [[ "${DNSPLUGIN}" =~ ^(standalone)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then echo "standalone dns plugin does not support setting propagation time"; fi - PREFCHAL="-a dns-${DNSPLUGIN}" - elif [[ "${DNSPLUGIN}" =~ ^(directadmin)$ ]]; then - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" - else - if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" + AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}" + DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}" + if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi + + # plugins that don't support setting credentials file + if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then + DNSCREDENTIALSPARAM="" fi + # plugins that don't support setting propogation + if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then + if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi + PROPAGATIONPARAM="" + fi + # plugins that use old parameter naming convention + if [[ "${DNSPLUGIN}" =~ ^(cpanel|directadmin)$ ]]; then + AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}" + DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}" + if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi + fi + # don't restore txt records when using DuckDNS plugin + if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then + AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore" + fi + + PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}" echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected" elif [[ "${VALIDATION}" = "tls-sni" ]]; then PREFCHAL="--standalone --preferred-challenges http" @@ -187,63 +278,6 @@ else echo "http validation is selected" fi -# setting the symlink for key location -rm -rf /config/keys/letsencrypt -if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then - DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}" - ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt -else - ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt -fi - -# checking for changes in cert variables, revoking certs if necessary -if [[ ! "${URL}" = "${ORIGURL}" ]] || [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] || [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] || [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] || [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] || [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then - echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" - if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then - ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}" - else - ORIGDOMAIN="${ORIGURL}" - fi - if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then - REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}") - REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") - REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") - if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then - echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping." - sleep infinity - fi - REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}" - elif [[ "${ORIGSTAGING}" = "true" ]]; then - REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory" - else - REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" - fi - if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then - certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} - fi - rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} -fi - -# saving new variables -echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf - -# alter extension for error message -if [[ "${DNSPLUGIN}" = "google" ]]; then - FILENAME="${DNSPLUGIN}.json" -else - FILENAME="${DNSPLUGIN}.ini" -fi - -# Check if the cert is using the old LE root cert, revoke and regen if necessary -if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then - echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." - REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" - if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then - certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} - fi - rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} -fi - # generating certs if necessary if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then @@ -262,7 +296,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL} if [[ ! -d /config/keys/letsencrypt ]]; then if [[ "${VALIDATION}" = "dns" ]]; then - echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file." + echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file." else echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container" fi From 779c55fed6271ffae980b04de1424575eafff2e4 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 8 Dec 2022 15:42:08 +0000 Subject: [PATCH 02/22] Fix spelling --- root/etc/cont-init.d/50-certbot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/cont-init.d/50-certbot index 1aa4422..9b3a8ab 100644 --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/cont-init.d/50-certbot @@ -252,7 +252,7 @@ if [[ "${VALIDATION}" = "dns" ]]; then if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then DNSCREDENTIALSPARAM="" fi - # plugins that don't support setting propogation + # plugins that don't support setting propagation if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi PROPAGATIONPARAM="" From a382848494f34f2be669017d71de9c15147134d3 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Mon, 12 Dec 2022 09:22:51 -0600 Subject: [PATCH 03/22] Bot Updating Package Versions --- package_versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package_versions.txt b/package_versions.txt index 3e8efb1..d5ec02a 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -211,7 +211,7 @@ py3-toml-0.10.2-r2 py3-tomli-1.2.2-r0 py3-urllib3-1.26.7-r0 py3-webencodings-0.5.1-r4 -python3-3.9.15-r0 +python3-3.9.16-r0 readline-8.1.1-r0 s6-ipcserver-2.11.0.0-r0 scanelf-1.3.3-r0 From fef92732005661444ee5e7411e2fbe782a53b1bf Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Tue, 13 Dec 2022 14:22:25 +0000 Subject: [PATCH 04/22] directadmin plugin updates --- root/etc/cont-init.d/50-certbot | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/cont-init.d/50-certbot index 9b3a8ab..087210c 100644 --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/cont-init.d/50-certbot @@ -65,6 +65,7 @@ sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini +sed -i 's|^directadmin_|dns_directadmin_|g' /config/dns-conf/directadmin.ini sed -i 's|^dns_cpanel_|cpanel_|g' /config/dns-conf/cpanel.ini # update plugin names in renewal conf @@ -76,6 +77,9 @@ if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVA sed -i 's|^certbot_dns_cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" sed -i 's|^dns_cpanel_|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(directadmin)$ ]]; then + sed -i 's|^directadmin_|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then sed -i 's|^certbot_dns_domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi @@ -258,7 +262,7 @@ if [[ "${VALIDATION}" = "dns" ]]; then PROPAGATIONPARAM="" fi # plugins that use old parameter naming convention - if [[ "${DNSPLUGIN}" =~ ^(cpanel|directadmin)$ ]]; then + if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}" DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}" if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi From a728e27b9794f12895f07d4665af42fa97dfea56 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Tue, 13 Dec 2022 14:27:27 +0000 Subject: [PATCH 05/22] Reorder --- root/etc/cont-init.d/50-certbot | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/cont-init.d/50-certbot index 087210c..358621d 100644 --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/cont-init.d/50-certbot @@ -61,12 +61,12 @@ fi # update plugin names in dns conf inis sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini sed -i 's|^certbot_dns_cpanel:||g' /config/dns-conf/cpanel.ini +sed -i 's|^dns_cpanel_|cpanel_|g' /config/dns-conf/cpanel.ini +sed -i 's|^directadmin_|dns_directadmin_|g' /config/dns-conf/directadmin.ini sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini +sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini -sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini -sed -i 's|^directadmin_|dns_directadmin_|g' /config/dns-conf/directadmin.ini -sed -i 's|^dns_cpanel_|cpanel_|g' /config/dns-conf/cpanel.ini # update plugin names in renewal conf if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then @@ -83,15 +83,15 @@ if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVA if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then sed -i 's|^certbot_dns_domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi + if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then + sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + fi if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then sed -i 's|^certbot_dns_inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then sed -i 's|^certbot_dns_transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi - if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then - sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" - fi fi # set default validation to http From 7b9c67838f6df752656dc41c943581d5f9691b7a Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Tue, 13 Dec 2022 17:22:31 +0000 Subject: [PATCH 06/22] Fix directadmin conf prefix --- root/defaults/dns-conf/directadmin.ini | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/root/defaults/dns-conf/directadmin.ini b/root/defaults/dns-conf/directadmin.ini index df27379..1561c06 100644 --- a/root/defaults/dns-conf/directadmin.ini +++ b/root/defaults/dns-conf/directadmin.ini @@ -12,10 +12,10 @@ # The DirectAdmin Server url # include the scheme and the port number (Normally 2222) -directadmin_url = https://my.directadminserver.com:2222 +dns_directadmin_url = https://my.directadminserver.com:2222 # The DirectAdmin username -directadmin_username = username +dns_directadmin_username = username # The DirectAdmin password -directadmin_password = aSuperStrongPassword +dns_directadmin_password = aSuperStrongPassword From 03b5b1eccf559a27336d56b9bc7d054927dd1f18 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Wed, 21 Dec 2022 23:17:34 -0600 Subject: [PATCH 07/22] Bot Updating Package Versions --- package_versions.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index d5ec02a..1ba4c9f 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -12,7 +12,7 @@ c-client-2007f-r13 ca-certificates-20220614-r0 ca-certificates-bundle-20220614-r0 coreutils-9.0-r2 -curl-7.80.0-r4 +curl-7.80.0-r5 expat-2.5.0-r0 fail2ban-0.11.2-r1 freetype-2.11.1-r2 @@ -42,7 +42,7 @@ libbz2-1.0.8-r1 libc-utils-0.7.2-r3 libcap-2.61-r0 libcrypto1.1-1.1.1s-r1 -libcurl-7.80.0-r4 +libcurl-7.80.0-r5 libedit-20210910.3.1-r0 libevent-2.1.12-r4 libffi-3.4.2-r1 @@ -72,7 +72,7 @@ libsm-1.2.3-r0 libsodium-1.0.18-r0 libssl1.1-1.1.1s-r1 libstdc++-10.3.1_git20211027-r0 -libtasn1-4.18.0-r0 +libtasn1-4.18.0-r1 libunistring-0.9.10-r1 libuuid-2.37.4-r0 libwebp-1.2.2-r0 From 28bfdc32e7dfbf5575cb129aadb92f8b5506d141 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Mon, 26 Dec 2022 12:21:08 -0600 Subject: [PATCH 08/22] Fix variable names Depends on https://github.com/linuxserver/docker-jenkins-builder/pull/166 --- readme-vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme-vars.yml b/readme-vars.yml index a1325b3..76dc447 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -152,8 +152,8 @@ app_setup_block: | Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate). -app_setup_nginx_reverse_proxy_snippet: false -app_setup_nginx_reverse_proxy_block: "" +nginx_reverse_proxy_snippet_enabled: false +nginx_reverse_proxy_block: "" # changelog changelogs: From 6bbdb719178b0db50afc73b593514218ae5603be Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Mon, 26 Dec 2022 14:19:52 -0600 Subject: [PATCH 09/22] Remove reverse_proxy vars --- readme-vars.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/readme-vars.yml b/readme-vars.yml index 76dc447..76ac360 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -152,9 +152,6 @@ app_setup_block: | Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate). -nginx_reverse_proxy_snippet_enabled: false -nginx_reverse_proxy_block: "" - # changelog changelogs: - { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."} From 5a0bf1223c5180d2de50cc75f26ef5c47e2efe35 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Wed, 28 Dec 2022 15:40:02 -0600 Subject: [PATCH 10/22] Bot Updating Package Versions --- package_versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package_versions.txt b/package_versions.txt index 1ba4c9f..05f741b 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -54,7 +54,7 @@ libice-1.0.10-r0 libidn-1.38-r0 libintl-0.21-r0 libjpeg-turbo-2.1.2-r0 -libksba-1.6.0-r0 +libksba-1.6.3-r0 libldap-2.6.2-r0 libmaxminddb-1.6.0-r0 libmcrypt-2.5.8-r9 From 82b3b747a175611c354446739661ea39e653c7a5 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 7 Jan 2023 18:24:58 -0600 Subject: [PATCH 11/22] Account for dashes and renewal authenticator --- root/etc/cont-init.d/50-certbot | 40 ++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/cont-init.d/50-certbot index 358621d..30656e3 100644 --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/cont-init.d/50-certbot @@ -59,38 +59,46 @@ else fi # update plugin names in dns conf inis -sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini -sed -i 's|^certbot_dns_cpanel:||g' /config/dns-conf/cpanel.ini -sed -i 's|^dns_cpanel_|cpanel_|g' /config/dns-conf/cpanel.ini -sed -i 's|^directadmin_|dns_directadmin_|g' /config/dns-conf/directadmin.ini -sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini -sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini -sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini -sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini +sed -i 's|^certbot[-_]dns[-_]aliyun:||g' /config/dns-conf/aliyun.ini +sed -i 's|^certbot[-_]dns[-_]cpanel:||g' /config/dns-conf/cpanel.ini +sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' /config/dns-conf/cpanel.ini +sed -i 's|^directadmin[-_]|dns_directadmin_|g' /config/dns-conf/directadmin.ini +sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' /config/dns-conf/domeneshop.ini +sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' /config/dns-conf/gandi.ini +sed -i 's|^certbot[-_]dns[-_]inwx:||g' /config/dns-conf/inwx.ini +sed -i 's|^certbot[-_]dns[-_]transip:||g' /config/dns-conf/transip.ini # update plugin names in renewal conf if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then if [[ "${ORIGDNSPLUGIN}" =~ ^(aliyun)$ ]]; then - sed -i 's|^certbot_dns_aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^authenticator = certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi if [[ "${ORIGDNSPLUGIN}" =~ ^(cpanel)$ ]]; then - sed -i 's|^certbot_dns_cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" - sed -i 's|^dns_cpanel_|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^authenticator = certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^authenticator = dns[-_]cpanel|authenticator = cpanel|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi if [[ "${ORIGDNSPLUGIN}" =~ ^(directadmin)$ ]]; then - sed -i 's|^directadmin_|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^authenticator = directadmin|authenticator = dns-directadmin|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^directadmin[-_]|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then - sed -i 's|^certbot_dns_domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^authenticator = certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then - sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^authenticator = certbot[-_]plugin[-_]gandi:dns|authenticator = dns-gandi|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then - sed -i 's|^certbot_dns_inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^authenticator = certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then - sed -i 's|^certbot_dns_transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^authenticator = certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" + sed -i 's|^certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" fi fi From 07fb6a89010dd48e65f8b8e718e3ae4116a924bc Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Sun, 8 Jan 2023 02:52:50 +0100 Subject: [PATCH 12/22] Bot Updating Templated Files --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4615612..58a5ef6 100755 --- a/README.md +++ b/README.md @@ -335,6 +335,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **08.12.22:** - Revamp certbot init. * **03.12.22:** - Remove defunct cloudxns plugin. * **22.11.22:** - Pin acme to the same version as certbot. * **22.11.22:** - Pin certbot to 1.32.0 until plugin compatibility improves. From 1df8d5f6360659078f6c90811ac79bb2c1f33dda Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Mon, 16 Jan 2023 10:04:22 -0600 Subject: [PATCH 13/22] Remove nchan module because it keeps causing crashes --- Dockerfile | 1 - Dockerfile.aarch64 | 1 - Dockerfile.armhf | 1 - readme-vars.yml | 1 + 4 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5e39bde..ab09327 100755 --- a/Dockerfile +++ b/Dockerfile @@ -36,7 +36,6 @@ RUN \ nginx-mod-http-geoip2 \ nginx-mod-http-headers-more \ nginx-mod-http-image-filter \ - nginx-mod-http-nchan \ nginx-mod-http-perl \ nginx-mod-http-redis2 \ nginx-mod-http-set-misc \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index b861b4d..3694742 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -36,7 +36,6 @@ RUN \ nginx-mod-http-geoip2 \ nginx-mod-http-headers-more \ nginx-mod-http-image-filter \ - nginx-mod-http-nchan \ nginx-mod-http-perl \ nginx-mod-http-redis2 \ nginx-mod-http-set-misc \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 839c8bd..a114459 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -36,7 +36,6 @@ RUN \ nginx-mod-http-geoip2 \ nginx-mod-http-headers-more \ nginx-mod-http-image-filter \ - nginx-mod-http-nchan \ nginx-mod-http-perl \ nginx-mod-http-redis2 \ nginx-mod-http-set-misc \ diff --git a/readme-vars.yml b/readme-vars.yml index adca488..a98d47d 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -154,6 +154,7 @@ app_setup_block: | # changelog changelogs: + - { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." } - { date: "08.12.22:", desc: "Revamp certbot init."} - { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."} - { date: "22.11.22:", desc: "Pin acme to the same version as certbot."} From ec82d97157fdad9af13570f0e50d6b7bf581548f Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Mon, 16 Jan 2023 10:27:03 -0600 Subject: [PATCH 14/22] Bot Updating Templated Files --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 58a5ef6..51d5465 100755 --- a/README.md +++ b/README.md @@ -335,6 +335,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **16.01.23:** - Remove nchan module because it keeps causing crashes. * **08.12.22:** - Revamp certbot init. * **03.12.22:** - Remove defunct cloudxns plugin. * **22.11.22:** - Pin acme to the same version as certbot. From 7d02d46fc899b711122605fc997ddf1f1298b55b Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Mon, 16 Jan 2023 17:30:33 +0100 Subject: [PATCH 15/22] Bot Updating Package Versions --- package_versions.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/package_versions.txt b/package_versions.txt index 05f741b..b16809b 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -107,7 +107,6 @@ nginx-mod-http-fancyindex-1.20.2-r1 nginx-mod-http-geoip2-1.20.2-r1 nginx-mod-http-headers-more-1.20.2-r1 nginx-mod-http-image-filter-1.20.2-r1 -nginx-mod-http-nchan-1.20.2-r1 nginx-mod-http-perl-1.20.2-r1 nginx-mod-http-redis2-1.20.2-r1 nginx-mod-http-set-misc-1.20.2-r1 From 86c3d8aa7b160eb1c6cb14bee20f60ee03e0c16f Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Wed, 18 Jan 2023 23:18:53 -0600 Subject: [PATCH 16/22] Bot Updating Package Versions --- package_versions.txt | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index b16809b..d46a8cb 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -18,7 +18,6 @@ fail2ban-0.11.2-r1 freetype-2.11.1-r2 gdbm-1.22-r0 git-2.34.5-r0 -git-perl-2.34.5-r0 gmp-6.2.1-r1 gnupg-2.2.31-r2 gnupg-dirmngr-2.2.31-r2 @@ -82,7 +81,7 @@ libxcb-1.14-r2 libxdmcp-1.1.3-r0 libxext-1.3.4-r0 libxml2-2.9.14-r2 -libxpm-3.5.13-r0 +libxpm-3.5.15-r0 libxslt-1.1.35-r0 libxt-1.2.1-r0 libzip-1.8.0-r1 @@ -124,8 +123,6 @@ p11-kit-0.24.0-r1 pcre-8.45-r1 pcre2-10.40-r0 perl-5.34.0-r1 -perl-error-0.17029-r1 -perl-git-2.34.5-r0 php8-8.0.25-r0 php8-bcmath-8.0.25-r0 php8-bz2-8.0.25-r0 From 3539bd10f082a9eeae7f219bac9eab00aba213f1 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 20 Jan 2023 22:42:13 -0600 Subject: [PATCH 17/22] Rebase to alpine 3.17 with php8.1 --- Dockerfile | 112 ++++++++---------- Dockerfile.aarch64 | 112 ++++++++---------- Dockerfile.armhf | 112 ++++++++---------- README.md | 1 + readme-vars.yml | 1 + root/etc/cont-init.d/43-crontabs | 11 -- .../dependencies.d/init-nginx-config | 0 .../s6-rc.d/init-certbot-config/run} | 4 +- .../s6-rc.d/init-certbot-config/type | 1 + .../s6-overlay/s6-rc.d/init-certbot-config/up | 1 + .../dependencies.d/init-outdated-config | 0 .../dependencies.d/init-fail2ban-config | 0 .../s6-rc.d/init-crontabs-config/run | 17 +++ .../s6-rc.d/init-crontabs-config/type | 1 + .../s6-rc.d/init-crontabs-config/up | 1 + .../dependencies.d/init-samples-config | 0 .../s6-rc.d/init-fail2ban-config/run} | 0 .../s6-rc.d/init-fail2ban-config/type | 1 + .../s6-rc.d/init-fail2ban-config/up | 1 + .../dependencies.d/init-require-url | 0 .../s6-rc.d/init-folders-config/run} | 0 .../s6-rc.d/init-folders-config/type | 1 + .../s6-overlay/s6-rc.d/init-folders-config/up | 1 + .../dependencies.d/init-crontabs-config | 0 .../s6-rc.d/init-nginx-config/run} | 0 .../s6-overlay/s6-rc.d/init-nginx-config/type | 1 + .../s6-overlay/s6-rc.d/init-nginx-config/up | 1 + .../dependencies.d/init-renew | 0 .../s6-rc.d/init-outdated-config/run} | 0 .../s6-rc.d/init-outdated-config/type | 1 + .../s6-rc.d/init-outdated-config/up | 1 + .../dependencies.d/init-certbot-config | 0 .../s6-rc.d/init-permissions-config/run} | 2 +- .../s6-rc.d/init-permissions-config/type | 1 + .../s6-rc.d/init-permissions-config/up | 1 + .../dependencies.d/init-permissions-config | 0 .../s6-rc.d/init-renew/run} | 0 root/etc/s6-overlay/s6-rc.d/init-renew/type | 1 + root/etc/s6-overlay/s6-rc.d/init-renew/up | 1 + .../dependencies.d/init-test-run | 0 .../s6-rc.d/init-require-url/run} | 0 .../s6-overlay/s6-rc.d/init-require-url/type | 1 + .../s6-overlay/s6-rc.d/init-require-url/up | 1 + .../dependencies.d/init-folders-config | 0 .../s6-rc.d/init-samples-config/run} | 0 .../s6-rc.d/init-samples-config/type | 1 + .../s6-overlay/s6-rc.d/init-samples-config/up | 1 + .../dependencies.d/init-nginx-end | 0 .../s6-rc.d/init-test-run/run} | 0 .../etc/s6-overlay/s6-rc.d/init-test-run/type | 1 + root/etc/s6-overlay/s6-rc.d/init-test-run/up | 1 + .../svc-fail2ban/dependencies.d/init-services | 0 .../s6-rc.d/svc-fail2ban}/run | 0 root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type | 1 + .../user/contents.d/init-certbot-config | 0 .../user/contents.d/init-crontabs-config | 0 .../user/contents.d/init-fail2ban-config | 0 .../user/contents.d/init-folders-config | 0 .../s6-rc.d/user/contents.d/init-nginx-config | 0 .../user/contents.d/init-outdated-config | 0 .../user/contents.d/init-permissions-config | 0 .../s6-rc.d/user/contents.d/init-renew | 0 .../s6-rc.d/user/contents.d/init-require-url | 0 .../user/contents.d/init-samples-config | 0 .../s6-rc.d/user/contents.d/init-test-run | 0 .../s6-rc.d/user/contents.d/svc-fail2ban | 0 66 files changed, 201 insertions(+), 194 deletions(-) delete mode 100644 root/etc/cont-init.d/43-crontabs create mode 100644 root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config rename root/etc/{cont-init.d/50-certbot => s6-overlay/s6-rc.d/init-certbot-config/run} (99%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-certbot-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-certbot-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config create mode 100644 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config create mode 100755 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run create mode 100644 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config rename root/etc/{cont-init.d/42-fail2ban => s6-overlay/s6-rc.d/init-fail2ban-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url rename root/etc/{cont-init.d/40-folders => s6-overlay/s6-rc.d/init-folders-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-folders-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-folders-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config rename root/etc/{cont-init.d/45-nginx => s6-overlay/s6-rc.d/init-nginx-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-nginx-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-nginx-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew rename root/etc/{cont-init.d/70-outdated => s6-overlay/s6-rc.d/init-outdated-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-outdated-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-outdated-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config rename root/etc/{cont-init.d/55-permissions => s6-overlay/s6-rc.d/init-permissions-config/run} (88%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-permissions-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-permissions-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config rename root/etc/{cont-init.d/60-renew => s6-overlay/s6-rc.d/init-renew/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-renew/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-renew/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run rename root/etc/{cont-init.d/31-require-url => s6-overlay/s6-rc.d/init-require-url/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-require-url/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-require-url/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config rename root/etc/{cont-init.d/41-samples => s6-overlay/s6-rc.d/init-samples-config/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-samples-config/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-samples-config/up create mode 100644 root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end rename root/etc/{cont-init.d/30-test-run => s6-overlay/s6-rc.d/init-test-run/run} (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-test-run/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-test-run/up create mode 100644 root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services rename root/etc/{services.d/fail2ban => s6-overlay/s6-rc.d/svc-fail2ban}/run (100%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban diff --git a/Dockerfile b/Dockerfile index ab09327..fc57d87 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15 +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17 # set version label ARG BUILD_DATE @@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ + build-base \ cargo \ - g++ \ - gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -24,11 +25,9 @@ RUN \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ - curl \ fail2ban \ gnupg \ memcached \ - nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ @@ -46,62 +45,58 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php8-bcmath \ - php8-bz2 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-exif \ - php8-ftp \ - php8-gd \ - php8-gmp \ - php8-iconv \ - php8-imap \ - php8-intl \ - php8-ldap \ - php8-mysqli \ - php8-mysqlnd \ - php8-opcache \ - php8-pdo_mysql \ - php8-pdo_odbc \ - php8-pdo_pgsql \ - php8-pdo_sqlite \ - php8-pear \ - php8-pecl-apcu \ - php8-pecl-mailparse \ - php8-pecl-mcrypt \ - php8-pecl-memcached \ - php8-pecl-redis \ - php8-pgsql \ - php8-phar \ - php8-posix \ - php8-soap \ - php8-sockets \ - php8-sodium \ - php8-sqlite3 \ - php8-tokenizer \ - php8-xml \ - php8-xmlreader \ - php8-xsl \ - php8-zip \ - py3-cryptography \ - py3-future \ - py3-pip \ + php81-bcmath \ + php81-bz2 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-exif \ + php81-ftp \ + php81-gd \ + php81-gmp \ + php81-iconv \ + php81-imap \ + php81-intl \ + php81-ldap \ + php81-mysqli \ + php81-mysqlnd \ + php81-opcache \ + php81-pdo_mysql \ + php81-pdo_odbc \ + php81-pdo_pgsql \ + php81-pdo_sqlite \ + php81-pear \ + php81-pecl-apcu \ + php81-pecl-mailparse \ + php81-pecl-mcrypt \ + php81-pecl-memcached \ + php81-pecl-redis \ + php81-pgsql \ + php81-phar \ + php81-posix \ + php81-soap \ + php81-sockets \ + php81-sodium \ + php81-sqlite3 \ + php81-tokenizer \ + php81-xmlreader \ + php81-xsl \ + php81-zip \ whois && \ apk add --no-cache \ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php8-pecl-xmlrpc && \ + php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT="certbot"; \ - else \ - CERTBOT="certbot==${CERTBOT_VERSION}"; \ + CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - pip3 install -U \ - pip wheel && \ - pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \ + python3 -m ensurepip && \ + pip3 install -U --no-cache-dir \ + pip \ + wheel && \ + pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ acme==${CERTBOT_VERSION} \ - ${CERTBOT} \ + certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ @@ -141,6 +136,7 @@ RUN \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ + future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ @@ -176,14 +172,10 @@ RUN \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ - for cleanfiles in *.pyc *.pyo; \ - do \ - find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ - ; done && \ rm -rf \ /tmp/* \ - /root/.cache \ - /root/.cargo + $HOME/.cache \ + $HOME/.cargo # copy local files COPY root/ / diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 3694742..208090e 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,4 +1,6 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15 +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17 # set version label ARG BUILD_DATE @@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ + build-base \ cargo \ - g++ \ - gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -24,11 +25,9 @@ RUN \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ - curl \ fail2ban \ gnupg \ memcached \ - nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ @@ -46,62 +45,58 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php8-bcmath \ - php8-bz2 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-exif \ - php8-ftp \ - php8-gd \ - php8-gmp \ - php8-iconv \ - php8-imap \ - php8-intl \ - php8-ldap \ - php8-mysqli \ - php8-mysqlnd \ - php8-opcache \ - php8-pdo_mysql \ - php8-pdo_odbc \ - php8-pdo_pgsql \ - php8-pdo_sqlite \ - php8-pear \ - php8-pecl-apcu \ - php8-pecl-mailparse \ - php8-pecl-mcrypt \ - php8-pecl-memcached \ - php8-pecl-redis \ - php8-pgsql \ - php8-phar \ - php8-posix \ - php8-soap \ - php8-sockets \ - php8-sodium \ - php8-sqlite3 \ - php8-tokenizer \ - php8-xml \ - php8-xmlreader \ - php8-xsl \ - php8-zip \ - py3-cryptography \ - py3-future \ - py3-pip \ + php81-bcmath \ + php81-bz2 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-exif \ + php81-ftp \ + php81-gd \ + php81-gmp \ + php81-iconv \ + php81-imap \ + php81-intl \ + php81-ldap \ + php81-mysqli \ + php81-mysqlnd \ + php81-opcache \ + php81-pdo_mysql \ + php81-pdo_odbc \ + php81-pdo_pgsql \ + php81-pdo_sqlite \ + php81-pear \ + php81-pecl-apcu \ + php81-pecl-mailparse \ + php81-pecl-mcrypt \ + php81-pecl-memcached \ + php81-pecl-redis \ + php81-pgsql \ + php81-phar \ + php81-posix \ + php81-soap \ + php81-sockets \ + php81-sodium \ + php81-sqlite3 \ + php81-tokenizer \ + php81-xmlreader \ + php81-xsl \ + php81-zip \ whois && \ apk add --no-cache \ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php8-pecl-xmlrpc && \ + php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT="certbot"; \ - else \ - CERTBOT="certbot==${CERTBOT_VERSION}"; \ + CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - pip3 install -U \ - pip wheel && \ - pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \ + python3 -m ensurepip && \ + pip3 install -U --no-cache-dir \ + pip \ + wheel && \ + pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ acme==${CERTBOT_VERSION} \ - ${CERTBOT} \ + certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ @@ -141,6 +136,7 @@ RUN \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ + future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ @@ -176,14 +172,10 @@ RUN \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ - for cleanfiles in *.pyc *.pyo; \ - do \ - find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ - ; done && \ rm -rf \ /tmp/* \ - /root/.cache \ - /root/.cargo + $HOME/.cache \ + $HOME/.cargo # copy local files COPY root/ / diff --git a/Dockerfile.armhf b/Dockerfile.armhf index a114459..7092d9a 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,4 +1,6 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15 +# syntax=docker/dockerfile:1 + +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17 # set version label ARG BUILD_DATE @@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ + build-base \ cargo \ - g++ \ - gcc \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -24,11 +25,9 @@ RUN \ python3-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ - curl \ fail2ban \ gnupg \ memcached \ - nginx \ nginx-mod-http-brotli \ nginx-mod-http-dav-ext \ nginx-mod-http-echo \ @@ -46,62 +45,58 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php8-bcmath \ - php8-bz2 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-exif \ - php8-ftp \ - php8-gd \ - php8-gmp \ - php8-iconv \ - php8-imap \ - php8-intl \ - php8-ldap \ - php8-mysqli \ - php8-mysqlnd \ - php8-opcache \ - php8-pdo_mysql \ - php8-pdo_odbc \ - php8-pdo_pgsql \ - php8-pdo_sqlite \ - php8-pear \ - php8-pecl-apcu \ - php8-pecl-mailparse \ - php8-pecl-mcrypt \ - php8-pecl-memcached \ - php8-pecl-redis \ - php8-pgsql \ - php8-phar \ - php8-posix \ - php8-soap \ - php8-sockets \ - php8-sodium \ - php8-sqlite3 \ - php8-tokenizer \ - php8-xml \ - php8-xmlreader \ - php8-xsl \ - php8-zip \ - py3-cryptography \ - py3-future \ - py3-pip \ + php81-bcmath \ + php81-bz2 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-exif \ + php81-ftp \ + php81-gd \ + php81-gmp \ + php81-iconv \ + php81-imap \ + php81-intl \ + php81-ldap \ + php81-mysqli \ + php81-mysqlnd \ + php81-opcache \ + php81-pdo_mysql \ + php81-pdo_odbc \ + php81-pdo_pgsql \ + php81-pdo_sqlite \ + php81-pear \ + php81-pecl-apcu \ + php81-pecl-mailparse \ + php81-pecl-mcrypt \ + php81-pecl-memcached \ + php81-pecl-redis \ + php81-pgsql \ + php81-phar \ + php81-posix \ + php81-soap \ + php81-sockets \ + php81-sodium \ + php81-sqlite3 \ + php81-tokenizer \ + php81-xmlreader \ + php81-xsl \ + php81-zip \ whois && \ apk add --no-cache \ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php8-pecl-xmlrpc && \ + php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ - CERTBOT="certbot"; \ - else \ - CERTBOT="certbot==${CERTBOT_VERSION}"; \ + CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ fi && \ - pip3 install -U \ - pip wheel && \ - pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \ + python3 -m ensurepip && \ + pip3 install -U --no-cache-dir \ + pip \ + wheel && \ + pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \ acme==${CERTBOT_VERSION} \ - ${CERTBOT} \ + certbot==${CERTBOT_VERSION} \ certbot-dns-acmedns \ certbot-dns-aliyun \ certbot-dns-azure \ @@ -141,6 +136,7 @@ RUN \ certbot-dns-vultr \ certbot-plugin-gandi \ cryptography \ + future \ requests && \ echo "**** enable OCSP stapling from base ****" && \ sed -i \ @@ -176,14 +172,10 @@ RUN \ echo "**** cleanup ****" && \ apk del --purge \ build-dependencies && \ - for cleanfiles in *.pyc *.pyo; \ - do \ - find /usr/lib/python3.* -iname "${cleanfiles}" -exec rm -f '{}' + \ - ; done && \ rm -rf \ /tmp/* \ - /root/.cache \ - /root/.cargo + $HOME/.cache \ + $HOME/.cargo # copy local files COPY root/ / diff --git a/README.md b/README.md index 51d5465..e437d07 100755 --- a/README.md +++ b/README.md @@ -335,6 +335,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **20.01.23:** - Rebase to alpine 3.17 with php8.1. * **16.01.23:** - Remove nchan module because it keeps causing crashes. * **08.12.22:** - Revamp certbot init. * **03.12.22:** - Remove defunct cloudxns plugin. diff --git a/readme-vars.yml b/readme-vars.yml index a98d47d..afdd04f 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -154,6 +154,7 @@ app_setup_block: | # changelog changelogs: + - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." } - { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." } - { date: "08.12.22:", desc: "Revamp certbot init."} - { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."} diff --git a/root/etc/cont-init.d/43-crontabs b/root/etc/cont-init.d/43-crontabs deleted file mode 100644 index 30065b7..0000000 --- a/root/etc/cont-init.d/43-crontabs +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/with-contenv bash -# shellcheck shell=bash - -# copy crontabs if needed -if [[ ! -f /config/crontabs/root ]]; then - cp /etc/crontabs/root /config/crontabs/ -fi - -# import user crontabs -rm /etc/crontabs/* -cp /config/crontabs/* /etc/crontabs/ diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/dependencies.d/init-nginx-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run old mode 100644 new mode 100755 similarity index 99% rename from root/etc/cont-init.d/50-certbot rename to root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index 30656e3..e1a7d47 --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -31,12 +31,12 @@ fi # copy dns default configs cp -n /defaults/dns-conf/* /config/dns-conf/ -chown -R abc:abc /config/dns-conf +lsiown -R abc:abc /config/dns-conf # copy default renewal hooks chmod -R +x /defaults/etc/letsencrypt/renewal-hooks cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ -chown -R abc:abc /config/etc/letsencrypt/renewal-hooks +lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks # create original config file if it doesn't exist, move non-hidden legacy file to hidden if [[ -f "/config/donoteditthisfile.conf" ]]; then diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/type b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/up b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/up new file mode 100644 index 0000000..c8bbd6e --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-certbot-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config b/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-outdated-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run new file mode 100755 index 0000000..5ca0899 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run @@ -0,0 +1,17 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# if root crontabs do not exist in config +# copy root crontab from system +if [[ ! -f /config/crontabs/root ]] && crontab -l -u root; then + crontab -l -u root >/config/crontabs/root +fi + +# if root crontabs still do not exist in config (were not copied from system) +# copy root crontab from included defaults +if [[ ! -f /config/crontabs/root ]]; then + cp /etc/crontabs/root /config/crontabs/ +fi + +# import user crontabs +crontab -u root /config/crontabs/root diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up new file mode 100644 index 0000000..006d814 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-crontabs-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/dependencies.d/init-samples-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/42-fail2ban b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/42-fail2ban rename to root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up new file mode 100644 index 0000000..e2e5256 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url b/root/etc/s6-overlay/s6-rc.d/init-folders-config/dependencies.d/init-require-url new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/40-folders b/root/etc/s6-overlay/s6-rc.d/init-folders-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/40-folders rename to root/etc/s6-overlay/s6-rc.d/init-folders-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders-config/type b/root/etc/s6-overlay/s6-rc.d/init-folders-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-folders-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-folders-config/up b/root/etc/s6-overlay/s6-rc.d/init-folders-config/up new file mode 100644 index 0000000..7607e6f --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-folders-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-folders-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/45-nginx b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/45-nginx rename to root/etc/s6-overlay/s6-rc.d/init-nginx-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/type b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/up b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/up new file mode 100644 index 0000000..9adcea4 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-nginx-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/dependencies.d/init-renew new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/70-outdated b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/70-outdated rename to root/etc/s6-overlay/s6-rc.d/init-outdated-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-outdated-config/type b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-outdated-config/up b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/up new file mode 100644 index 0000000..9257bfe --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-outdated-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-outdated-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/dependencies.d/init-certbot-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/55-permissions b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/run old mode 100644 new mode 100755 similarity index 88% rename from root/etc/cont-init.d/55-permissions rename to root/etc/s6-overlay/s6-rc.d/init-permissions-config/run index 4c50bd8..3a55fc0 --- a/root/etc/cont-init.d/55-permissions +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/run @@ -2,7 +2,7 @@ # shellcheck shell=bash # permissions -chown -R abc:abc \ +lsiown -R abc:abc \ /config chmod -R 0644 /etc/logrotate.d chmod -R +r /config/log diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions-config/type b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-permissions-config/up b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/up new file mode 100644 index 0000000..6f2202f --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-permissions-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-permissions-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config b/root/etc/s6-overlay/s6-rc.d/init-renew/dependencies.d/init-permissions-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/60-renew b/root/etc/s6-overlay/s6-rc.d/init-renew/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/60-renew rename to root/etc/s6-overlay/s6-rc.d/init-renew/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-renew/type b/root/etc/s6-overlay/s6-rc.d/init-renew/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-renew/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-renew/up b/root/etc/s6-overlay/s6-rc.d/init-renew/up new file mode 100644 index 0000000..285a1f4 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-renew/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-renew/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run b/root/etc/s6-overlay/s6-rc.d/init-require-url/dependencies.d/init-test-run new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/31-require-url b/root/etc/s6-overlay/s6-rc.d/init-require-url/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/31-require-url rename to root/etc/s6-overlay/s6-rc.d/init-require-url/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-require-url/type b/root/etc/s6-overlay/s6-rc.d/init-require-url/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-require-url/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-require-url/up b/root/etc/s6-overlay/s6-rc.d/init-require-url/up new file mode 100644 index 0000000..df39f4d --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-require-url/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-require-url/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config b/root/etc/s6-overlay/s6-rc.d/init-samples-config/dependencies.d/init-folders-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/41-samples b/root/etc/s6-overlay/s6-rc.d/init-samples-config/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/41-samples rename to root/etc/s6-overlay/s6-rc.d/init-samples-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-samples-config/type b/root/etc/s6-overlay/s6-rc.d/init-samples-config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-samples-config/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-samples-config/up b/root/etc/s6-overlay/s6-rc.d/init-samples-config/up new file mode 100644 index 0000000..bc2cbf6 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-samples-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-samples-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end b/root/etc/s6-overlay/s6-rc.d/init-test-run/dependencies.d/init-nginx-end new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/30-test-run b/root/etc/s6-overlay/s6-rc.d/init-test-run/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/cont-init.d/30-test-run rename to root/etc/s6-overlay/s6-rc.d/init-test-run/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-test-run/type b/root/etc/s6-overlay/s6-rc.d/init-test-run/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-test-run/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-test-run/up b/root/etc/s6-overlay/s6-rc.d/init-test-run/up new file mode 100644 index 0000000..5f836df --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-test-run/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-test-run/run diff --git a/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/dependencies.d/init-services new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/services.d/fail2ban/run b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run old mode 100644 new mode 100755 similarity index 100% rename from root/etc/services.d/fail2ban/run rename to root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run diff --git a/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type @@ -0,0 +1 @@ +longrun diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-certbot-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-fail2ban-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-folders-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-outdated-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permissions-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-renew new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-require-url new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-samples-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-test-run new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban b/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-fail2ban new file mode 100644 index 0000000..e69de29 From c7d1a460263cde2766b27f1ca268d9f60cd6670d Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 20 Jan 2023 22:53:22 -0600 Subject: [PATCH 18/22] Install pecl-mcrypt from edge --- Dockerfile | 5 ++--- Dockerfile.aarch64 | 5 ++--- Dockerfile.armhf | 5 ++--- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index fc57d87..04d82a1 100755 --- a/Dockerfile +++ b/Dockerfile @@ -68,7 +68,6 @@ RUN \ php81-pear \ php81-pecl-apcu \ php81-pecl-mailparse \ - php81-pecl-mcrypt \ php81-pecl-memcached \ php81-pecl-redis \ php81-pgsql \ @@ -83,8 +82,8 @@ RUN \ php81-xsl \ php81-zip \ whois && \ - apk add --no-cache \ - --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php81-pecl-mcrypt && \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 208090e..361445c 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -68,7 +68,6 @@ RUN \ php81-pear \ php81-pecl-apcu \ php81-pecl-mailparse \ - php81-pecl-mcrypt \ php81-pecl-memcached \ php81-pecl-redis \ php81-pgsql \ @@ -83,8 +82,8 @@ RUN \ php81-xsl \ php81-zip \ whois && \ - apk add --no-cache \ - --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php81-pecl-mcrypt && \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 7092d9a..30f5c84 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -68,7 +68,6 @@ RUN \ php81-pear \ php81-pecl-apcu \ php81-pecl-mailparse \ - php81-pecl-mcrypt \ php81-pecl-memcached \ php81-pecl-redis \ php81-pgsql \ @@ -83,8 +82,8 @@ RUN \ php81-xsl \ php81-zip \ whois && \ - apk add --no-cache \ - --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php81-pecl-mcrypt && \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ From 1771853341bb9dba5cdaba78b4152ed2cfa9e4a1 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 20 Jan 2023 22:56:36 -0600 Subject: [PATCH 19/22] Install pecl-mcrypt from edge (fix syntax) --- Dockerfile | 2 +- Dockerfile.aarch64 | 2 +- Dockerfile.armhf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 04d82a1..ebea490 100755 --- a/Dockerfile +++ b/Dockerfile @@ -83,7 +83,7 @@ RUN \ php81-zip \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php81-pecl-mcrypt && \ + php81-pecl-mcrypt \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 361445c..dae457d 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -83,7 +83,7 @@ RUN \ php81-zip \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php81-pecl-mcrypt && \ + php81-pecl-mcrypt \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 30f5c84..bf7e3eb 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -83,7 +83,7 @@ RUN \ php81-zip \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - php81-pecl-mcrypt && \ + php81-pecl-mcrypt \ php81-pecl-xmlrpc && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ From cf21b8c68e08aaff8a7de254f99379993243f3b1 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 20 Jan 2023 23:32:43 -0600 Subject: [PATCH 20/22] replace nginx service location in renewal hooks --- root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx | 4 ++-- root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx | 2 +- root/etc/s6-overlay/s6-rc.d/init-certbot-config/run | 3 +++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx index 781831d..723d69c 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx @@ -6,10 +6,10 @@ if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then if pgrep -f "s6-supervise nginx" >/dev/null; then - s6-svc -u /run/service/nginx + s6-svc -u /run/service/svc-nginx fi else if pgrep -f "nginx:" >/dev/null; then - s6-svc -h /run/service/nginx + s6-svc -h /run/service/svc-nginx fi fi diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx index cb493ea..a8fb50f 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx @@ -6,6 +6,6 @@ if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then if pgrep -f "nginx:" >/dev/null; then - s6-svc -d /run/service/nginx + s6-svc -d /run/service/svc-nginx fi fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index e1a7d47..5e468eb 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -38,6 +38,9 @@ chmod -R +x /defaults/etc/letsencrypt/renewal-hooks cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks +# replace nginx service location in renewal hooks +find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \; + # create original config file if it doesn't exist, move non-hidden legacy file to hidden if [[ -f "/config/donoteditthisfile.conf" ]]; then mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf From 3980ee1ecf31293c6e5d7533a7b404543339ee3b Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 21 Jan 2023 08:13:33 -0600 Subject: [PATCH 21/22] Formatting (tabs) --- .../etc/letsencrypt/renewal-hooks/post/10-nginx | 12 ++++++------ .../etc/letsencrypt/renewal-hooks/pre/10-nginx | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx index 723d69c..43830ed 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx @@ -5,11 +5,11 @@ . /config/.donoteditthisfile.conf if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then - if pgrep -f "s6-supervise nginx" >/dev/null; then - s6-svc -u /run/service/svc-nginx - fi + if pgrep -f "s6-supervise nginx" >/dev/null; then + s6-svc -u /run/service/svc-nginx + fi else - if pgrep -f "nginx:" >/dev/null; then - s6-svc -h /run/service/svc-nginx - fi + if pgrep -f "nginx:" >/dev/null; then + s6-svc -h /run/service/svc-nginx + fi fi diff --git a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx index a8fb50f..64c8674 100644 --- a/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx +++ b/root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx @@ -5,7 +5,7 @@ . /config/.donoteditthisfile.conf if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then - if pgrep -f "nginx:" >/dev/null; then - s6-svc -d /run/service/svc-nginx - fi + if pgrep -f "nginx:" >/dev/null; then + s6-svc -d /run/service/svc-nginx + fi fi From 8938e296d98f92181f3b94f5b626d700163dcbe1 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Sat, 21 Jan 2023 13:29:51 -0600 Subject: [PATCH 22/22] Bot Updating Package Versions --- package_versions.txt | 415 ++++++++++++++++++++----------------------- 1 file changed, 197 insertions(+), 218 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index d46a8cb..ab2fb52 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,225 +1,204 @@ -alpine-baselayout-3.2.0-r18 +alpine-baselayout-3.4.0-r0 +alpine-baselayout-data-3.4.0-r0 alpine-keys-2.4-r1 -apache2-utils-2.4.54-r0 -apk-tools-2.12.7-r3 -apr-1.7.0-r1 -apr-util-1.6.1-r11 -argon2-libs-20190702-r1 -bash-5.1.16-r0 -brotli-libs-1.0.9-r5 -busybox-1.34.1-r7 -c-client-2007f-r13 -ca-certificates-20220614-r0 -ca-certificates-bundle-20220614-r0 -coreutils-9.0-r2 -curl-7.80.0-r5 -expat-2.5.0-r0 -fail2ban-0.11.2-r1 -freetype-2.11.1-r2 -gdbm-1.22-r0 -git-2.34.5-r0 -gmp-6.2.1-r1 -gnupg-2.2.31-r2 -gnupg-dirmngr-2.2.31-r2 -gnupg-gpgconf-2.2.31-r2 -gnupg-utils-2.2.31-r2 -gnupg-wks-client-2.2.31-r2 -gnutls-3.7.1-r1 -gpg-2.2.31-r2 -gpg-agent-2.2.31-r2 -gpg-wks-server-2.2.31-r2 -gpgsm-2.2.31-r2 -gpgv-2.2.31-r2 -icu-libs-69.1-r1 -ip6tables-1.8.7-r1 -iptables-1.8.7-r1 -libacl-2.2.53-r0 -libassuan-2.5.5-r0 -libattr-2.5.1-r1 -libbsd-0.11.3-r1 -libbz2-1.0.8-r1 +alpine-release-3.17.1-r0 +aom-libs-3.5.0-r0 +apache2-utils-2.4.55-r0 +apk-tools-2.12.10-r1 +apr-1.7.0-r2 +apr-util-1.6.1-r14 +argon2-libs-20190702-r2 +bash-5.2.15-r0 +brotli-libs-1.0.9-r9 +busybox-1.35.0-r29 +busybox-binsh-1.35.0-r29 +c-client-2007f-r14 +ca-certificates-20220614-r4 +ca-certificates-bundle-20220614-r4 +coreutils-9.1-r0 +curl-7.87.0-r1 +fail2ban-1.0.2-r0 +fontconfig-2.14.1-r0 +freetype-2.12.1-r0 +gdbm-1.23-r0 +git-2.38.3-r1 +git-perl-2.38.3-r1 +gmp-6.2.1-r2 +gnupg-2.2.40-r0 +gnupg-dirmngr-2.2.40-r0 +gnupg-gpgconf-2.2.40-r0 +gnupg-utils-2.2.40-r0 +gnupg-wks-client-2.2.40-r0 +gnutls-3.7.8-r2 +gpg-2.2.40-r0 +gpg-agent-2.2.40-r0 +gpg-wks-server-2.2.40-r0 +gpgsm-2.2.40-r0 +gpgv-2.2.40-r0 +icu-data-en-72.1-r1 +icu-libs-72.1-r1 +ip6tables-1.8.8-r2 +iptables-1.8.8-r2 +jq-1.6-r2 +libacl-2.3.1-r1 +libassuan-2.5.5-r1 +libattr-2.5.1-r2 +libavif-0.11.1-r0 +libbsd-0.11.7-r0 +libbz2-1.0.8-r4 libc-utils-0.7.2-r3 -libcap-2.61-r0 -libcrypto1.1-1.1.1s-r1 -libcurl-7.80.0-r5 -libedit-20210910.3.1-r0 -libevent-2.1.12-r4 -libffi-3.4.2-r1 -libgcc-10.3.1_git20211027-r0 -libgcrypt-1.9.4-r0 -libgd-2.3.2-r1 -libgpg-error-1.42-r1 -libice-1.0.10-r0 -libidn-1.38-r0 -libintl-0.21-r0 -libjpeg-turbo-2.1.2-r0 +libcrypto3-3.0.7-r2 +libcurl-7.87.0-r1 +libdav1d-1.0.0-r2 +libedit-20221030.3.1-r0 +libevent-2.1.12-r5 +libexpat-2.5.0-r0 +libffi-3.4.4-r0 +libgcc-12.2.1_git20220924-r4 +libgcrypt-1.10.1-r0 +libgd-2.3.3-r3 +libgpg-error-1.46-r1 +libice-1.0.10-r1 +libidn-1.41-r0 +libintl-0.21.1-r1 +libjpeg-turbo-2.1.4-r0 libksba-1.6.3-r0 -libldap-2.6.2-r0 -libmaxminddb-1.6.0-r0 -libmcrypt-2.5.8-r9 -libmd-1.0.3-r0 -libmemcached-libs-1.0.18-r4 -libmnl-1.0.4-r2 -libnftnl-1.2.1-r0 -libpng-1.6.37-r1 -libpq-14.5-r0 -libproc-3.3.17-r0 -libretls-3.3.4-r3 -libsasl-2.1.28-r0 -libseccomp-2.5.2-r0 -libsm-1.2.3-r0 -libsodium-1.0.18-r0 -libssl1.1-1.1.1s-r1 -libstdc++-10.3.1_git20211027-r0 -libtasn1-4.18.0-r1 -libunistring-0.9.10-r1 -libuuid-2.37.4-r0 -libwebp-1.2.2-r0 -libx11-1.7.3.1-r0 -libxau-1.0.9-r0 -libxcb-1.14-r2 -libxdmcp-1.1.3-r0 -libxext-1.3.4-r0 -libxml2-2.9.14-r2 +libldap-2.6.3-r6 +libmaxminddb-libs-1.7.1-r0 +libmcrypt-2.5.8-r10 +libmd-1.0.4-r0 +libmemcached-libs-1.0.18-r5 +libmnl-1.0.5-r0 +libnftnl-1.2.4-r0 +libpng-1.6.38-r0 +libpq-15.1-r0 +libproc-3.3.17-r2 +libsasl-2.1.28-r3 +libseccomp-2.5.4-r0 +libsm-1.2.3-r1 +libsodium-1.0.18-r2 +libssl3-3.0.7-r2 +libstdc++-12.2.1_git20220924-r4 +libtasn1-4.19.0-r0 +libunistring-1.1-r0 +libuuid-2.38.1-r1 +libwebp-1.2.4-r1 +libx11-1.8.3-r0 +libxau-1.0.10-r0 +libxcb-1.15-r0 +libxdmcp-1.1.4-r0 +libxext-1.3.5-r0 +libxml2-2.10.3-r1 libxpm-3.5.15-r0 -libxslt-1.1.35-r0 +libxslt-1.1.37-r0 libxt-1.2.1-r0 -libzip-1.8.0-r1 -linux-pam-1.5.2-r0 -logrotate-3.18.1-r4 -lz4-libs-1.9.3-r1 -memcached-1.6.12-r0 +libzip-1.9.2-r2 +linux-pam-1.5.2-r1 +logrotate-3.20.1-r3 +lz4-libs-1.9.4-r1 +memcached-1.6.17-r0 mpdecimal-2.5.1-r1 -musl-1.2.2-r7 -musl-utils-1.2.2-r7 -nano-5.9-r0 -ncurses-libs-6.3_p20211120-r1 -ncurses-terminfo-base-6.3_p20211120-r1 -nettle-3.7.3-r0 -nghttp2-libs-1.46.0-r0 -nginx-1.20.2-r1 -nginx-mod-devel-kit-1.20.2-r1 -nginx-mod-http-brotli-1.20.2-r1 -nginx-mod-http-dav-ext-1.20.2-r1 -nginx-mod-http-echo-1.20.2-r1 -nginx-mod-http-fancyindex-1.20.2-r1 -nginx-mod-http-geoip2-1.20.2-r1 -nginx-mod-http-headers-more-1.20.2-r1 -nginx-mod-http-image-filter-1.20.2-r1 -nginx-mod-http-perl-1.20.2-r1 -nginx-mod-http-redis2-1.20.2-r1 -nginx-mod-http-set-misc-1.20.2-r1 -nginx-mod-http-upload-progress-1.20.2-r1 -nginx-mod-http-xslt-filter-1.20.2-r1 -nginx-mod-mail-1.20.2-r1 -nginx-mod-rtmp-1.20.2-r1 -nginx-mod-stream-1.20.2-r1 -nginx-mod-stream-geoip2-1.20.2-r1 -nginx-vim-1.20.2-r1 -npth-1.6-r1 -oniguruma-6.9.7.1-r0 -openssl-1.1.1s-r1 -p11-kit-0.24.0-r1 -pcre-8.45-r1 -pcre2-10.40-r0 -perl-5.34.0-r1 -php8-8.0.25-r0 -php8-bcmath-8.0.25-r0 -php8-bz2-8.0.25-r0 -php8-common-8.0.25-r0 -php8-ctype-8.0.25-r0 -php8-curl-8.0.25-r0 -php8-dom-8.0.25-r0 -php8-exif-8.0.25-r0 -php8-fileinfo-8.0.25-r0 -php8-fpm-8.0.25-r0 -php8-ftp-8.0.25-r0 -php8-gd-8.0.25-r0 -php8-gmp-8.0.25-r0 -php8-iconv-8.0.25-r0 -php8-imap-8.0.25-r0 -php8-intl-8.0.25-r0 -php8-ldap-8.0.25-r0 -php8-mbstring-8.0.25-r0 -php8-mysqli-8.0.25-r0 -php8-mysqlnd-8.0.25-r0 -php8-opcache-8.0.25-r0 -php8-openssl-8.0.25-r0 -php8-pdo-8.0.25-r0 -php8-pdo_mysql-8.0.25-r0 -php8-pdo_odbc-8.0.25-r0 -php8-pdo_pgsql-8.0.25-r0 -php8-pdo_sqlite-8.0.25-r0 -php8-pear-8.0.25-r0 -php8-pecl-apcu-5.1.21-r0 -php8-pecl-igbinary-3.2.6-r0 -php8-pecl-mailparse-3.1.3-r0 -php8-pecl-mcrypt-1.0.4-r0 -php8-pecl-memcached-3.1.5-r1 -php8-pecl-redis-5.3.6-r0 -php8-pecl-xmlrpc-1.0.0_rc3-r0 -php8-pgsql-8.0.25-r0 -php8-phar-8.0.25-r0 -php8-posix-8.0.25-r0 -php8-session-8.0.25-r0 -php8-simplexml-8.0.25-r0 -php8-soap-8.0.25-r0 -php8-sockets-8.0.25-r0 -php8-sodium-8.0.25-r0 -php8-sqlite3-8.0.25-r0 -php8-tokenizer-8.0.25-r0 -php8-xml-8.0.25-r0 -php8-xmlreader-8.0.25-r0 -php8-xmlwriter-8.0.25-r0 -php8-xsl-8.0.25-r0 -php8-zip-8.0.25-r0 -pinentry-1.2.0-r0 -popt-1.18-r0 -procps-3.3.17-r0 -py3-appdirs-1.4.4-r2 -py3-asn1crypto-1.4.0-r1 -py3-cachecontrol-0.12.10-r0 -py3-certifi-2020.12.5-r1 -py3-cffi-1.14.5-r4 -py3-charset-normalizer-2.0.7-r0 -py3-colorama-0.4.4-r1 -py3-contextlib2-21.6.0-r1 -py3-cparser-2.20-r1 -py3-cryptography-3.3.2-r3 -py3-distlib-0.3.3-r0 -py3-distro-1.6.0-r0 -py3-future-0.18.2-r3 -py3-html5lib-1.1-r1 -py3-idna-3.3-r0 -py3-lockfile-0.12.2-r4 -py3-msgpack-1.0.2-r1 -py3-ordered-set-4.0.2-r2 -py3-packaging-20.9-r1 -py3-parsing-2.4.7-r2 -py3-pep517-0.12.0-r0 -py3-pip-20.3.4-r1 -py3-progress-1.6-r0 -py3-requests-2.26.0-r1 -py3-retrying-1.3.3-r2 -py3-setuptools-52.0.0-r4 -py3-six-1.16.0-r0 -py3-toml-0.10.2-r2 -py3-tomli-1.2.2-r0 -py3-urllib3-1.26.7-r0 -py3-webencodings-0.5.1-r4 -python3-3.9.16-r0 -readline-8.1.1-r0 -s6-ipcserver-2.11.0.0-r0 -scanelf-1.3.3-r0 -shadow-4.8.1-r1 -skalibs-2.11.0.0-r0 -sqlite-libs-3.36.0-r0 -ssl_client-1.34.1-r7 +musl-1.2.3-r4 +musl-utils-1.2.3-r4 +nano-7.0-r0 +ncurses-libs-6.3_p20221119-r0 +ncurses-terminfo-base-6.3_p20221119-r0 +nettle-3.8.1-r0 +nghttp2-libs-1.51.0-r0 +nginx-1.22.1-r0 +nginx-mod-devel-kit-1.22.1-r0 +nginx-mod-http-brotli-1.22.1-r0 +nginx-mod-http-dav-ext-1.22.1-r0 +nginx-mod-http-echo-1.22.1-r0 +nginx-mod-http-fancyindex-1.22.1-r0 +nginx-mod-http-geoip2-1.22.1-r0 +nginx-mod-http-headers-more-1.22.1-r0 +nginx-mod-http-image-filter-1.22.1-r0 +nginx-mod-http-perl-1.22.1-r0 +nginx-mod-http-redis2-1.22.1-r0 +nginx-mod-http-set-misc-1.22.1-r0 +nginx-mod-http-upload-progress-1.22.1-r0 +nginx-mod-http-xslt-filter-1.22.1-r0 +nginx-mod-mail-1.22.1-r0 +nginx-mod-rtmp-1.22.1-r0 +nginx-mod-stream-1.22.1-r0 +nginx-mod-stream-geoip2-1.22.1-r0 +nginx-vim-1.22.1-r0 +npth-1.6-r2 +oniguruma-6.9.8-r0 +openssl-3.0.7-r2 +p11-kit-0.24.1-r1 +pcre-8.45-r2 +pcre2-10.42-r0 +perl-5.36.0-r0 +perl-error-0.17029-r1 +perl-git-2.38.3-r1 +php81-8.1.14-r0 +php81-bcmath-8.1.14-r0 +php81-bz2-8.1.14-r0 +php81-common-8.1.14-r0 +php81-ctype-8.1.14-r0 +php81-curl-8.1.14-r0 +php81-dom-8.1.14-r0 +php81-exif-8.1.14-r0 +php81-fileinfo-8.1.14-r0 +php81-fpm-8.1.14-r0 +php81-ftp-8.1.14-r0 +php81-gd-8.1.14-r0 +php81-gmp-8.1.14-r0 +php81-iconv-8.1.14-r0 +php81-imap-8.1.14-r0 +php81-intl-8.1.14-r0 +php81-ldap-8.1.14-r0 +php81-mbstring-8.1.14-r0 +php81-mysqli-8.1.14-r0 +php81-mysqlnd-8.1.14-r0 +php81-opcache-8.1.14-r0 +php81-openssl-8.1.14-r0 +php81-pdo-8.1.14-r0 +php81-pdo_mysql-8.1.14-r0 +php81-pdo_odbc-8.1.14-r0 +php81-pdo_pgsql-8.1.14-r0 +php81-pdo_sqlite-8.1.14-r0 +php81-pear-8.1.14-r0 +php81-pecl-apcu-5.1.22-r0 +php81-pecl-igbinary-3.2.12-r0 +php81-pecl-mailparse-3.1.4-r0 +php81-pecl-mcrypt-1.0.4-r0 +php81-pecl-memcached-3.2.0-r0 +php81-pecl-redis-5.3.7-r0 +php81-pecl-xmlrpc-1.0.0_rc3-r0 +php81-pgsql-8.1.14-r0 +php81-phar-8.1.14-r0 +php81-posix-8.1.14-r0 +php81-session-8.1.14-r0 +php81-simplexml-8.1.14-r0 +php81-soap-8.1.14-r0 +php81-sockets-8.1.14-r0 +php81-sodium-8.1.14-r0 +php81-sqlite3-8.1.14-r0 +php81-tokenizer-8.1.14-r0 +php81-xml-8.1.14-r0 +php81-xmlreader-8.1.14-r0 +php81-xmlwriter-8.1.14-r0 +php81-xsl-8.1.14-r0 +php81-zip-8.1.14-r0 +pinentry-1.2.1-r0 +popt-1.19-r0 +procps-3.3.17-r2 +python3-3.10.9-r1 +readline-8.2.0-r0 +scanelf-1.3.5-r1 +shadow-4.13-r0 +skalibs-2.12.0.1-r0 +sqlite-libs-3.40.1-r0 +ssl_client-1.35.0-r29 +tiff-4.4.0-r1 tzdata-2022f-r1 -unixodbc-2.3.9-r1 -utmps-0.1.0.3-r0 -whois-5.5.10-r0 -xz-5.2.5-r1 -xz-libs-5.2.5-r1 -zlib-1.2.12-r3 -zstd-libs-1.5.0-r0 +unixodbc-2.3.11-r0 +utmps-libs-0.1.2.0-r1 +whois-5.5.14-r0 +xz-5.2.9-r0 +xz-libs-5.2.9-r0 +zlib-1.2.13-r0 +zstd-libs-1.5.2-r9