mirror of
https://github.com/linuxserver/docker-swag.git
synced 2026-03-03 08:53:33 +09:00
Compare commits
5 Commits
1.19.0-ls8
...
1.20.0-ls8
| Author | SHA1 | Date | |
|---|---|---|---|
|
8c150cf0fa | ||
|
|
e2dc9fe654 | ||
|
|
ce33eeebe7 | ||
|
d027970b50 | ||
|
a73daf773a |
108
Jenkinsfile
vendored
108
Jenkinsfile
vendored
@@ -16,6 +16,7 @@ pipeline {
|
||||
GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab')
|
||||
GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
|
||||
GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
|
||||
SCARF_TOKEN=credentials('scarf_api_key')
|
||||
EXT_PIP = 'certbot'
|
||||
BUILD_VERSION_ARG = 'CERTBOT_VERSION'
|
||||
LS_USER = 'linuxserver'
|
||||
@@ -116,6 +117,23 @@ pipeline {
|
||||
env.EXT_RELEASE_CLEAN = sh(
|
||||
script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g' ''',
|
||||
returnStdout: true).trim()
|
||||
|
||||
env.SEMVER = (new Date()).format('YYYY.MM.dd')
|
||||
def semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)\.(\d+)$/
|
||||
if (semver.find()) {
|
||||
env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${semver[0][3]}"
|
||||
} else {
|
||||
semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)(?:\.(\d+))?(.*)$/
|
||||
if (semver.find()) {
|
||||
if (semver[0][3]) {
|
||||
env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${semver[0][3]}"
|
||||
} else if (!semver[0][3] && !semver[0][4]) {
|
||||
env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${(new Date()).format('YYYYMMdd')}"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
println("SEMVER: ${env.SEMVER}")
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -130,6 +148,7 @@ pipeline {
|
||||
env.IMAGE = env.DOCKERHUB_IMAGE
|
||||
env.GITHUBIMAGE = 'ghcr.io/' + env.LS_USER + '/' + env.CONTAINER_NAME
|
||||
env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/' + env.CONTAINER_NAME
|
||||
env.QUAYIMAGE = 'quay.io/linuxserver.io/' + env.CONTAINER_NAME
|
||||
if (env.MULTIARCH == 'true') {
|
||||
env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
|
||||
} else {
|
||||
@@ -152,6 +171,7 @@ pipeline {
|
||||
env.IMAGE = env.DEV_DOCKERHUB_IMAGE
|
||||
env.GITHUBIMAGE = 'ghcr.io/' + env.LS_USER + '/lsiodev-' + env.CONTAINER_NAME
|
||||
env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lsiodev-' + env.CONTAINER_NAME
|
||||
env.QUAYIMAGE = 'quay.io/linuxserver.io/lsiodev-' + env.CONTAINER_NAME
|
||||
if (env.MULTIARCH == 'true') {
|
||||
env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
|
||||
} else {
|
||||
@@ -174,6 +194,7 @@ pipeline {
|
||||
env.IMAGE = env.PR_DOCKERHUB_IMAGE
|
||||
env.GITHUBIMAGE = 'ghcr.io/' + env.LS_USER + '/lspipepr-' + env.CONTAINER_NAME
|
||||
env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lspipepr-' + env.CONTAINER_NAME
|
||||
env.QUAYIMAGE = 'quay.io/linuxserver.io/lspipepr-' + env.CONTAINER_NAME
|
||||
if (env.MULTIARCH == 'true') {
|
||||
env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
|
||||
} else {
|
||||
@@ -369,6 +390,48 @@ pipeline {
|
||||
"visibility":"public"}' '''
|
||||
}
|
||||
}
|
||||
/* #######################
|
||||
Scarf.sh package registry
|
||||
####################### */
|
||||
// Add package to Scarf.sh and set permissions
|
||||
stage("Scarf.sh package registry"){
|
||||
when {
|
||||
branch "master"
|
||||
environment name: 'EXIT_STATUS', value: ''
|
||||
}
|
||||
steps{
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/packages | jq -r '.[] | select(.name=="linuxserver/swag") | .uuid')
|
||||
if [ -z "${PACKAGE_UUID}" ]; then
|
||||
echo "Adding package to Scarf.sh"
|
||||
PACKAGE_UUID=$(curl -sX POST https://scarf.sh/api/v1/packages \
|
||||
-H "Authorization: Bearer ${SCARF_TOKEN}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"name":"linuxserver/swag",\
|
||||
"shortDescription":"example description",\
|
||||
"libraryType":"docker",\
|
||||
"website":"https://github.com/linuxserver/docker-swag",\
|
||||
"backendUrl":"https://ghcr.io/linuxserver/swag",\
|
||||
"publicUrl":"https://lscr.io/linuxserver/swag"}' \
|
||||
| jq -r .uuid)
|
||||
else
|
||||
echo "Package already exists on Scarf.sh"
|
||||
fi
|
||||
echo "Setting permissions on Scarf.sh for package ${PACKAGE_UUID}"
|
||||
curl -X POST https://scarf.sh/api/v1/packages/${PACKAGE_UUID}/permissions \
|
||||
-H "Authorization: Bearer ${SCARF_TOKEN}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '[{"userQuery":"Spad","permissionLevel":"admin"},\
|
||||
{"userQuery":"roxedus","permissionLevel":"admin"},\
|
||||
{"userQuery":"nemchik","permissionLevel":"admin"},\
|
||||
{"userQuery":"driz","permissionLevel":"admin"},\
|
||||
{"userQuery":"aptalca","permissionLevel":"admin"},\
|
||||
{"userQuery":"saarg","permissionLevel":"admin"},\
|
||||
{"userQuery":"Stark","permissionLevel":"admin"}]'
|
||||
'''
|
||||
}
|
||||
}
|
||||
/* ###############
|
||||
Build Container
|
||||
############### */
|
||||
@@ -376,7 +439,7 @@ pipeline {
|
||||
stage('Build-Single') {
|
||||
when {
|
||||
expression {
|
||||
env.MULTIARCH == 'false' || params.PACKAGE_CHECK == 'true'
|
||||
env.MULTIARCH == 'false' || params.PACKAGE_CHECK == 'true'
|
||||
}
|
||||
environment name: 'EXIT_STATUS', value: ''
|
||||
}
|
||||
@@ -670,6 +733,12 @@ pipeline {
|
||||
credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
|
||||
usernameVariable: 'DOCKERUSER',
|
||||
passwordVariable: 'DOCKERPASS'
|
||||
],
|
||||
[
|
||||
$class: 'UsernamePasswordMultiBinding',
|
||||
credentialsId: 'Quay.io-Robot',
|
||||
usernameVariable: 'QUAYUSER',
|
||||
passwordVariable: 'QUAYPASS'
|
||||
]
|
||||
]) {
|
||||
retry(5) {
|
||||
@@ -678,22 +747,26 @@ pipeline {
|
||||
echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
|
||||
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
|
||||
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
|
||||
for PUSHIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${IMAGE}"; do
|
||||
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
|
||||
for PUSHIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do
|
||||
docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG}
|
||||
docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest
|
||||
docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${EXT_RELEASE_TAG}
|
||||
docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${SEMVER}
|
||||
docker push ${PUSHIMAGE}:latest
|
||||
docker push ${PUSHIMAGE}:${META_TAG}
|
||||
docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG}
|
||||
docker push ${PUSHIMAGE}:${SEMVER}
|
||||
done
|
||||
'''
|
||||
}
|
||||
sh '''#! /bin/bash
|
||||
for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${IMAGE}"; do
|
||||
for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do
|
||||
docker rmi \
|
||||
${DELETEIMAGE}:${META_TAG} \
|
||||
${DELETEIMAGE}:${EXT_RELEASE_TAG} \
|
||||
${DELETEIMAGE}:latest || :
|
||||
${DELETEIMAGE}:latest \
|
||||
${DELETEIMAGE}:${SEMVER} || :
|
||||
done
|
||||
'''
|
||||
}
|
||||
@@ -712,6 +785,12 @@ pipeline {
|
||||
credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
|
||||
usernameVariable: 'DOCKERUSER',
|
||||
passwordVariable: 'DOCKERPASS'
|
||||
],
|
||||
[
|
||||
$class: 'UsernamePasswordMultiBinding',
|
||||
credentialsId: 'Quay.io-Robot',
|
||||
usernameVariable: 'QUAYUSER',
|
||||
passwordVariable: 'QUAYPASS'
|
||||
]
|
||||
]) {
|
||||
retry(5) {
|
||||
@@ -720,13 +799,14 @@ pipeline {
|
||||
echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
|
||||
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
|
||||
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
|
||||
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
|
||||
if [ "${CI}" == "false" ]; then
|
||||
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
|
||||
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
|
||||
fi
|
||||
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}"; do
|
||||
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
|
||||
docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
|
||||
docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
|
||||
docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
|
||||
@@ -736,6 +816,9 @@ pipeline {
|
||||
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
|
||||
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
||||
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
|
||||
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${SEMVER}
|
||||
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
||||
docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
|
||||
docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
|
||||
docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
|
||||
@@ -745,6 +828,9 @@ pipeline {
|
||||
docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
|
||||
docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
||||
docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||
docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
|
||||
docker push ${MANIFESTIMAGE}:arm32v7-${SEMVER}
|
||||
docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
||||
docker manifest push --purge ${MANIFESTIMAGE}:latest || :
|
||||
docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest
|
||||
docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm
|
||||
@@ -757,24 +843,32 @@ pipeline {
|
||||
docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||
docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} --os linux --arch arm
|
||||
docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8
|
||||
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || :
|
||||
docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
||||
docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} --os linux --arch arm
|
||||
docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8
|
||||
docker manifest push --purge ${MANIFESTIMAGE}:latest
|
||||
docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG}
|
||||
docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG}
|
||||
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER}
|
||||
done
|
||||
'''
|
||||
}
|
||||
sh '''#! /bin/bash
|
||||
for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${IMAGE}"; do
|
||||
for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do
|
||||
docker rmi \
|
||||
${DELETEIMAGE}:amd64-${META_TAG} \
|
||||
${DELETEIMAGE}:amd64-latest \
|
||||
${DELETEIMAGE}:amd64-${EXT_RELEASE_TAG} \
|
||||
${DELETEIMAGE}:amd64-${SEMVER} \
|
||||
${DELETEIMAGE}:arm32v7-${META_TAG} \
|
||||
${DELETEIMAGE}:arm32v7-latest \
|
||||
${DELETEIMAGE}:arm32v7-${EXT_RELEASE_TAG} \
|
||||
${DELETEIMAGE}:arm32v7-${SEMVER} \
|
||||
${DELETEIMAGE}:arm64v8-${META_TAG} \
|
||||
${DELETEIMAGE}:arm64v8-latest \
|
||||
${DELETEIMAGE}:arm64v8-${EXT_RELEASE_TAG} || :
|
||||
${DELETEIMAGE}:arm64v8-${EXT_RELEASE_TAG} \
|
||||
${DELETEIMAGE}:arm64v8-${SEMVER} || :
|
||||
done
|
||||
docker rmi \
|
||||
ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} \
|
||||
|
||||
14
README.md
14
README.md
@@ -33,6 +33,7 @@ Find us at:
|
||||
[](https://github.com/linuxserver/docker-swag/releases)
|
||||
[](https://github.com/linuxserver/docker-swag/packages)
|
||||
[](https://gitlab.com/linuxserver.io/docker-swag/container_registry)
|
||||
[](https://quay.io/repository/linuxserver.io/swag)
|
||||
[](https://hub.docker.com/r/linuxserver/swag)
|
||||
[](https://hub.docker.com/r/linuxserver/swag)
|
||||
[](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/)
|
||||
@@ -46,7 +47,7 @@ SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relatio
|
||||
|
||||
Our images support multiple architectures such as `x86-64`, `arm64` and `armhf`. We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
|
||||
|
||||
Simply pulling `ghcr.io/linuxserver/swag` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
|
||||
Simply pulling `lscr.io/linuxserver/swag` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
|
||||
|
||||
The architectures supported by this image are:
|
||||
|
||||
@@ -141,7 +142,7 @@ Here are some example snippets to help you get started creating a container.
|
||||
version: "2.1"
|
||||
services:
|
||||
swag:
|
||||
image: ghcr.io/linuxserver/swag
|
||||
image: lscr.io/linuxserver/swag
|
||||
container_name: swag
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
@@ -194,7 +195,7 @@ docker run -d \
|
||||
-p 80:80 `#optional` \
|
||||
-v /path/to/appdata/config:/config \
|
||||
--restart unless-stopped \
|
||||
ghcr.io/linuxserver/swag
|
||||
lscr.io/linuxserver/swag
|
||||
```
|
||||
|
||||
## Parameters
|
||||
@@ -265,7 +266,7 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
|
||||
* container version number
|
||||
* `docker inspect -f '{{ index .Config.Labels "build_version" }}' swag`
|
||||
* image version number
|
||||
* `docker inspect -f '{{ index .Config.Labels "build_version" }}' ghcr.io/linuxserver/swag`
|
||||
* `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/swag`
|
||||
|
||||
## Updating Info
|
||||
|
||||
@@ -283,7 +284,7 @@ Below are the instructions for updating containers:
|
||||
|
||||
### Via Docker Run
|
||||
|
||||
* Update the image: `docker pull ghcr.io/linuxserver/swag`
|
||||
* Update the image: `docker pull lscr.io/linuxserver/swag`
|
||||
* Stop the running container: `docker stop swag`
|
||||
* Delete the container: `docker rm swag`
|
||||
* Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved)
|
||||
@@ -318,7 +319,7 @@ cd docker-swag
|
||||
docker build \
|
||||
--no-cache \
|
||||
--pull \
|
||||
-t ghcr.io/linuxserver/swag:latest .
|
||||
-t lscr.io/linuxserver/swag:latest .
|
||||
```
|
||||
|
||||
The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
|
||||
@@ -331,6 +332,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
||||
|
||||
## Versions
|
||||
|
||||
* **01.10.21:** - Check if the cert uses the old LE root cert, revoke and regenerate if necessary. [Here's more info](https://twitter.com/letsencrypt/status/1443621997288767491) on LE root cert expiration
|
||||
* **19.09.21:** - Add an optional header to opt out of Google FLoC in `ssl.conf`.
|
||||
* **17.09.21:** - Mark `SUBDOMAINS` var as optional.
|
||||
* **01.08.21:** - Add support for ionos dns validation.
|
||||
|
||||
@@ -133,8 +133,8 @@ php7-ctype-7.4.24-r0
|
||||
php7-curl-7.4.24-r0
|
||||
php7-dom-7.4.24-r0
|
||||
php7-exif-7.4.24-r0
|
||||
php7-fileinfo-7.4.23-r0
|
||||
php7-fpm-7.4.23-r0
|
||||
php7-fileinfo-7.4.24-r0
|
||||
php7-fpm-7.4.24-r0
|
||||
php7-ftp-7.4.24-r0
|
||||
php7-gd-7.4.24-r0
|
||||
php7-gmp-7.4.24-r0
|
||||
@@ -164,7 +164,7 @@ php7-pgsql-7.4.24-r0
|
||||
php7-phar-7.4.24-r0
|
||||
php7-posix-7.4.24-r0
|
||||
php7-session-7.4.24-r0
|
||||
php7-simplexml-7.4.23-r0
|
||||
php7-simplexml-7.4.24-r0
|
||||
php7-soap-7.4.24-r0
|
||||
php7-sockets-7.4.24-r0
|
||||
php7-sodium-7.4.24-r0
|
||||
@@ -173,7 +173,7 @@ php7-tokenizer-7.4.24-r0
|
||||
php7-xml-7.4.24-r0
|
||||
php7-xmlreader-7.4.24-r0
|
||||
php7-xmlrpc-7.4.24-r0
|
||||
php7-xmlwriter-7.4.23-r0
|
||||
php7-xmlwriter-7.4.24-r0
|
||||
php7-xsl-7.4.24-r0
|
||||
php7-zip-7.4.24-r0
|
||||
pinentry-1.1.1-r0
|
||||
@@ -217,7 +217,7 @@ shadow-4.8.1-r0
|
||||
skalibs-2.10.0.3-r0
|
||||
sqlite-libs-3.35.5-r0
|
||||
ssl_client-1.33.1-r3
|
||||
tzdata-2021a-r0
|
||||
tzdata-2021b-r0
|
||||
unixodbc-2.3.9-r1
|
||||
utmps-0.1.0.2-r0
|
||||
whois-5.5.10-r0
|
||||
|
||||
@@ -155,6 +155,7 @@ app_setup_nginx_reverse_proxy_block: ""
|
||||
|
||||
# changelog
|
||||
changelogs:
|
||||
- { date: "01.10.21:", desc: "Check if the cert uses the old LE root cert, revoke and regenerate if necessary. [Here's more info](https://twitter.com/letsencrypt/status/1443621997288767491) on LE root cert expiration" }
|
||||
- { date: "19.09.21:", desc: "Add an optional header to opt out of Google FLoC in `ssl.conf`." }
|
||||
- { date: "17.09.21:", desc: "Mark `SUBDOMAINS` var as optional." }
|
||||
- { date: "01.08.21:", desc: "Add support for ionos dns validation." }
|
||||
|
||||
@@ -312,6 +312,14 @@ else
|
||||
FILENAME="$DNSPLUGIN.ini"
|
||||
fi
|
||||
|
||||
# Check if the cert is using the old LE root cert, revoke and regen if necessary
|
||||
if [ -f "/config/keys/letsencrypt/chain.pem" ] && ([ "${CERTPROVIDER}" == "letsencrypt" ] || [ "${CERTPROVIDER}" == "" ]) && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
|
||||
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
|
||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER
|
||||
rm -rf /config/etc/letsencrypt
|
||||
mkdir -p /config/etc/letsencrypt
|
||||
fi
|
||||
|
||||
# generating certs if necessary
|
||||
if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
|
||||
if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then
|
||||
|
||||
Reference in New Issue
Block a user