mirror of
https://github.com/linuxserver/docker-swag.git
synced 2026-03-15 18:55:53 +09:00
Compare commits
11 Commits
1.22.0-ls1
...
1.22.0-ls1
| Author | SHA1 | Date | |
|---|---|---|---|
|
7562a1c26a | ||
|
|
7d6b5e66c1 | ||
|
|
6fde2f5f8f | ||
|
08d0680a0c | ||
|
665eace79f | ||
|
|
51d6132d63 | ||
|
|
251917b23f | ||
|
|
bedff470cf | ||
|
84cdf58b66 | ||
|
e843b50fc8 | ||
|
|
682689d0fc |
@@ -131,6 +131,11 @@ RUN \
|
|||||||
certbot-plugin-gandi \
|
certbot-plugin-gandi \
|
||||||
cryptography \
|
cryptography \
|
||||||
requests && \
|
requests && \
|
||||||
|
echo "**** correct ip6tables legacy issue ****" && \
|
||||||
|
rm \
|
||||||
|
/sbin/ip6tables && \
|
||||||
|
ln -s \
|
||||||
|
/sbin/ip6tables-nft /sbin/ip6tables && \
|
||||||
echo "**** remove unnecessary fail2ban filters ****" && \
|
echo "**** remove unnecessary fail2ban filters ****" && \
|
||||||
rm \
|
rm \
|
||||||
/etc/fail2ban/jail.d/alpine-ssh.conf && \
|
/etc/fail2ban/jail.d/alpine-ssh.conf && \
|
||||||
|
|||||||
@@ -131,6 +131,11 @@ RUN \
|
|||||||
certbot-plugin-gandi \
|
certbot-plugin-gandi \
|
||||||
cryptography \
|
cryptography \
|
||||||
requests && \
|
requests && \
|
||||||
|
echo "**** correct ip6tables legacy issue ****" && \
|
||||||
|
rm \
|
||||||
|
/sbin/ip6tables && \
|
||||||
|
ln -s \
|
||||||
|
/sbin/ip6tables-nft /sbin/ip6tables && \
|
||||||
echo "**** remove unnecessary fail2ban filters ****" && \
|
echo "**** remove unnecessary fail2ban filters ****" && \
|
||||||
rm \
|
rm \
|
||||||
/etc/fail2ban/jail.d/alpine-ssh.conf && \
|
/etc/fail2ban/jail.d/alpine-ssh.conf && \
|
||||||
|
|||||||
@@ -130,6 +130,11 @@ RUN \
|
|||||||
certbot-plugin-gandi \
|
certbot-plugin-gandi \
|
||||||
cryptography \
|
cryptography \
|
||||||
requests && \
|
requests && \
|
||||||
|
echo "**** correct ip6tables legacy issue ****" && \
|
||||||
|
rm \
|
||||||
|
/sbin/ip6tables && \
|
||||||
|
ln -s \
|
||||||
|
/sbin/ip6tables-nft /sbin/ip6tables && \
|
||||||
echo "**** remove unnecessary fail2ban filters ****" && \
|
echo "**** remove unnecessary fail2ban filters ****" && \
|
||||||
rm \
|
rm \
|
||||||
/etc/fail2ban/jail.d/alpine-ssh.conf && \
|
/etc/fail2ban/jail.d/alpine-ssh.conf && \
|
||||||
|
|||||||
88
Jenkinsfile
vendored
88
Jenkinsfile
vendored
@@ -118,12 +118,11 @@ pipeline {
|
|||||||
script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g' ''',
|
script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g' ''',
|
||||||
returnStdout: true).trim()
|
returnStdout: true).trim()
|
||||||
|
|
||||||
env.SEMVER = (new Date()).format('YYYY.MM.dd')
|
def semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)\.(\d+)/
|
||||||
def semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)\.(\d+)$/
|
|
||||||
if (semver.find()) {
|
if (semver.find()) {
|
||||||
env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${semver[0][3]}"
|
env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${semver[0][3]}"
|
||||||
} else {
|
} else {
|
||||||
semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)(?:\.(\d+))?(.*)$/
|
semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)(?:\.(\d+))?(.*)/
|
||||||
if (semver.find()) {
|
if (semver.find()) {
|
||||||
if (semver[0][3]) {
|
if (semver[0][3]) {
|
||||||
env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${semver[0][3]}"
|
env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${semver[0][3]}"
|
||||||
@@ -133,7 +132,15 @@ pipeline {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
println("SEMVER: ${env.SEMVER}")
|
if (env.SEMVER != null) {
|
||||||
|
if (BRANCH_NAME != "master" && BRANCH_NAME != "main") {
|
||||||
|
env.SEMVER = "${env.SEMVER}-${BRANCH_NAME}"
|
||||||
|
}
|
||||||
|
println("SEMVER: ${env.SEMVER}")
|
||||||
|
} else {
|
||||||
|
println("No SEMVER detected")
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -402,10 +409,10 @@ pipeline {
|
|||||||
steps{
|
steps{
|
||||||
sh '''#! /bin/bash
|
sh '''#! /bin/bash
|
||||||
set -e
|
set -e
|
||||||
PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/packages | jq -r '.[] | select(.name=="linuxserver/swag") | .uuid')
|
PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/swag") | .uuid')
|
||||||
if [ -z "${PACKAGE_UUID}" ]; then
|
if [ -z "${PACKAGE_UUID}" ]; then
|
||||||
echo "Adding package to Scarf.sh"
|
echo "Adding package to Scarf.sh"
|
||||||
PACKAGE_UUID=$(curl -sX POST https://scarf.sh/api/v1/packages \
|
curl -sX POST https://scarf.sh/api/v1/organizations/linuxserver-ci/packages \
|
||||||
-H "Authorization: Bearer ${SCARF_TOKEN}" \
|
-H "Authorization: Bearer ${SCARF_TOKEN}" \
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
-d '{"name":"linuxserver/swag",\
|
-d '{"name":"linuxserver/swag",\
|
||||||
@@ -413,22 +420,10 @@ pipeline {
|
|||||||
"libraryType":"docker",\
|
"libraryType":"docker",\
|
||||||
"website":"https://github.com/linuxserver/docker-swag",\
|
"website":"https://github.com/linuxserver/docker-swag",\
|
||||||
"backendUrl":"https://ghcr.io/linuxserver/swag",\
|
"backendUrl":"https://ghcr.io/linuxserver/swag",\
|
||||||
"publicUrl":"https://lscr.io/linuxserver/swag"}' \
|
"publicUrl":"https://lscr.io/linuxserver/swag"}' || :
|
||||||
| jq -r .uuid)
|
|
||||||
else
|
else
|
||||||
echo "Package already exists on Scarf.sh"
|
echo "Package already exists on Scarf.sh"
|
||||||
fi
|
fi
|
||||||
echo "Setting permissions on Scarf.sh for package ${PACKAGE_UUID}"
|
|
||||||
curl -X POST https://scarf.sh/api/v1/packages/${PACKAGE_UUID}/permissions \
|
|
||||||
-H "Authorization: Bearer ${SCARF_TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
-d '[{"userQuery":"Spad","permissionLevel":"admin"},\
|
|
||||||
{"userQuery":"roxedus","permissionLevel":"admin"},\
|
|
||||||
{"userQuery":"nemchik","permissionLevel":"admin"},\
|
|
||||||
{"userQuery":"driz","permissionLevel":"admin"},\
|
|
||||||
{"userQuery":"aptalca","permissionLevel":"admin"},\
|
|
||||||
{"userQuery":"saarg","permissionLevel":"admin"},\
|
|
||||||
{"userQuery":"Stark","permissionLevel":"admin"}]'
|
|
||||||
'''
|
'''
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -752,11 +747,15 @@ pipeline {
|
|||||||
docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG}
|
docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG}
|
||||||
docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest
|
docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest
|
||||||
docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${EXT_RELEASE_TAG}
|
docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${EXT_RELEASE_TAG}
|
||||||
docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${SEMVER}
|
if [ -n "${SEMVER}" ]; then
|
||||||
|
docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${SEMVER}
|
||||||
|
fi
|
||||||
docker push ${PUSHIMAGE}:latest
|
docker push ${PUSHIMAGE}:latest
|
||||||
docker push ${PUSHIMAGE}:${META_TAG}
|
docker push ${PUSHIMAGE}:${META_TAG}
|
||||||
docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG}
|
docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG}
|
||||||
docker push ${PUSHIMAGE}:${SEMVER}
|
if [ -n "${SEMVER}" ]; then
|
||||||
|
docker push ${PUSHIMAGE}:${SEMVER}
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
'''
|
'''
|
||||||
}
|
}
|
||||||
@@ -765,8 +764,10 @@ pipeline {
|
|||||||
docker rmi \
|
docker rmi \
|
||||||
${DELETEIMAGE}:${META_TAG} \
|
${DELETEIMAGE}:${META_TAG} \
|
||||||
${DELETEIMAGE}:${EXT_RELEASE_TAG} \
|
${DELETEIMAGE}:${EXT_RELEASE_TAG} \
|
||||||
${DELETEIMAGE}:latest \
|
${DELETEIMAGE}:latest || :
|
||||||
${DELETEIMAGE}:${SEMVER} || :
|
if [ -n "${SEMVER}" ]; then
|
||||||
|
docker rmi ${DELETEIMAGE}:${SEMVER} || :
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
'''
|
'''
|
||||||
}
|
}
|
||||||
@@ -816,9 +817,11 @@ pipeline {
|
|||||||
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
|
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
|
||||||
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
||||||
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||||
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
|
if [ -n "${SEMVER}" ]; then
|
||||||
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${SEMVER}
|
docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
|
||||||
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${SEMVER}
|
||||||
|
docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
||||||
|
fi
|
||||||
docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
|
docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
|
||||||
docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
|
docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
|
||||||
docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
|
docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
|
||||||
@@ -828,9 +831,11 @@ pipeline {
|
|||||||
docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
|
docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
|
||||||
docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
||||||
docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||||
docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
|
if [ -n "${SEMVER}" ]; then
|
||||||
docker push ${MANIFESTIMAGE}:arm32v7-${SEMVER}
|
docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
|
||||||
docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
docker push ${MANIFESTIMAGE}:arm32v7-${SEMVER}
|
||||||
|
docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
||||||
|
fi
|
||||||
docker manifest push --purge ${MANIFESTIMAGE}:latest || :
|
docker manifest push --purge ${MANIFESTIMAGE}:latest || :
|
||||||
docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest
|
docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest
|
||||||
docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm
|
docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm
|
||||||
@@ -843,14 +848,18 @@ pipeline {
|
|||||||
docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||||
docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} --os linux --arch arm
|
docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} --os linux --arch arm
|
||||||
docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8
|
docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8
|
||||||
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || :
|
if [ -n "${SEMVER}" ]; then
|
||||||
docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || :
|
||||||
docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} --os linux --arch arm
|
docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
|
||||||
docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8
|
docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} --os linux --arch arm
|
||||||
|
docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8
|
||||||
|
fi
|
||||||
docker manifest push --purge ${MANIFESTIMAGE}:latest
|
docker manifest push --purge ${MANIFESTIMAGE}:latest
|
||||||
docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG}
|
docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG}
|
||||||
docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG}
|
docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG}
|
||||||
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER}
|
if [ -n "${SEMVER}" ]; then
|
||||||
|
docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER}
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
'''
|
'''
|
||||||
}
|
}
|
||||||
@@ -860,15 +869,18 @@ pipeline {
|
|||||||
${DELETEIMAGE}:amd64-${META_TAG} \
|
${DELETEIMAGE}:amd64-${META_TAG} \
|
||||||
${DELETEIMAGE}:amd64-latest \
|
${DELETEIMAGE}:amd64-latest \
|
||||||
${DELETEIMAGE}:amd64-${EXT_RELEASE_TAG} \
|
${DELETEIMAGE}:amd64-${EXT_RELEASE_TAG} \
|
||||||
${DELETEIMAGE}:amd64-${SEMVER} \
|
|
||||||
${DELETEIMAGE}:arm32v7-${META_TAG} \
|
${DELETEIMAGE}:arm32v7-${META_TAG} \
|
||||||
${DELETEIMAGE}:arm32v7-latest \
|
${DELETEIMAGE}:arm32v7-latest \
|
||||||
${DELETEIMAGE}:arm32v7-${EXT_RELEASE_TAG} \
|
${DELETEIMAGE}:arm32v7-${EXT_RELEASE_TAG} \
|
||||||
${DELETEIMAGE}:arm32v7-${SEMVER} \
|
|
||||||
${DELETEIMAGE}:arm64v8-${META_TAG} \
|
${DELETEIMAGE}:arm64v8-${META_TAG} \
|
||||||
${DELETEIMAGE}:arm64v8-latest \
|
${DELETEIMAGE}:arm64v8-latest \
|
||||||
${DELETEIMAGE}:arm64v8-${EXT_RELEASE_TAG} \
|
${DELETEIMAGE}:arm64v8-${EXT_RELEASE_TAG} || :
|
||||||
${DELETEIMAGE}:arm64v8-${SEMVER} || :
|
if [ -n "${SEMVER}" ]; then
|
||||||
|
docker rmi \
|
||||||
|
${DELETEIMAGE}:amd64-${SEMVER} \
|
||||||
|
${DELETEIMAGE}:arm32v7-${SEMVER} \
|
||||||
|
${DELETEIMAGE}:arm64v8-${SEMVER} || :
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
docker rmi \
|
docker rmi \
|
||||||
ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} \
|
ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} \
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ Find us at:
|
|||||||
|
|
||||||
# [linuxserver/swag](https://github.com/linuxserver/docker-swag)
|
# [linuxserver/swag](https://github.com/linuxserver/docker-swag)
|
||||||
|
|
||||||
|
[](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fswag)
|
||||||
[](https://github.com/linuxserver/docker-swag)
|
[](https://github.com/linuxserver/docker-swag)
|
||||||
[](https://github.com/linuxserver/docker-swag/releases)
|
[](https://github.com/linuxserver/docker-swag/releases)
|
||||||
[](https://github.com/linuxserver/docker-swag/packages)
|
[](https://github.com/linuxserver/docker-swag/packages)
|
||||||
@@ -329,6 +330,8 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
|||||||
|
|
||||||
## Versions
|
## Versions
|
||||||
|
|
||||||
|
* **09.01.22:** - Added a fail2ban jail for nginx unauthorized
|
||||||
|
* **21.12.21:** - Fixed issue with iptables not working as expected
|
||||||
* **30.11.21:** - Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)
|
* **30.11.21:** - Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)
|
||||||
* **22.11.21:** - Added support for Infomaniak DNS for certificate generation.
|
* **22.11.21:** - Added support for Infomaniak DNS for certificate generation.
|
||||||
* **20.11.21:** - Added support for dnspod validation.
|
* **20.11.21:** - Added support for dnspod validation.
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
alpine-baselayout-3.2.0-r16
|
alpine-baselayout-3.2.0-r16
|
||||||
alpine-keys-2.4-r0
|
alpine-keys-2.4-r0
|
||||||
apache2-utils-2.4.51-r0
|
apache2-utils-2.4.52-r0
|
||||||
apk-tools-2.12.7-r0
|
apk-tools-2.12.7-r0
|
||||||
apr-1.7.0-r0
|
apr-1.7.0-r0
|
||||||
apr-util-1.6.1-r7
|
apr-util-1.6.1-r7
|
||||||
@@ -9,11 +9,11 @@ bash-5.1.4-r0
|
|||||||
brotli-libs-1.0.9-r5
|
brotli-libs-1.0.9-r5
|
||||||
busybox-1.33.1-r6
|
busybox-1.33.1-r6
|
||||||
c-client-2007f-r11
|
c-client-2007f-r11
|
||||||
ca-certificates-20191127-r5
|
ca-certificates-20211220-r0
|
||||||
ca-certificates-bundle-20191127-r5
|
ca-certificates-bundle-20211220-r0
|
||||||
coreutils-8.32-r2
|
coreutils-8.32-r2
|
||||||
curl-7.79.1-r0
|
curl-7.79.1-r0
|
||||||
expat-2.4.1-r0
|
expat-2.4.3-r0
|
||||||
fail2ban-0.11.2-r0
|
fail2ban-0.11.2-r0
|
||||||
freetype-2.10.4-r1
|
freetype-2.10.4-r1
|
||||||
gdbm-1.19-r0
|
gdbm-1.19-r0
|
||||||
@@ -85,8 +85,8 @@ libxslt-1.1.34-r1
|
|||||||
libxt-1.2.1-r0
|
libxt-1.2.1-r0
|
||||||
libzip-1.7.3-r2
|
libzip-1.7.3-r2
|
||||||
linux-pam-1.5.1-r1
|
linux-pam-1.5.1-r1
|
||||||
logrotate-3.18.1-r0
|
logrotate-3.18.1-r1
|
||||||
lz4-libs-1.9.3-r0
|
lz4-libs-1.9.3-r1
|
||||||
memcached-1.6.9-r0
|
memcached-1.6.9-r0
|
||||||
mpdecimal-2.5.1-r1
|
mpdecimal-2.5.1-r1
|
||||||
musl-1.2.2-r3
|
musl-1.2.2-r3
|
||||||
|
|||||||
@@ -154,6 +154,8 @@ app_setup_nginx_reverse_proxy_block: ""
|
|||||||
|
|
||||||
# changelog
|
# changelog
|
||||||
changelogs:
|
changelogs:
|
||||||
|
- { date: "09.01.22:", desc: "Added a fail2ban jail for nginx unauthorized" }
|
||||||
|
- { date: "21.12.21:", desc: "Fixed issue with iptables not working as expected" }
|
||||||
- { date: "30.11.21:", desc: "Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)" }
|
- { date: "30.11.21:", desc: "Move maxmind to a [new mod](https://github.com/linuxserver/docker-mods/tree/swag-maxmind)" }
|
||||||
- { date: "22.11.21:", desc: "Added support for Infomaniak DNS for certificate generation." }
|
- { date: "22.11.21:", desc: "Added support for Infomaniak DNS for certificate generation." }
|
||||||
- { date: "20.11.21:", desc: "Added support for dnspod validation." }
|
- { date: "20.11.21:", desc: "Added support for dnspod validation." }
|
||||||
|
|||||||
7
root/defaults/fail2ban/filter.d/nginx-unauthorized.conf
Normal file
7
root/defaults/fail2ban/filter.d/nginx-unauthorized.conf
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
# A fail2ban filter for unauthorized log messages
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
failregex = ^(?!.*?(?i)plex)<HOST>.*"(GET|POST|HEAD).*" 401 .*$
|
||||||
|
|
||||||
|
ignoreregex =
|
||||||
@@ -1,10 +1,14 @@
|
|||||||
## Version 2020/05/10 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/jail.local
|
## Version 2022/01/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/jail.local
|
||||||
# This is the custom version of the jail.conf for fail2ban
|
# This is the custom version of the jail.conf for fail2ban
|
||||||
# Feel free to modify this and add additional filters
|
# Feel free to modify this and add additional filters
|
||||||
# Then you can drop the new filter conf files into the fail2ban-filters
|
# Then you can drop the new filter conf files into the fail2ban-filters
|
||||||
# folder and restart the container
|
# folder and restart the container
|
||||||
|
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
|
# Prevents banning LAN subnets
|
||||||
|
ignoreip = 10.0.0.0/8
|
||||||
|
192.168.0.0/16
|
||||||
|
172.16.0.0/12
|
||||||
|
|
||||||
# Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
|
# Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
|
||||||
banaction = iptables-allports
|
banaction = iptables-allports
|
||||||
@@ -21,37 +25,35 @@ maxretry = 5
|
|||||||
|
|
||||||
|
|
||||||
[ssh]
|
[ssh]
|
||||||
|
|
||||||
enabled = false
|
enabled = false
|
||||||
|
|
||||||
|
|
||||||
[nginx-http-auth]
|
[nginx-http-auth]
|
||||||
|
|
||||||
enabled = true
|
enabled = true
|
||||||
filter = nginx-http-auth
|
filter = nginx-http-auth
|
||||||
port = http,https
|
port = http,https
|
||||||
logpath = /config/log/nginx/error.log
|
logpath = /config/log/nginx/error.log
|
||||||
|
|
||||||
|
|
||||||
[nginx-badbots]
|
[nginx-badbots]
|
||||||
|
|
||||||
enabled = true
|
enabled = true
|
||||||
port = http,https
|
port = http,https
|
||||||
filter = nginx-badbots
|
filter = nginx-badbots
|
||||||
logpath = /config/log/nginx/access.log
|
logpath = /config/log/nginx/access.log
|
||||||
maxretry = 2
|
maxretry = 2
|
||||||
|
|
||||||
|
|
||||||
[nginx-botsearch]
|
[nginx-botsearch]
|
||||||
|
|
||||||
enabled = true
|
enabled = true
|
||||||
port = http,https
|
port = http,https
|
||||||
filter = nginx-botsearch
|
filter = nginx-botsearch
|
||||||
logpath = /config/log/nginx/access.log
|
logpath = /config/log/nginx/access.log
|
||||||
|
|
||||||
[nginx-deny]
|
[nginx-deny]
|
||||||
|
|
||||||
enabled = true
|
enabled = true
|
||||||
port = http,https
|
port = http,https
|
||||||
filter = nginx-deny
|
filter = nginx-deny
|
||||||
logpath = /config/log/nginx/error.log
|
logpath = /config/log/nginx/error.log
|
||||||
|
|
||||||
|
[nginx-unauthorized]
|
||||||
|
enabled = true
|
||||||
|
port = http,https
|
||||||
|
filter = nginx-unauthorized
|
||||||
|
logpath = /config/log/nginx/unauthorized.log
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
|
## Version 2022/01/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
|
||||||
|
|
||||||
user abc;
|
user abc;
|
||||||
|
|
||||||
@@ -55,6 +55,13 @@ http {
|
|||||||
'' close;
|
'' close;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Saves unauthorized log messages to a separate log file
|
||||||
|
map $status $unauthorized {
|
||||||
|
default 0;
|
||||||
|
~^401 1;
|
||||||
|
}
|
||||||
|
access_log /config/log/nginx/unauthorized.log combined if=$unauthorized;
|
||||||
|
|
||||||
# Sets the path, format, and configuration for a buffered log write.
|
# Sets the path, format, and configuration for a buffered log write.
|
||||||
access_log /config/log/nginx/access.log;
|
access_log /config/log/nginx/access.log;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user