Bot Updating Package Versions

Update netcup.ini

.editorconfig

@@ -15,6 +15,6 @@ trim_trailing_whitespace = false
 indent_style = space
 indent_size = 2
 
-[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
+[{**.sh,root/etc/s6-overlay/s6-rc.d/**,root/etc/cont-init.d/**,root/etc/services.d/**}]
 indent_style = space
 indent_size = 4

.github/workflows/external_trigger.yml

@@ -18,7 +18,7 @@ jobs:
           fi
           echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
           echo "**** Retrieving external version ****"
-          EXT_RELEASE=$(echo '1.32.0')
+          EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
           if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
             echo "**** Can't retrieve external version, exiting ****"
             FAILURE_REASON="Can't retrieve external version for swag branch master"

.github/workflows/greetings.yml

@@ -8,6 +8,6 @@ jobs:
     steps:
     - uses: actions/first-interaction@v1
       with:
-        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.yml) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.yml) issue templates!'
+        issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.'
         pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-swag/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
         repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/permissions.yml

@@ -0,0 +1,9 @@
+name: Permission check
+on:
+  pull_request:
+    paths:
+      - '**/run'
+      - '**/finish'
+jobs:
+  permission_check:
+    uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

Dockerfile

@@ -1,4 +1,6 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
 
 # set version label
 ARG BUILD_DATE
@@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 RUN \
   echo "**** install build packages ****" && \
   apk add --no-cache --virtual=build-dependencies \
+    build-base \
     cargo \
-    g++ \
-    gcc \
     libffi-dev \
     libxml2-dev \
     libxslt-dev \
@@ -24,11 +25,9 @@ RUN \
     python3-dev && \
   echo "**** install runtime packages ****" && \
   apk add --no-cache --upgrade \
-    curl \
     fail2ban \
     gnupg \
     memcached \
-    nginx \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
     nginx-mod-http-echo \
@@ -46,62 +45,56 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php8-bcmath \
-    php8-bz2 \
-    php8-ctype \
-    php8-curl \
-    php8-dom \
-    php8-exif \
-    php8-ftp \
-    php8-gd \
-    php8-gmp \
-    php8-iconv \
-    php8-imap \
-    php8-intl \
-    php8-ldap \
-    php8-mysqli \
-    php8-mysqlnd \
-    php8-opcache \
-    php8-pdo_mysql \
-    php8-pdo_odbc \
-    php8-pdo_pgsql \
-    php8-pdo_sqlite \
-    php8-pear \
-    php8-pecl-apcu \
-    php8-pecl-mailparse \
-    php8-pecl-mcrypt \
-    php8-pecl-memcached \
-    php8-pecl-redis \
-    php8-pgsql \
-    php8-phar \
-    php8-posix \
-    php8-soap \
-    php8-sockets \
-    php8-sodium \
-    php8-sqlite3 \
-    php8-tokenizer \
-    php8-xml \
-    php8-xmlreader \
-    php8-xsl \
-    php8-zip \
-    py3-cryptography \
-    py3-future \
-    py3-pip \
+    php81-bcmath \
+    php81-bz2 \
+    php81-ctype \
+    php81-curl \
+    php81-dom \
+    php81-exif \
+    php81-ftp \
+    php81-gd \
+    php81-gmp \
+    php81-iconv \
+    php81-imap \
+    php81-intl \
+    php81-ldap \
+    php81-mysqli \
+    php81-mysqlnd \
+    php81-opcache \
+    php81-pdo_mysql \
+    php81-pdo_odbc \
+    php81-pdo_pgsql \
+    php81-pdo_sqlite \
+    php81-pear \
+    php81-pecl-apcu \
+    php81-pecl-mailparse \
+    php81-pecl-memcached \
+    php81-pecl-redis \
+    php81-pgsql \
+    php81-phar \
+    php81-posix \
+    php81-soap \
+    php81-sockets \
+    php81-sodium \
+    php81-sqlite3 \
+    php81-tokenizer \
+    php81-xmlreader \
+    php81-xsl \
+    php81-zip \
     whois && \
-  apk add --no-cache \
-    --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    php8-pecl-xmlrpc && \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    php81-pecl-mcrypt \
+    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT="certbot"; \
-  else \
-    CERTBOT="certbot==${CERTBOT_VERSION}"; \
+    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
   fi && \
-  pip3 install -U \
-    pip wheel && \
-  pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
-    acme==${CERTBOT_VERSION} \
-    ${CERTBOT} \
+  python3 -m ensurepip && \
+  pip3 install -U --no-cache-dir \
+    pip \
+    wheel && \
+  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+    certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
@@ -141,6 +134,7 @@ RUN \
     certbot-dns-vultr \
     certbot-plugin-gandi \
     cryptography \
+    future \
     requests && \
   echo "**** enable OCSP stapling from base ****" && \
   sed -i \
@@ -176,14 +170,10 @@ RUN \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
-  for cleanfiles in *.pyc *.pyo; \
-    do \
-    find /usr/lib/python3.*  -iname "${cleanfiles}" -exec rm -f '{}' + \
-    ; done && \
   rm -rf \
     /tmp/* \
-    /root/.cache \
-    /root/.cargo
+    $HOME/.cache \
+    $HOME/.cargo
 
 # copy local files
 COPY root/ /

Dockerfile.aarch64

@@ -1,4 +1,6 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
 
 # set version label
 ARG BUILD_DATE
@@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 RUN \
   echo "**** install build packages ****" && \
   apk add --no-cache --virtual=build-dependencies \
+    build-base \
     cargo \
-    g++ \
-    gcc \
     libffi-dev \
     libxml2-dev \
     libxslt-dev \
@@ -24,11 +25,9 @@ RUN \
     python3-dev && \
   echo "**** install runtime packages ****" && \
   apk add --no-cache --upgrade \
-    curl \
     fail2ban \
     gnupg \
     memcached \
-    nginx \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
     nginx-mod-http-echo \
@@ -46,62 +45,56 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php8-bcmath \
-    php8-bz2 \
-    php8-ctype \
-    php8-curl \
-    php8-dom \
-    php8-exif \
-    php8-ftp \
-    php8-gd \
-    php8-gmp \
-    php8-iconv \
-    php8-imap \
-    php8-intl \
-    php8-ldap \
-    php8-mysqli \
-    php8-mysqlnd \
-    php8-opcache \
-    php8-pdo_mysql \
-    php8-pdo_odbc \
-    php8-pdo_pgsql \
-    php8-pdo_sqlite \
-    php8-pear \
-    php8-pecl-apcu \
-    php8-pecl-mailparse \
-    php8-pecl-mcrypt \
-    php8-pecl-memcached \
-    php8-pecl-redis \
-    php8-pgsql \
-    php8-phar \
-    php8-posix \
-    php8-soap \
-    php8-sockets \
-    php8-sodium \
-    php8-sqlite3 \
-    php8-tokenizer \
-    php8-xml \
-    php8-xmlreader \
-    php8-xsl \
-    php8-zip \
-    py3-cryptography \
-    py3-future \
-    py3-pip \
+    php81-bcmath \
+    php81-bz2 \
+    php81-ctype \
+    php81-curl \
+    php81-dom \
+    php81-exif \
+    php81-ftp \
+    php81-gd \
+    php81-gmp \
+    php81-iconv \
+    php81-imap \
+    php81-intl \
+    php81-ldap \
+    php81-mysqli \
+    php81-mysqlnd \
+    php81-opcache \
+    php81-pdo_mysql \
+    php81-pdo_odbc \
+    php81-pdo_pgsql \
+    php81-pdo_sqlite \
+    php81-pear \
+    php81-pecl-apcu \
+    php81-pecl-mailparse \
+    php81-pecl-memcached \
+    php81-pecl-redis \
+    php81-pgsql \
+    php81-phar \
+    php81-posix \
+    php81-soap \
+    php81-sockets \
+    php81-sodium \
+    php81-sqlite3 \
+    php81-tokenizer \
+    php81-xmlreader \
+    php81-xsl \
+    php81-zip \
     whois && \
-  apk add --no-cache \
-    --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    php8-pecl-xmlrpc && \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    php81-pecl-mcrypt \
+    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT="certbot"; \
-  else \
-    CERTBOT="certbot==${CERTBOT_VERSION}"; \
+    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
   fi && \
-  pip3 install -U \
-    pip wheel && \
-  pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
-    acme==${CERTBOT_VERSION} \
-    ${CERTBOT} \
+  python3 -m ensurepip && \
+  pip3 install -U --no-cache-dir \
+    pip \
+    wheel && \
+  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+    certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
@@ -141,6 +134,7 @@ RUN \
     certbot-dns-vultr \
     certbot-plugin-gandi \
     cryptography \
+    future \
     requests && \
   echo "**** enable OCSP stapling from base ****" && \
   sed -i \
@@ -176,14 +170,10 @@ RUN \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
-  for cleanfiles in *.pyc *.pyo; \
-    do \
-    find /usr/lib/python3.*  -iname "${cleanfiles}" -exec rm -f '{}' + \
-    ; done && \
   rm -rf \
     /tmp/* \
-    /root/.cache \
-    /root/.cargo
+    $HOME/.cache \
+    $HOME/.cargo
 
 # copy local files
 COPY root/ /

Dockerfile.armhf

@@ -1,4 +1,6 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
 
 # set version label
 ARG BUILD_DATE
@@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 RUN \
   echo "**** install build packages ****" && \
   apk add --no-cache --virtual=build-dependencies \
+    build-base \
     cargo \
-    g++ \
-    gcc \
     libffi-dev \
     libxml2-dev \
     libxslt-dev \
@@ -24,11 +25,9 @@ RUN \
     python3-dev && \
   echo "**** install runtime packages ****" && \
   apk add --no-cache --upgrade \
-    curl \
     fail2ban \
     gnupg \
     memcached \
-    nginx \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
     nginx-mod-http-echo \
@@ -46,62 +45,56 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php8-bcmath \
-    php8-bz2 \
-    php8-ctype \
-    php8-curl \
-    php8-dom \
-    php8-exif \
-    php8-ftp \
-    php8-gd \
-    php8-gmp \
-    php8-iconv \
-    php8-imap \
-    php8-intl \
-    php8-ldap \
-    php8-mysqli \
-    php8-mysqlnd \
-    php8-opcache \
-    php8-pdo_mysql \
-    php8-pdo_odbc \
-    php8-pdo_pgsql \
-    php8-pdo_sqlite \
-    php8-pear \
-    php8-pecl-apcu \
-    php8-pecl-mailparse \
-    php8-pecl-mcrypt \
-    php8-pecl-memcached \
-    php8-pecl-redis \
-    php8-pgsql \
-    php8-phar \
-    php8-posix \
-    php8-soap \
-    php8-sockets \
-    php8-sodium \
-    php8-sqlite3 \
-    php8-tokenizer \
-    php8-xml \
-    php8-xmlreader \
-    php8-xsl \
-    php8-zip \
-    py3-cryptography \
-    py3-future \
-    py3-pip \
+    php81-bcmath \
+    php81-bz2 \
+    php81-ctype \
+    php81-curl \
+    php81-dom \
+    php81-exif \
+    php81-ftp \
+    php81-gd \
+    php81-gmp \
+    php81-iconv \
+    php81-imap \
+    php81-intl \
+    php81-ldap \
+    php81-mysqli \
+    php81-mysqlnd \
+    php81-opcache \
+    php81-pdo_mysql \
+    php81-pdo_odbc \
+    php81-pdo_pgsql \
+    php81-pdo_sqlite \
+    php81-pear \
+    php81-pecl-apcu \
+    php81-pecl-mailparse \
+    php81-pecl-memcached \
+    php81-pecl-redis \
+    php81-pgsql \
+    php81-phar \
+    php81-posix \
+    php81-soap \
+    php81-sockets \
+    php81-sodium \
+    php81-sqlite3 \
+    php81-tokenizer \
+    php81-xmlreader \
+    php81-xsl \
+    php81-zip \
     whois && \
-  apk add --no-cache \
-    --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    php8-pecl-xmlrpc && \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    php81-pecl-mcrypt \
+    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT="certbot"; \
-  else \
-    CERTBOT="certbot==${CERTBOT_VERSION}"; \
+    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
   fi && \
-  pip3 install -U \
-    pip wheel && \
-  pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
-    acme==${CERTBOT_VERSION} \
-    ${CERTBOT} \
+  python3 -m ensurepip && \
+  pip3 install -U --no-cache-dir \
+    pip \
+    wheel && \
+  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+    certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
@@ -141,6 +134,7 @@ RUN \
     certbot-dns-vultr \
     certbot-plugin-gandi \
     cryptography \
+    future \
     requests && \
   echo "**** enable OCSP stapling from base ****" && \
   sed -i \
@@ -176,14 +170,10 @@ RUN \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
-  for cleanfiles in *.pyc *.pyo; \
-    do \
-    find /usr/lib/python3.*  -iname "${cleanfiles}" -exec rm -f '{}' + \
-    ; done && \
   rm -rf \
     /tmp/* \
-    /root/.cache \
-    /root/.cargo
+    $HOME/.cache \
+    $HOME/.cargo
 
 # copy local files
 COPY root/ /

Jenkinsfile

@@ -57,7 +57,7 @@ pipeline {
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
           env.PULL_REQUEST = env.CHANGE_ID
-          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
+          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/call_invalid_helper.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
         }
         script{
           env.LS_RELEASE_NUMBER = sh(
@@ -100,18 +100,17 @@ pipeline {
     /* ########################
        External Release Tagging
        ######################## */
-    // If this is a custom command to determine version use that command
-    stage("Set tag custom bash"){
+    // If this is a pip release set the external tag to the pip version
+    stage("Set ENV pip_version"){
       steps{
         script{
           env.EXT_RELEASE = sh(
-            script: ''' echo '1.32.0' ''',
+            script: '''curl -sL  https://pypi.python.org/pypi/${EXT_PIP}/json |jq -r '. | .info.version' ''',
             returnStdout: true).trim()
-            env.RELEASE_LINK = 'custom_command'
+          env.RELEASE_LINK = 'https://pypi.python.org/pypi/' + env.EXT_PIP
         }
       }
-    }
-    // Sanitize the release tag and strip illegal docker or github characters
+    }    // Sanitize the release tag and strip illegal docker or github characters
     stage("Sanitize tag"){
       steps{
         script{
@@ -806,19 +805,19 @@ pipeline {
                   echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
                   if [ "${CI}" == "false" ]; then
                     docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
-                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                     docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
+                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                     docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                   fi
                   for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
                     docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
-                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
-                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
-                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
+                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
+                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
                     docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
+                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                     docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
@@ -826,13 +825,13 @@ pipeline {
                       docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                     fi
                     docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:amd64-latest
-                    docker push ${MANIFESTIMAGE}:arm32v7-latest
-                    docker push ${MANIFESTIMAGE}:arm64v8-latest
                     docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
+                    docker push ${MANIFESTIMAGE}:amd64-latest
+                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
+                    docker push ${MANIFESTIMAGE}:arm32v7-latest
                     docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
+                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                    docker push ${MANIFESTIMAGE}:arm64v8-latest
                     docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
@@ -912,11 +911,11 @@ pipeline {
              "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
         echo "Pushing New release for Tag"
         sh '''#! /bin/bash
-              echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json
+              echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json
               echo '{"tag_name":"'${META_TAG}'",\
                      "target_commitish": "master",\
                      "name": "'${META_TAG}'",\
-                     "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start
+                     "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**PIP Changes:**\\n\\n' > start
               printf '","draft": false,"prerelease": false}' >> releasebody.json
               paste -d'\\0' start releasebody.json > releasebody.json.done
               curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
@@ -978,12 +977,12 @@ pipeline {
           sh 'echo "build aborted"'
         }
         else if (currentBuild.currentResult == "SUCCESS"){
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 1681177,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
                  "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }
         else {
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 16711680,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
                  "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }

README.md

@@ -56,7 +56,7 @@ The architectures supported by this image are:
 | :----: | :----: | ---- |
 | x86-64 | ✅ | amd64-\<version tag\> |
 | arm64 | ✅ | arm64v8-\<version tag\> |
-| armhf| ✅ | arm32v7-\<version tag\> |
+| armhf | ✅ | arm32v7-\<version tag\> |
 
 ## Application Setup
 
@@ -154,7 +154,7 @@ services:
     environment:
       - PUID=1000
       - PGID=1000
-      - TZ=Europe/London
+      - TZ=Etc/UTC
       - URL=yourdomain.url
       - VALIDATION=http
       - SUBDOMAINS=www, #optional
@@ -181,7 +181,7 @@ docker run -d \
   --cap-add=NET_ADMIN \
   -e PUID=1000 \
   -e PGID=1000 \
-  -e TZ=Europe/London \
+  -e TZ=Etc/UTC \
   -e URL=yourdomain.url \
   -e VALIDATION=http \
   -e SUBDOMAINS=www, `#optional` \
@@ -197,6 +197,7 @@ docker run -d \
   -v /path/to/appdata/config:/config \
   --restart unless-stopped \
   lscr.io/linuxserver/swag:latest
+
 ```
 
 ## Parameters
@@ -209,7 +210,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-p 80` | Http port (required for http validation and http -> https redirect) |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
-| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
+| `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
 | `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
@@ -335,6 +336,10 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
+* **06.02.23:** - Add porkbun support back in.
+* **21.01.23:** - Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x.
+* **20.01.23:** - Rebase to alpine 3.17 with php8.1.
 * **16.01.23:** - Remove nchan module because it keeps causing crashes.
 * **08.12.22:** - Revamp certbot init.
 * **03.12.22:** - Remove defunct cloudxns plugin.

jenkins-vars.yml

@@ -2,12 +2,7 @@
 
 # jenkins variables
 project_name: docker-swag
-
-# Pin certbot to 1.32.0 until plugin compatibility improves
-external_type: na
-custom_version_command: "echo '1.32.0'"
-
-#external_type: pip_version
+external_type: pip_version
 release_type: stable
 release_tag: latest
 ls_branch: master

package_versions.txt

@@ -1,228 +1,204 @@
-alpine-baselayout-3.2.0-r18
+alpine-baselayout-3.4.0-r0
+alpine-baselayout-data-3.4.0-r0
 alpine-keys-2.4-r1
-apache2-utils-2.4.54-r0
-apk-tools-2.12.7-r3
-apr-1.7.0-r1
-apr-util-1.6.1-r11
-argon2-libs-20190702-r1
-bash-5.1.16-r0
-brotli-libs-1.0.9-r5
-busybox-1.34.1-r7
-c-client-2007f-r13
-ca-certificates-20220614-r0
-ca-certificates-bundle-20220614-r0
-coreutils-9.0-r2
-curl-7.80.0-r5
-expat-2.5.0-r0
-fail2ban-0.11.2-r1
-freetype-2.11.1-r2
-gdbm-1.22-r0
-git-2.34.5-r0
-git-perl-2.34.5-r0
-gmp-6.2.1-r1
-gnupg-2.2.31-r2
-gnupg-dirmngr-2.2.31-r2
-gnupg-gpgconf-2.2.31-r2
-gnupg-utils-2.2.31-r2
-gnupg-wks-client-2.2.31-r2
-gnutls-3.7.1-r1
-gpg-2.2.31-r2
-gpg-agent-2.2.31-r2
-gpg-wks-server-2.2.31-r2
-gpgsm-2.2.31-r2
-gpgv-2.2.31-r2
-icu-libs-69.1-r1
-ip6tables-1.8.7-r1
-iptables-1.8.7-r1
-libacl-2.2.53-r0
-libassuan-2.5.5-r0
-libattr-2.5.1-r1
-libbsd-0.11.3-r1
-libbz2-1.0.8-r1
+alpine-release-3.17.2-r0
+aom-libs-3.5.0-r0
+apache2-utils-2.4.55-r0
+apk-tools-2.12.10-r1
+apr-1.7.2-r0
+apr-util-1.6.3-r0
+argon2-libs-20190702-r2
+bash-5.2.15-r0
+brotli-libs-1.0.9-r9
+busybox-1.35.0-r29
+busybox-binsh-1.35.0-r29
+c-client-2007f-r14
+ca-certificates-20220614-r4
+ca-certificates-bundle-20220614-r4
+coreutils-9.1-r0
+curl-7.87.0-r1
+fail2ban-1.0.2-r0
+fontconfig-2.14.1-r0
+freetype-2.12.1-r0
+gdbm-1.23-r0
+git-2.38.4-r0
+git-perl-2.38.4-r0
+gmp-6.2.1-r2
+gnupg-2.2.40-r0
+gnupg-dirmngr-2.2.40-r0
+gnupg-gpgconf-2.2.40-r0
+gnupg-utils-2.2.40-r0
+gnupg-wks-client-2.2.40-r0
+gnutls-3.7.8-r3
+gpg-2.2.40-r0
+gpg-agent-2.2.40-r0
+gpg-wks-server-2.2.40-r0
+gpgsm-2.2.40-r0
+gpgv-2.2.40-r0
+icu-data-en-72.1-r1
+icu-libs-72.1-r1
+ip6tables-1.8.8-r2
+iptables-1.8.8-r2
+jq-1.6-r2
+libacl-2.3.1-r1
+libassuan-2.5.5-r1
+libattr-2.5.1-r2
+libavif-0.11.1-r0
+libbsd-0.11.7-r0
+libbz2-1.0.8-r4
 libc-utils-0.7.2-r3
-libcap-2.61-r0
-libcrypto1.1-1.1.1s-r1
-libcurl-7.80.0-r5
-libedit-20210910.3.1-r0
-libevent-2.1.12-r4
-libffi-3.4.2-r1
-libgcc-10.3.1_git20211027-r0
-libgcrypt-1.9.4-r0
-libgd-2.3.2-r1
-libgpg-error-1.42-r1
-libice-1.0.10-r0
-libidn-1.38-r0
-libintl-0.21-r0
-libjpeg-turbo-2.1.2-r0
+libcrypto3-3.0.8-r0
+libcurl-7.87.0-r2
+libdav1d-1.0.0-r2
+libedit-20221030.3.1-r0
+libevent-2.1.12-r5
+libexpat-2.5.0-r0
+libffi-3.4.4-r0
+libgcc-12.2.1_git20220924-r4
+libgcrypt-1.10.1-r0
+libgd-2.3.3-r3
+libgpg-error-1.46-r1
+libice-1.0.10-r1
+libidn-1.41-r0
+libintl-0.21.1-r1
+libjpeg-turbo-2.1.4-r0
 libksba-1.6.3-r0
-libldap-2.6.2-r0
-libmaxminddb-1.6.0-r0
-libmcrypt-2.5.8-r9
-libmd-1.0.3-r0
-libmemcached-libs-1.0.18-r4
-libmnl-1.0.4-r2
-libnftnl-1.2.1-r0
-libpng-1.6.37-r1
-libpq-14.5-r0
-libproc-3.3.17-r0
-libretls-3.3.4-r3
-libsasl-2.1.28-r0
-libseccomp-2.5.2-r0
-libsm-1.2.3-r0
-libsodium-1.0.18-r0
-libssl1.1-1.1.1s-r1
-libstdc++-10.3.1_git20211027-r0
-libtasn1-4.18.0-r1
-libunistring-0.9.10-r1
-libuuid-2.37.4-r0
-libwebp-1.2.2-r0
-libx11-1.7.3.1-r0
-libxau-1.0.9-r0
-libxcb-1.14-r2
-libxdmcp-1.1.3-r0
-libxext-1.3.4-r0
-libxml2-2.9.14-r2
-libxpm-3.5.13-r0
-libxslt-1.1.35-r0
+libldap-2.6.3-r6
+libmaxminddb-libs-1.7.1-r0
+libmcrypt-2.5.8-r10
+libmd-1.0.4-r0
+libmemcached-libs-1.0.18-r5
+libmnl-1.0.5-r0
+libnftnl-1.2.4-r0
+libpng-1.6.38-r0
+libpq-15.2-r0
+libproc-3.3.17-r2
+libsasl-2.1.28-r3
+libseccomp-2.5.4-r0
+libsm-1.2.3-r1
+libsodium-1.0.18-r2
+libssl3-3.0.8-r0
+libstdc++-12.2.1_git20220924-r4
+libtasn1-4.19.0-r0
+libunistring-1.1-r0
+libuuid-2.38.1-r1
+libwebp-1.2.4-r1
+libx11-1.8.4-r0
+libxau-1.0.10-r0
+libxcb-1.15-r0
+libxdmcp-1.1.4-r0
+libxext-1.3.5-r0
+libxml2-2.10.3-r1
+libxpm-3.5.15-r0
+libxslt-1.1.37-r0
 libxt-1.2.1-r0
-libzip-1.8.0-r1
-linux-pam-1.5.2-r0
-logrotate-3.18.1-r4
-lz4-libs-1.9.3-r1
-memcached-1.6.12-r0
+libzip-1.9.2-r2
+linux-pam-1.5.2-r1
+logrotate-3.20.1-r3
+lz4-libs-1.9.4-r1
+memcached-1.6.17-r0
 mpdecimal-2.5.1-r1
-musl-1.2.2-r7
-musl-utils-1.2.2-r7
-nano-5.9-r0
-ncurses-libs-6.3_p20211120-r1
-ncurses-terminfo-base-6.3_p20211120-r1
-nettle-3.7.3-r0
-nghttp2-libs-1.46.0-r0
-nginx-1.20.2-r1
-nginx-mod-devel-kit-1.20.2-r1
-nginx-mod-http-brotli-1.20.2-r1
-nginx-mod-http-dav-ext-1.20.2-r1
-nginx-mod-http-echo-1.20.2-r1
-nginx-mod-http-fancyindex-1.20.2-r1
-nginx-mod-http-geoip2-1.20.2-r1
-nginx-mod-http-headers-more-1.20.2-r1
-nginx-mod-http-image-filter-1.20.2-r1
-nginx-mod-http-perl-1.20.2-r1
-nginx-mod-http-redis2-1.20.2-r1
-nginx-mod-http-set-misc-1.20.2-r1
-nginx-mod-http-upload-progress-1.20.2-r1
-nginx-mod-http-xslt-filter-1.20.2-r1
-nginx-mod-mail-1.20.2-r1
-nginx-mod-rtmp-1.20.2-r1
-nginx-mod-stream-1.20.2-r1
-nginx-mod-stream-geoip2-1.20.2-r1
-nginx-vim-1.20.2-r1
-npth-1.6-r1
-oniguruma-6.9.7.1-r0
-openssl-1.1.1s-r1
-p11-kit-0.24.0-r1
-pcre-8.45-r1
-pcre2-10.40-r0
-perl-5.34.0-r1
+musl-1.2.3-r4
+musl-utils-1.2.3-r4
+nano-7.0-r0
+ncurses-libs-6.3_p20221119-r0
+ncurses-terminfo-base-6.3_p20221119-r0
+nettle-3.8.1-r0
+nghttp2-libs-1.51.0-r0
+nginx-1.22.1-r0
+nginx-mod-devel-kit-1.22.1-r0
+nginx-mod-http-brotli-1.22.1-r0
+nginx-mod-http-dav-ext-1.22.1-r0
+nginx-mod-http-echo-1.22.1-r0
+nginx-mod-http-fancyindex-1.22.1-r0
+nginx-mod-http-geoip2-1.22.1-r0
+nginx-mod-http-headers-more-1.22.1-r0
+nginx-mod-http-image-filter-1.22.1-r0
+nginx-mod-http-perl-1.22.1-r0
+nginx-mod-http-redis2-1.22.1-r0
+nginx-mod-http-set-misc-1.22.1-r0
+nginx-mod-http-upload-progress-1.22.1-r0
+nginx-mod-http-xslt-filter-1.22.1-r0
+nginx-mod-mail-1.22.1-r0
+nginx-mod-rtmp-1.22.1-r0
+nginx-mod-stream-1.22.1-r0
+nginx-mod-stream-geoip2-1.22.1-r0
+nginx-vim-1.22.1-r0
+npth-1.6-r2
+oniguruma-6.9.8-r0
+openssl-3.0.8-r0
+p11-kit-0.24.1-r1
+pcre-8.45-r2
+pcre2-10.42-r0
+perl-5.36.0-r0
 perl-error-0.17029-r1
-perl-git-2.34.5-r0
-php8-8.0.25-r0
-php8-bcmath-8.0.25-r0
-php8-bz2-8.0.25-r0
-php8-common-8.0.25-r0
-php8-ctype-8.0.25-r0
-php8-curl-8.0.25-r0
-php8-dom-8.0.25-r0
-php8-exif-8.0.25-r0
-php8-fileinfo-8.0.25-r0
-php8-fpm-8.0.25-r0
-php8-ftp-8.0.25-r0
-php8-gd-8.0.25-r0
-php8-gmp-8.0.25-r0
-php8-iconv-8.0.25-r0
-php8-imap-8.0.25-r0
-php8-intl-8.0.25-r0
-php8-ldap-8.0.25-r0
-php8-mbstring-8.0.25-r0
-php8-mysqli-8.0.25-r0
-php8-mysqlnd-8.0.25-r0
-php8-opcache-8.0.25-r0
-php8-openssl-8.0.25-r0
-php8-pdo-8.0.25-r0
-php8-pdo_mysql-8.0.25-r0
-php8-pdo_odbc-8.0.25-r0
-php8-pdo_pgsql-8.0.25-r0
-php8-pdo_sqlite-8.0.25-r0
-php8-pear-8.0.25-r0
-php8-pecl-apcu-5.1.21-r0
-php8-pecl-igbinary-3.2.6-r0
-php8-pecl-mailparse-3.1.3-r0
-php8-pecl-mcrypt-1.0.4-r0
-php8-pecl-memcached-3.1.5-r1
-php8-pecl-redis-5.3.6-r0
-php8-pecl-xmlrpc-1.0.0_rc3-r0
-php8-pgsql-8.0.25-r0
-php8-phar-8.0.25-r0
-php8-posix-8.0.25-r0
-php8-session-8.0.25-r0
-php8-simplexml-8.0.25-r0
-php8-soap-8.0.25-r0
-php8-sockets-8.0.25-r0
-php8-sodium-8.0.25-r0
-php8-sqlite3-8.0.25-r0
-php8-tokenizer-8.0.25-r0
-php8-xml-8.0.25-r0
-php8-xmlreader-8.0.25-r0
-php8-xmlwriter-8.0.25-r0
-php8-xsl-8.0.25-r0
-php8-zip-8.0.25-r0
-pinentry-1.2.0-r0
-popt-1.18-r0
-procps-3.3.17-r0
-py3-appdirs-1.4.4-r2
-py3-asn1crypto-1.4.0-r1
-py3-cachecontrol-0.12.10-r0
-py3-certifi-2020.12.5-r1
-py3-cffi-1.14.5-r4
-py3-charset-normalizer-2.0.7-r0
-py3-colorama-0.4.4-r1
-py3-contextlib2-21.6.0-r1
-py3-cparser-2.20-r1
-py3-cryptography-3.3.2-r3
-py3-distlib-0.3.3-r0
-py3-distro-1.6.0-r0
-py3-future-0.18.2-r3
-py3-html5lib-1.1-r1
-py3-idna-3.3-r0
-py3-lockfile-0.12.2-r4
-py3-msgpack-1.0.2-r1
-py3-ordered-set-4.0.2-r2
-py3-packaging-20.9-r1
-py3-parsing-2.4.7-r2
-py3-pep517-0.12.0-r0
-py3-pip-20.3.4-r1
-py3-progress-1.6-r0
-py3-requests-2.26.0-r1
-py3-retrying-1.3.3-r2
-py3-setuptools-52.0.0-r4
-py3-six-1.16.0-r0
-py3-toml-0.10.2-r2
-py3-tomli-1.2.2-r0
-py3-urllib3-1.26.7-r0
-py3-webencodings-0.5.1-r4
-python3-3.9.16-r0
-readline-8.1.1-r0
-s6-ipcserver-2.11.0.0-r0
-scanelf-1.3.3-r0
-shadow-4.8.1-r1
-skalibs-2.11.0.0-r0
-sqlite-libs-3.36.0-r0
-ssl_client-1.34.1-r7
+perl-git-2.38.4-r0
+php81-8.1.16-r0
+php81-bcmath-8.1.16-r0
+php81-bz2-8.1.16-r0
+php81-common-8.1.16-r0
+php81-ctype-8.1.16-r0
+php81-curl-8.1.16-r0
+php81-dom-8.1.16-r0
+php81-exif-8.1.16-r0
+php81-fileinfo-8.1.16-r0
+php81-fpm-8.1.16-r0
+php81-ftp-8.1.16-r0
+php81-gd-8.1.16-r0
+php81-gmp-8.1.16-r0
+php81-iconv-8.1.16-r0
+php81-imap-8.1.16-r0
+php81-intl-8.1.16-r0
+php81-ldap-8.1.16-r0
+php81-mbstring-8.1.16-r0
+php81-mysqli-8.1.16-r0
+php81-mysqlnd-8.1.16-r0
+php81-opcache-8.1.16-r0
+php81-openssl-8.1.16-r0
+php81-pdo-8.1.16-r0
+php81-pdo_mysql-8.1.16-r0
+php81-pdo_odbc-8.1.16-r0
+php81-pdo_pgsql-8.1.16-r0
+php81-pdo_sqlite-8.1.16-r0
+php81-pear-8.1.16-r0
+php81-pecl-apcu-5.1.22-r0
+php81-pecl-igbinary-3.2.12-r0
+php81-pecl-mailparse-3.1.4-r0
+php81-pecl-mcrypt-1.0.4-r0
+php81-pecl-memcached-3.2.0-r0
+php81-pecl-redis-5.3.7-r0
+php81-pecl-xmlrpc-1.0.0_rc3-r0
+php81-pgsql-8.1.16-r0
+php81-phar-8.1.16-r0
+php81-posix-8.1.16-r0
+php81-session-8.1.16-r0
+php81-simplexml-8.1.16-r0
+php81-soap-8.1.16-r0
+php81-sockets-8.1.16-r0
+php81-sodium-8.1.16-r0
+php81-sqlite3-8.1.16-r0
+php81-tokenizer-8.1.16-r0
+php81-xml-8.1.16-r0
+php81-xmlreader-8.1.16-r0
+php81-xmlwriter-8.1.16-r0
+php81-xsl-8.1.16-r0
+php81-zip-8.1.16-r0
+pinentry-1.2.1-r0
+popt-1.19-r0
+procps-3.3.17-r2
+python3-3.10.10-r0
+readline-8.2.0-r0
+scanelf-1.3.5-r1
+shadow-4.13-r0
+skalibs-2.12.0.1-r0
+sqlite-libs-3.40.1-r0
+ssl_client-1.35.0-r29
+tiff-4.4.0-r1
 tzdata-2022f-r1
-unixodbc-2.3.9-r1
-utmps-0.1.0.3-r0
-whois-5.5.10-r0
-xz-5.2.5-r1
-xz-libs-5.2.5-r1
-zlib-1.2.12-r3
-zstd-libs-1.5.0-r0
+unixodbc-2.3.11-r0
+utmps-libs-0.1.2.0-r1
+whois-5.5.14-r0
+xz-5.2.9-r0
+xz-libs-5.2.9-r0
+zlib-1.2.13-r0
+zstd-libs-1.5.2-r9

readme-vars.yml

@@ -154,6 +154,10 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." }
+  - { date: "06.02.23:", desc: "Add porkbun support back in." }
+  - { date: "21.01.23:", desc: "Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x." }
+  - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
   - { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." }
   - { date: "08.12.22:", desc: "Revamp certbot init."}
   - { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."}

root/defaults/dns-conf/netcup.ini

@@ -1,3 +1,5 @@
+# Recommended PROPAGATION value in environment for netcup is 900
+
 dns_netcup_customer_id  = 123456
 dns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567
 dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123

root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx

@@ -5,11 +5,11 @@
 . /config/.donoteditthisfile.conf
 
 if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
-	if pgrep -f "s6-supervise nginx" >/dev/null; then
-		s6-svc -u /run/service/nginx
-	fi
+    if pgrep -f "s6-supervise nginx" >/dev/null; then
+        s6-svc -u /run/service/svc-nginx
+    fi
 else
-	if pgrep -f "nginx:" >/dev/null; then
-		s6-svc -h /run/service/nginx
-	fi
+    if pgrep -f "nginx:" >/dev/null; then
+        s6-svc -h /run/service/svc-nginx
+    fi
 fi

root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx

@@ -5,7 +5,7 @@
 . /config/.donoteditthisfile.conf
 
 if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
-	if pgrep -f "nginx:" >/dev/null; then
-		s6-svc -d /run/service/nginx
-	fi
+    if pgrep -f "nginx:" >/dev/null; then
+        s6-svc -d /run/service/svc-nginx
+    fi
 fi

root/defaults/nginx/authelia-location.conf.sample

@@ -1,15 +1,29 @@
-## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
+# Rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
 # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
 
+## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
 auth_request /authelia/api/verify;
-auth_request_set $target_url $scheme://$http_host$request_uri;
+## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
+error_page 401 = @authelia_proxy_signin;
+
+## Translate response headers from Authelia into variables
 auth_request_set $user $upstream_http_remote_user;
 auth_request_set $groups $upstream_http_remote_groups;
 auth_request_set $name $upstream_http_remote_name;
 auth_request_set $email $upstream_http_remote_email;
+auth_request_set $authorization $upstream_http_authorization;
+auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
+
+## Inject the response header variables into the request made to the actual upstream
 proxy_set_header Remote-User $user;
 proxy_set_header Remote-Groups $groups;
 proxy_set_header Remote-Name $name;
 proxy_set_header Remote-Email $email;
-error_page 401 =302 https://$http_host/authelia/?rd=$target_url;
+proxy_set_header Authorization $authorization;
+proxy_set_header Proxy-Authorization $proxy_authorization;
+
+## Include the Set-Cookie header if present.
+auth_request_set $set_cookie $upstream_http_set_cookie;
+add_header Set-Cookie $set_cookie;

root/defaults/nginx/authelia-server.conf.sample

@@ -1,50 +1,55 @@
-## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
+# Rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
+# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
 
+# location for authelia subfolder requests
 location ^~ /authelia {
+    auth_request off; # requests to this subfolder must be accessible without authentication
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authelia authelia;
     proxy_pass http://$upstream_authelia:9091;
 }
 
+# location for authelia auth requests
 location = /authelia/api/verify {
     internal;
 
+    include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authelia authelia;
+    proxy_pass http://$upstream_authelia:9091/authelia/api/verify;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
     proxy_pass_request_body off;
-    proxy_pass http://$upstream_authelia:9091;
     proxy_set_header Content-Length "";
-
-    # Timeout if the real server is dead
-    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
-
-    # [REQUIRED] Needed by Authelia to check authorizations of the resource.
-    # Provide either X-Original-URL and X-Forwarded-Proto or
-    # X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
-    # Those headers will be used by Authelia to deduce the target url of the user.
-    # Basic Proxy Config
-    client_body_buffer_size 128k;
-    proxy_set_header Host $host;
-    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header X-Forwarded-Method $request_method;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header X-Forwarded-Host $http_host;
-    proxy_set_header X-Forwarded-Uri $request_uri;
-    proxy_set_header X-Forwarded-Ssl on;
-    proxy_redirect  http://  $scheme://;
-    proxy_http_version 1.1;
-    proxy_set_header Connection "";
-    proxy_cache_bypass $cookie_session;
-    proxy_no_cache $cookie_session;
-    proxy_buffers 4 32k;
-
-    # Advanced Proxy Config
-    send_timeout 5m;
-    proxy_read_timeout 240;
-    proxy_send_timeout 240;
-    proxy_connect_timeout 240;
+}
+
+# Virtual location for authelia 401 redirects
+location @authelia_proxy_signin {
+    internal;
+
+    ## Set the $target_url variable based on the original request.
+    set_escape_uri $target_url $scheme://$http_host$request_uri;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
+    ## Set $authelia_backend to route requests to the current domain by default
+    set $authelia_backend $http_host;
+    ## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
+    ## To use authelia on a separate subdomain:
+    ##  * comment the $authelia_backend line above
+    ##  * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
+    ##  * make sure that your dns has a cname set for authelia
+    ##  * uncomment the $authelia_backend line below and change example.com to your domain
+    ##  * restart the swag container
+    #set $authelia_backend authelia.example.com;
+
+    return 302 https://$authelia_backend/authelia/?rd=$target_url;
 }

root/defaults/nginx/authentik-location.conf.sample

@@ -0,0 +1,26 @@
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
+# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
+# Rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf
+
+## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
+auth_request /outpost.goauthentik.io/auth/nginx;
+## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
+error_page 401 = @goauthentik_proxy_signin;
+
+## Translate response headers from Authentik into variables
+auth_request_set $authentik_username $upstream_http_x_authentik_username;
+auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
+auth_request_set $authentik_email $upstream_http_x_authentik_email;
+auth_request_set $authentik_name $upstream_http_x_authentik_name;
+auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
+
+## Inject the response header variables into the request made to the actual upstream
+proxy_set_header X-authentik-username $authentik_username;
+proxy_set_header X-authentik-groups $authentik_groups;
+proxy_set_header X-authentik-email $authentik_email;
+proxy_set_header X-authentik-name $authentik_name;
+proxy_set_header X-authentik-uid $authentik_uid;
+
+## Include the Set-Cookie header if present.
+auth_request_set $set_cookie $upstream_http_set_cookie;
+add_header Set-Cookie $set_cookie;

root/defaults/nginx/authentik-server.conf.sample

@@ -0,0 +1,45 @@
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
+# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
+# Rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf
+
+# location for authentik subfolder requests
+location ^~ /outpost.goauthentik.io {
+    auth_request off; # requests to this subfolder must be accessible without authentication
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_authentik authentik-server;
+    proxy_pass http://$upstream_authentik:9000;
+}
+
+# location for authentik auth requests
+location = /outpost.goauthentik.io/auth/nginx {
+    internal;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_authentik authentik-server;
+    proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+}
+
+# Virtual location for authentik 401 redirects
+location @goauthentik_proxy_signin {
+    internal;
+
+    ## Set the $target_url variable based on the original request.
+    set_escape_uri $target_url $scheme://$http_host$request_uri;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
+    ## Set $authentik_backend to route requests to the current domain by default
+    set $authentik_backend $http_host;
+    return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url;
+}

root/defaults/nginx/proxy.conf.sample

@@ -1,4 +1,4 @@
-## Version 2022/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
 
 # Timeout if the real server is dead
 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
@@ -25,11 +25,13 @@ proxy_set_header Host $host;
 proxy_set_header Proxy "";
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Host $host:$server_port;
+proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Method $request_method;
+proxy_set_header X-Forwarded-Port $server_port;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-Ssl on;
 proxy_set_header X-Forwarded-Uri $request_uri;
+proxy_set_header X-Original-Method $request_method;
 proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
 proxy_set_header X-Real-IP $remote_addr;

root/defaults/nginx/site-confs/default.conf.sample

@@ -1,4 +1,4 @@
-## Version 2022/10/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
 
 # redirect all traffic to https
 server {
@@ -29,6 +29,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable for basic auth
         #auth_basic "Restricted";
@@ -40,6 +43,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         try_files $uri $uri/ /index.html /index.php$is_args$args =404;
     }
 

root/etc/cont-init.d/43-crontabs

@@ -1,11 +0,0 @@
-#!/usr/bin/with-contenv bash
-# shellcheck shell=bash
-
-# copy crontabs if needed
-if [[ ! -f /config/crontabs/root ]]; then
-    cp /etc/crontabs/root /config/crontabs/
-fi
-
-# import user crontabs
-rm /etc/crontabs/*
-cp /config/crontabs/* /etc/crontabs/

root/etc/s6-overlay/s6-rc.d/init-certbot-config/run

@@ -31,12 +31,16 @@ fi
 
 # copy dns default configs
 cp -n /defaults/dns-conf/* /config/dns-conf/
-chown -R abc:abc /config/dns-conf
+lsiown -R abc:abc /config/dns-conf
 
 # copy default renewal hooks
 chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
 cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
-chown -R abc:abc /config/etc/letsencrypt/renewal-hooks
+lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
+
+# replace nginx service location in renewal hooks
+find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
+find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \;
 
 # create original config file if it doesn't exist, move non-hidden legacy file to hidden
 if [[ -f "/config/donoteditthisfile.conf" ]]; then

root/etc/s6-overlay/s6-rc.d/init-certbot-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-certbot-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-certbot-config/run

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

@@ -0,0 +1,30 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# if root crontabs do not exist in config
+# copy root crontab from system
+if [[ ! -f /config/crontabs/root ]] && crontab -l -u root; then
+    crontab -l -u root >/config/crontabs/root
+fi
+
+# if root crontabs still do not exist in config (were not copied from system)
+# copy root crontab from included defaults
+if [[ ! -f /config/crontabs/root ]]; then
+    cp /etc/crontabs/root /config/crontabs/
+fi
+
+# if abc crontabs do not exist in config
+# copy abc crontab from system
+if [[ ! -f /config/crontabs/abc ]] && crontab -l -u abc; then
+    crontab -l -u abc >/config/crontabs/abc
+fi
+
+# if abc crontabs still do not exist in config (were not copied from system)
+# copy abc crontab from included defaults
+if [[ ! -f /config/crontabs/abc ]]; then
+    cp /etc/crontabs/abc /config/crontabs/
+fi
+
+# import user crontabs
+crontab -u root /config/crontabs/root
+crontab -u abc /config/crontabs/abc

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run

root/etc/s6-overlay/s6-rc.d/init-folders-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-folders-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-folders-config/run

root/etc/s6-overlay/s6-rc.d/init-nginx-config/run

@@ -14,6 +14,14 @@ if [[ ! -f /config/nginx/authelia-server.conf ]]; then
     cp /defaults/nginx/authelia-server.conf.sample /config/nginx/authelia-server.conf
 fi
 
+# copy authentik config files if they don't exist
+if [[ ! -f /config/nginx/authentik-location.conf ]]; then
+    cp /defaults/nginx/authentik-location.conf.sample /config/nginx/authentik-location.conf
+fi
+if [[ ! -f /config/nginx/authentik-server.conf ]]; then
+    cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
+fi
+
 # copy old ldap config file to new location
 if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
     cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf

root/etc/s6-overlay/s6-rc.d/init-nginx-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-nginx-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-nginx-config/run

root/etc/s6-overlay/s6-rc.d/init-outdated-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-outdated-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-outdated-config/run

root/etc/s6-overlay/s6-rc.d/init-permissions-config/run

@@ -2,7 +2,7 @@
 # shellcheck shell=bash
 
 # permissions
-chown -R abc:abc \
+lsiown -R abc:abc \
     /config
 chmod -R 0644 /etc/logrotate.d
 chmod -R +r /config/log

root/etc/s6-overlay/s6-rc.d/init-permissions-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-permissions-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-permissions-config/run

root/etc/s6-overlay/s6-rc.d/init-renew/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-renew/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-renew/run

root/etc/s6-overlay/s6-rc.d/init-require-url/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-require-url/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-require-url/run

root/etc/s6-overlay/s6-rc.d/init-samples-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-samples-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-samples-config/run

root/etc/s6-overlay/s6-rc.d/init-test-run/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-test-run/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-test-run/run

root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type

@@ -0,0 +1 @@
+longrun