mirror of
https://github.com/linuxserver/docker-swag.git
synced 2026-03-03 00:43:34 +09:00
Compare commits
35 Commits
1.8.0-ls13
...
1.10.0-ls2
| Author | SHA1 | Date | |
|---|---|---|---|
|
536c903fe2 | ||
|
|
0bebcbed52 | ||
|
|
64b676eb06 | ||
|
46c804c696 | ||
|
cf74fe7a39 | ||
|
|
177ba1b378 | ||
|
|
aded96c0a4 | ||
|
8bcf64041a | ||
|
|
04745dcf1f | ||
|
|
0a4cac7f35 | ||
|
|
95e7ef9db3 | ||
|
515addf76e | ||
|
|
046fb5447a | ||
|
|
f23595d0b9 | ||
|
812f2d3df5 | ||
|
|
71734a4e49 | ||
|
|
4d9439c899 | ||
|
|
a910da2633 | ||
|
|
35fa03e01c | ||
|
|
9de23713ca | ||
|
|
3e3dccd836 | ||
|
1d08b6f2e1 | ||
|
|
01dd12f567 | ||
|
|
50371fea4f | ||
|
|
3b927f6857 | ||
|
a81ab8bcf1 | ||
|
38fa575e1e | ||
|
|
f105551398 | ||
|
|
02310836df | ||
|
|
34c2a6243e | ||
|
|
bd2913b084 | ||
|
|
c230a05837 | ||
|
|
2c78490f28 | ||
|
|
8d5f6e56b8 | ||
|
|
692600c1dc |
@@ -1,4 +1,4 @@
|
||||
FROM lsiobase/nginx:3.12
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.12
|
||||
|
||||
# set version label
|
||||
ARG BUILD_DATE
|
||||
@@ -107,6 +107,7 @@ RUN \
|
||||
certbot-dns-inwx \
|
||||
certbot-dns-linode \
|
||||
certbot-dns-luadns \
|
||||
certbot-dns-netcup \
|
||||
certbot-dns-nsone \
|
||||
certbot-dns-ovh \
|
||||
certbot-dns-rfc2136 \
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM lsiobase/nginx:arm64v8-3.12
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.12
|
||||
|
||||
# set version label
|
||||
ARG BUILD_DATE
|
||||
@@ -107,6 +107,7 @@ RUN \
|
||||
certbot-dns-inwx \
|
||||
certbot-dns-linode \
|
||||
certbot-dns-luadns \
|
||||
certbot-dns-netcup \
|
||||
certbot-dns-nsone \
|
||||
certbot-dns-ovh \
|
||||
certbot-dns-rfc2136 \
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM lsiobase/nginx:arm32v7-3.12
|
||||
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.12
|
||||
|
||||
# set version label
|
||||
ARG BUILD_DATE
|
||||
@@ -107,6 +107,7 @@ RUN \
|
||||
certbot-dns-inwx \
|
||||
certbot-dns-linode \
|
||||
certbot-dns-luadns \
|
||||
certbot-dns-netcup \
|
||||
certbot-dns-nsone \
|
||||
certbot-dns-ovh \
|
||||
certbot-dns-rfc2136 \
|
||||
|
||||
162
Jenkinsfile
vendored
162
Jenkinsfile
vendored
@@ -42,7 +42,7 @@ pipeline {
|
||||
script{
|
||||
env.EXIT_STATUS = ''
|
||||
env.LS_RELEASE = sh(
|
||||
script: '''docker run --rm alexeiled/skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
|
||||
script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
|
||||
returnStdout: true).trim()
|
||||
env.LS_RELEASE_NOTES = sh(
|
||||
script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''',
|
||||
@@ -128,7 +128,7 @@ pipeline {
|
||||
steps {
|
||||
script{
|
||||
env.IMAGE = env.DOCKERHUB_IMAGE
|
||||
env.GITHUBIMAGE = 'docker.pkg.github.com/' + env.LS_USER + '/' + env.LS_REPO + '/' + env.CONTAINER_NAME
|
||||
env.GITHUBIMAGE = 'ghcr.io/' + env.LS_USER + '/' + env.CONTAINER_NAME
|
||||
env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/' + env.CONTAINER_NAME
|
||||
if (env.MULTIARCH == 'true') {
|
||||
env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
|
||||
@@ -149,7 +149,7 @@ pipeline {
|
||||
steps {
|
||||
script{
|
||||
env.IMAGE = env.DEV_DOCKERHUB_IMAGE
|
||||
env.GITHUBIMAGE = 'docker.pkg.github.com/' + env.LS_USER + '/' + env.LS_REPO + '/lsiodev-' + env.CONTAINER_NAME
|
||||
env.GITHUBIMAGE = 'ghcr.io/' + env.LS_USER + '/lsiodev-' + env.CONTAINER_NAME
|
||||
env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lsiodev-' + env.CONTAINER_NAME
|
||||
if (env.MULTIARCH == 'true') {
|
||||
env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
|
||||
@@ -170,7 +170,7 @@ pipeline {
|
||||
steps {
|
||||
script{
|
||||
env.IMAGE = env.PR_DOCKERHUB_IMAGE
|
||||
env.GITHUBIMAGE = 'docker.pkg.github.com/' + env.LS_USER + '/' + env.LS_REPO + '/lspipepr-' + env.CONTAINER_NAME
|
||||
env.GITHUBIMAGE = 'ghcr.io/' + env.LS_USER + '/lspipepr-' + env.CONTAINER_NAME
|
||||
env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lspipepr-' + env.CONTAINER_NAME
|
||||
if (env.MULTIARCH == 'true') {
|
||||
env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
|
||||
@@ -191,24 +191,24 @@ pipeline {
|
||||
}
|
||||
steps {
|
||||
withCredentials([
|
||||
string(credentialsId: 'spaces-key', variable: 'DO_KEY'),
|
||||
string(credentialsId: 'spaces-secret', variable: 'DO_SECRET')
|
||||
string(credentialsId: 'ci-tests-s3-key-id', variable: 'S3_KEY'),
|
||||
string(credentialsId: 'ci-tests-s3-secret-access-key', variable: 'S3_SECRET')
|
||||
]) {
|
||||
script{
|
||||
env.SHELLCHECK_URL = 'https://lsio-ci.ams3.digitaloceanspaces.com/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml'
|
||||
env.SHELLCHECK_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml'
|
||||
}
|
||||
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
docker pull lsiodev/spaces-file-upload:latest
|
||||
docker pull ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest
|
||||
docker run --rm \
|
||||
-e DESTINATION=\"${IMAGE}/${META_TAG}/shellcheck-result.xml\" \
|
||||
-e FILE_NAME="shellcheck-result.xml" \
|
||||
-e MIMETYPE="text/xml" \
|
||||
-v ${WORKSPACE}:/mnt \
|
||||
-e SECRET_KEY=\"${DO_SECRET}\" \
|
||||
-e ACCESS_KEY=\"${DO_KEY}\" \
|
||||
-t lsiodev/spaces-file-upload:latest \
|
||||
-e SECRET_KEY=\"${S3_SECRET}\" \
|
||||
-e ACCESS_KEY=\"${S3_KEY}\" \
|
||||
-t ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest \
|
||||
python /upload.py'''
|
||||
}
|
||||
}
|
||||
@@ -226,8 +226,8 @@ pipeline {
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
TEMPDIR=$(mktemp -d)
|
||||
docker pull linuxserver/jenkins-builder:latest
|
||||
docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=master -v ${TEMPDIR}:/ansible/jenkins linuxserver/jenkins-builder:latest
|
||||
docker pull ghcr.io/linuxserver/jenkins-builder:latest
|
||||
docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=master -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest
|
||||
CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
|
||||
cd ${TEMPDIR}/docker-${CONTAINER_NAME}
|
||||
NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
|
||||
@@ -332,28 +332,19 @@ pipeline {
|
||||
label 'ARMHF'
|
||||
}
|
||||
steps {
|
||||
withCredentials([
|
||||
[
|
||||
$class: 'UsernamePasswordMultiBinding',
|
||||
credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
|
||||
usernameVariable: 'DOCKERUSER',
|
||||
passwordVariable: 'DOCKERPASS'
|
||||
]
|
||||
]) {
|
||||
echo 'Logging into DockerHub'
|
||||
sh '''#! /bin/bash
|
||||
echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
|
||||
'''
|
||||
sh "docker build --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
|
||||
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${META_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
|
||||
sh "docker tag ${IMAGE}:arm32v7-${META_TAG} lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
retry(5) {
|
||||
sh "docker push lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
}
|
||||
sh '''docker rmi \
|
||||
${IMAGE}:arm32v7-${META_TAG} \
|
||||
lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} || :'''
|
||||
echo 'Logging into Github'
|
||||
sh '''#! /bin/bash
|
||||
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
|
||||
'''
|
||||
sh "docker build --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
|
||||
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${META_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
|
||||
sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
retry(5) {
|
||||
sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
}
|
||||
sh '''docker rmi \
|
||||
${IMAGE}:arm32v7-${META_TAG} \
|
||||
ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} || :'''
|
||||
}
|
||||
}
|
||||
stage('Build ARM64') {
|
||||
@@ -361,28 +352,19 @@ pipeline {
|
||||
label 'ARM64'
|
||||
}
|
||||
steps {
|
||||
withCredentials([
|
||||
[
|
||||
$class: 'UsernamePasswordMultiBinding',
|
||||
credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
|
||||
usernameVariable: 'DOCKERUSER',
|
||||
passwordVariable: 'DOCKERPASS'
|
||||
]
|
||||
]) {
|
||||
echo 'Logging into DockerHub'
|
||||
sh '''#! /bin/bash
|
||||
echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
|
||||
'''
|
||||
sh "docker build --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
|
||||
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${META_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
|
||||
sh "docker tag ${IMAGE}:arm64v8-${META_TAG} lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
retry(5) {
|
||||
sh "docker push lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
}
|
||||
sh '''docker rmi \
|
||||
${IMAGE}:arm64v8-${META_TAG} \
|
||||
lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :'''
|
||||
echo 'Logging into Github'
|
||||
sh '''#! /bin/bash
|
||||
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
|
||||
'''
|
||||
sh "docker build --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
|
||||
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${META_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
|
||||
sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
retry(5) {
|
||||
sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
|
||||
}
|
||||
sh '''docker rmi \
|
||||
${IMAGE}:arm64v8-${META_TAG} \
|
||||
ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :'''
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -481,20 +463,20 @@ pipeline {
|
||||
}
|
||||
steps {
|
||||
withCredentials([
|
||||
string(credentialsId: 'spaces-key', variable: 'DO_KEY'),
|
||||
string(credentialsId: 'spaces-secret', variable: 'DO_SECRET')
|
||||
string(credentialsId: 'ci-tests-s3-key-id', variable: 'S3_KEY'),
|
||||
string(credentialsId: 'ci-tests-s3-secret-access-key ', variable: 'S3_SECRET')
|
||||
]) {
|
||||
script{
|
||||
env.CI_URL = 'https://lsio-ci.ams3.digitaloceanspaces.com/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
|
||||
env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
|
||||
}
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
docker pull lsiodev/ci:latest
|
||||
docker pull ghcr.io/linuxserver/lsiodev-ci:latest
|
||||
if [ "${MULTIARCH}" == "true" ]; then
|
||||
docker pull lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker pull lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker tag lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
|
||||
docker tag lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
|
||||
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
|
||||
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
|
||||
fi
|
||||
docker run --rm \
|
||||
--shm-size=1gb \
|
||||
@@ -506,15 +488,15 @@ pipeline {
|
||||
-e PORT=\"${CI_PORT}\" \
|
||||
-e SSL=\"${CI_SSL}\" \
|
||||
-e BASE=\"${DIST_IMAGE}\" \
|
||||
-e SECRET_KEY=\"${DO_SECRET}\" \
|
||||
-e ACCESS_KEY=\"${DO_KEY}\" \
|
||||
-e SECRET_KEY=\"${S3_SECRET}\" \
|
||||
-e ACCESS_KEY=\"${S3_KEY}\" \
|
||||
-e DOCKER_ENV=\"${CI_DOCKERENV}\" \
|
||||
-e WEB_SCREENSHOT=\"${CI_WEB}\" \
|
||||
-e WEB_AUTH=\"${CI_AUTH}\" \
|
||||
-e WEB_PATH=\"${CI_WEBPATH}\" \
|
||||
-e DO_REGION="ams3" \
|
||||
-e DO_BUCKET="lsio-ci" \
|
||||
-t lsiodev/ci:latest \
|
||||
-t ghcr.io/linuxserver/lsiodev-ci:latest \
|
||||
python /ci/ci.py'''
|
||||
}
|
||||
}
|
||||
@@ -541,7 +523,7 @@ pipeline {
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
|
||||
echo $GITHUB_TOKEN | docker login docker.pkg.github.com -u LinuxServer-CI --password-stdin
|
||||
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
|
||||
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
|
||||
for PUSHIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${IMAGE}"; do
|
||||
docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG}
|
||||
@@ -583,15 +565,15 @@ pipeline {
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
|
||||
echo $GITHUB_TOKEN | docker login docker.pkg.github.com -u LinuxServer-CI --password-stdin
|
||||
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
|
||||
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
|
||||
if [ "${CI}" == "false" ]; then
|
||||
docker pull lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker pull lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker tag lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
|
||||
docker tag lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
|
||||
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
|
||||
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
|
||||
fi
|
||||
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}"; do
|
||||
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}"; do
|
||||
docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
|
||||
docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
|
||||
docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
|
||||
@@ -625,28 +607,6 @@ pipeline {
|
||||
docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG}
|
||||
docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG}
|
||||
done
|
||||
docker tag ${IMAGE}:amd64-${META_TAG} ${GITHUBIMAGE}:amd64-${META_TAG}
|
||||
docker tag ${IMAGE}:arm32v7-${META_TAG} ${GITHUBIMAGE}:arm32v7-${META_TAG}
|
||||
docker tag ${IMAGE}:arm64v8-${META_TAG} ${GITHUBIMAGE}:arm64v8-${META_TAG}
|
||||
docker tag ${GITHUBIMAGE}:amd64-${META_TAG} ${GITHUBIMAGE}:latest
|
||||
docker tag ${GITHUBIMAGE}:amd64-${META_TAG} ${GITHUBIMAGE}:${META_TAG}
|
||||
docker tag ${GITHUBIMAGE}:arm32v7-${META_TAG} ${GITHUBIMAGE}:arm32v7-latest
|
||||
docker tag ${GITHUBIMAGE}:arm64v8-${META_TAG} ${GITHUBIMAGE}:arm64v8-latest
|
||||
docker tag ${GITHUBIMAGE}:amd64-${META_TAG} ${GITHUBIMAGE}:amd64-${EXT_RELEASE_TAG}
|
||||
docker tag ${GITHUBIMAGE}:amd64-${META_TAG} ${GITHUBIMAGE}:${EXT_RELEASE_TAG}
|
||||
docker tag ${GITHUBIMAGE}:arm32v7-${META_TAG} ${GITHUBIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
||||
docker tag ${GITHUBIMAGE}:arm64v8-${META_TAG} ${GITHUBIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||
docker push ${GITHUBIMAGE}:amd64-${META_TAG}
|
||||
docker push ${GITHUBIMAGE}:arm32v7-${META_TAG}
|
||||
docker push ${GITHUBIMAGE}:arm64v8-${META_TAG}
|
||||
docker push ${GITHUBIMAGE}:latest
|
||||
docker push ${GITHUBIMAGE}:${META_TAG}
|
||||
docker push ${GITHUBIMAGE}:arm32v7-latest
|
||||
docker push ${GITHUBIMAGE}:arm64v8-latest
|
||||
docker push ${GITHUBIMAGE}:${EXT_RELEASE_TAG}
|
||||
docker push ${GITHUBIMAGE}:amd64-${EXT_RELEASE_TAG}
|
||||
docker push ${GITHUBIMAGE}:arm32v7-${EXT_RELEASE_TAG}
|
||||
docker push ${GITHUBIMAGE}:arm64v8-${EXT_RELEASE_TAG}
|
||||
'''
|
||||
}
|
||||
sh '''#! /bin/bash
|
||||
@@ -660,8 +620,8 @@ pipeline {
|
||||
${DELETEIMAGE}:arm64v8-latest || :
|
||||
done
|
||||
docker rmi \
|
||||
lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} \
|
||||
lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :
|
||||
ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} \
|
||||
ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :
|
||||
'''
|
||||
}
|
||||
}
|
||||
@@ -714,9 +674,9 @@ pipeline {
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
TEMPDIR=$(mktemp -d)
|
||||
docker pull linuxserver/jenkins-builder:latest
|
||||
docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins linuxserver/jenkins-builder:latest
|
||||
docker pull lsiodev/readme-sync
|
||||
docker pull ghcr.io/linuxserver/jenkins-builder:latest
|
||||
docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest
|
||||
docker pull ghcr.io/linuxserver/lsiodev-readme-sync
|
||||
docker run --rm=true \
|
||||
-e DOCKERHUB_USERNAME=$DOCKERUSER \
|
||||
-e DOCKERHUB_PASSWORD=$DOCKERPASS \
|
||||
@@ -724,7 +684,7 @@ pipeline {
|
||||
-e DOCKER_REPOSITORY=${IMAGE} \
|
||||
-e GIT_BRANCH=master \
|
||||
-v ${TEMPDIR}/docker-${CONTAINER_NAME}:/mnt \
|
||||
lsiodev/readme-sync bash -c 'node sync'
|
||||
ghcr.io/linuxserver/lsiodev-readme-sync bash -c 'node sync'
|
||||
rm -Rf ${TEMPDIR} '''
|
||||
}
|
||||
}
|
||||
|
||||
28
README.md
28
README.md
@@ -36,7 +36,7 @@ Find us at:
|
||||
[](https://hub.docker.com/r/linuxserver/swag)
|
||||
[](https://hub.docker.com/r/linuxserver/swag)
|
||||
[](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/)
|
||||
[](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/swag/latest/index.html)
|
||||
[](https://ci-tests.linuxserver.io/linuxserver/swag/latest/index.html)
|
||||
|
||||
SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes. It also contains fail2ban for intrusion prevention.
|
||||
|
||||
@@ -46,7 +46,7 @@ SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relatio
|
||||
|
||||
Our images support multiple architectures such as `x86-64`, `arm64` and `armhf`. We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
|
||||
|
||||
Simply pulling `linuxserver/swag` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
|
||||
Simply pulling `ghcr.io/linuxserver/swag` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
|
||||
|
||||
The architectures supported by this image are:
|
||||
|
||||
@@ -70,7 +70,7 @@ Compatible with docker-compose v2 schemas.
|
||||
version: "2.1"
|
||||
services:
|
||||
swag:
|
||||
image: linuxserver/swag
|
||||
image: ghcr.io/linuxserver/swag
|
||||
container_name: swag
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
@@ -121,7 +121,7 @@ docker run -d \
|
||||
-p 80:80 `#optional` \
|
||||
-v /path/to/appdata/config:/config \
|
||||
--restart unless-stopped \
|
||||
linuxserver/swag
|
||||
ghcr.io/linuxserver/swag
|
||||
```
|
||||
|
||||
|
||||
@@ -139,7 +139,7 @@ Container images are configured using parameters passed at runtime (such as thos
|
||||
| `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
|
||||
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) |
|
||||
| `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). |
|
||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
||||
| `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org |
|
||||
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications. |
|
||||
@@ -227,10 +227,11 @@ This will *ask* Google et al not to index and list your site. Be careful with th
|
||||
2. `privkey.pfx`, a format supported by Microsoft and commonly used by dotnet apps such as Emby Server (no password)
|
||||
3. `priv-fullchain-bundle.pem`, a pem cert that bundles the private key and the fullchain, used by apps like ZNC
|
||||
### Using fail2ban
|
||||
* This container includes fail2ban set up with 3 jails by default:
|
||||
* This container includes fail2ban set up with 4 jails by default:
|
||||
1. nginx-http-auth
|
||||
2. nginx-badbots
|
||||
3. nginx-botsearch
|
||||
4. nginx-deny
|
||||
* To enable or disable other jails, modify the file `/config/fail2ban/jail.local`
|
||||
* To modify filters and actions, instead of editing the `.conf` files, create `.local` files with the same name and edit those because .conf files get overwritten when the actions and filters are updated. `.local` files will append whatever's in the `.conf` files (ie. `nginx-http-auth.conf` --> `nginx-http-auth.local`)
|
||||
* You can check which jails are active via `docker exec -it swag fail2ban-client status`
|
||||
@@ -245,7 +246,7 @@ This will *ask* Google et al not to index and list your site. Be careful with th
|
||||
2. Review our repository commits and apply the new changes yourself
|
||||
3. Delete the modified config file with listed updates, restart the container, reapply your changes
|
||||
* If you have NOT modified a file with noted changes in the changelog:
|
||||
1. Delete the config file with listed updates, restart the container, reapply your changes
|
||||
1. Delete the config file with listed updates, restart the container
|
||||
* Proxy sample updates are not listed in the changelog. See the changes here: [https://github.com/linuxserver/reverse-proxy-confs/commits/master](https://github.com/linuxserver/reverse-proxy-confs/commits/master)
|
||||
* Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not.
|
||||
* You can check the new sample and adjust your active config as needed.
|
||||
@@ -264,7 +265,7 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
|
||||
* container version number
|
||||
* `docker inspect -f '{{ index .Config.Labels "build_version" }}' swag`
|
||||
* image version number
|
||||
* `docker inspect -f '{{ index .Config.Labels "build_version" }}' linuxserver/swag`
|
||||
* `docker inspect -f '{{ index .Config.Labels "build_version" }}' ghcr.io/linuxserver/swag`
|
||||
|
||||
## Updating Info
|
||||
|
||||
@@ -280,7 +281,7 @@ Below are the instructions for updating containers:
|
||||
* You can also remove the old dangling images: `docker image prune`
|
||||
|
||||
### Via Docker Run
|
||||
* Update the image: `docker pull linuxserver/swag`
|
||||
* Update the image: `docker pull ghcr.io/linuxserver/swag`
|
||||
* Stop the running container: `docker stop swag`
|
||||
* Delete the container: `docker rm swag`
|
||||
* Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved)
|
||||
@@ -310,7 +311,7 @@ cd docker-swag
|
||||
docker build \
|
||||
--no-cache \
|
||||
--pull \
|
||||
-t linuxserver/swag:latest .
|
||||
-t ghcr.io/linuxserver/swag:latest .
|
||||
```
|
||||
|
||||
The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
|
||||
@@ -322,7 +323,10 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
||||
|
||||
## Versions
|
||||
|
||||
* **20.09.20:** - Update nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme.
|
||||
* **01.11.20:** - Add support for netcup dns validation
|
||||
* **29.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy.
|
||||
* **04.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering.
|
||||
* **20.09.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme.
|
||||
* **08.09.20:** - Add php7-xsl.
|
||||
* **01.09.20:** - Update nginx.conf and proxy.conf (and various proxy samples) to better handle websockets.
|
||||
* **01.09.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and various proxy samples - Global websockets across all configs.
|
||||
* **03.08.20:** - Initial release.
|
||||
|
||||
@@ -6,7 +6,7 @@ apr-1.7.0-r0
|
||||
apr-util-1.6.1-r6
|
||||
argon2-libs-20190702-r1
|
||||
bash-5.0.17-r0
|
||||
brotli-libs-1.0.7-r5
|
||||
brotli-libs-1.0.9-r1
|
||||
busybox-1.31.1-r19
|
||||
c-client-2007f-r11
|
||||
ca-certificates-20191127-r4
|
||||
@@ -16,7 +16,7 @@ curl-7.69.1-r1
|
||||
db-5.3.28-r1
|
||||
expat-2.2.9-r1
|
||||
fail2ban-0.11.1-r3
|
||||
freetype-2.10.2-r0
|
||||
freetype-2.10.4-r0
|
||||
gdbm-1.13-r1
|
||||
git-2.26.2-r0
|
||||
git-perl-2.26.2-r0
|
||||
@@ -58,7 +58,7 @@ libmnl-1.0.4-r0
|
||||
libmount-2.35.2-r0
|
||||
libnftnl-libs-1.1.6-r0
|
||||
libpng-1.6.37-r1
|
||||
libpq-12.4-r0
|
||||
libpq-12.5-r0
|
||||
libproc-3.3.16-r0
|
||||
libressl3.1-libcrypto-3.1.2-r0
|
||||
libressl3.1-libssl-3.1.2-r0
|
||||
@@ -88,33 +88,33 @@ linux-pam-1.3.1-r4
|
||||
logrotate-3.16.0-r0
|
||||
luajit-5.1.20190925-r0
|
||||
memcached-1.6.6-r0
|
||||
musl-1.1.24-r9
|
||||
musl-utils-1.1.24-r9
|
||||
musl-1.1.24-r10
|
||||
musl-utils-1.1.24-r10
|
||||
nano-4.9.3-r0
|
||||
ncurses-libs-6.2_p20200523-r0
|
||||
ncurses-terminfo-base-6.2_p20200523-r0
|
||||
nettle-3.5.1-r1
|
||||
nghttp2-libs-1.41.0-r0
|
||||
nginx-1.18.0-r0
|
||||
nginx-mod-devel-kit-1.18.0-r0
|
||||
nginx-mod-http-echo-1.18.0-r0
|
||||
nginx-mod-http-fancyindex-1.18.0-r0
|
||||
nginx-mod-http-geoip2-1.18.0-r0
|
||||
nginx-mod-http-headers-more-1.18.0-r0
|
||||
nginx-mod-http-image-filter-1.18.0-r0
|
||||
nginx-mod-http-lua-1.18.0-r0
|
||||
nginx-mod-http-lua-upstream-1.18.0-r0
|
||||
nginx-mod-http-nchan-1.18.0-r0
|
||||
nginx-mod-http-perl-1.18.0-r0
|
||||
nginx-mod-http-redis2-1.18.0-r0
|
||||
nginx-mod-http-set-misc-1.18.0-r0
|
||||
nginx-mod-http-upload-progress-1.18.0-r0
|
||||
nginx-mod-http-xslt-filter-1.18.0-r0
|
||||
nginx-mod-mail-1.18.0-r0
|
||||
nginx-mod-rtmp-1.18.0-r0
|
||||
nginx-mod-stream-1.18.0-r0
|
||||
nginx-mod-stream-geoip2-1.18.0-r0
|
||||
nginx-vim-1.18.0-r0
|
||||
nginx-1.18.0-r1
|
||||
nginx-mod-devel-kit-1.18.0-r1
|
||||
nginx-mod-http-echo-1.18.0-r1
|
||||
nginx-mod-http-fancyindex-1.18.0-r1
|
||||
nginx-mod-http-geoip2-1.18.0-r1
|
||||
nginx-mod-http-headers-more-1.18.0-r1
|
||||
nginx-mod-http-image-filter-1.18.0-r1
|
||||
nginx-mod-http-lua-1.18.0-r1
|
||||
nginx-mod-http-lua-upstream-1.18.0-r1
|
||||
nginx-mod-http-nchan-1.18.0-r1
|
||||
nginx-mod-http-perl-1.18.0-r1
|
||||
nginx-mod-http-redis2-1.18.0-r1
|
||||
nginx-mod-http-set-misc-1.18.0-r1
|
||||
nginx-mod-http-upload-progress-1.18.0-r1
|
||||
nginx-mod-http-xslt-filter-1.18.0-r1
|
||||
nginx-mod-mail-1.18.0-r1
|
||||
nginx-mod-rtmp-1.18.0-r1
|
||||
nginx-mod-stream-1.18.0-r1
|
||||
nginx-mod-stream-geoip2-1.18.0-r1
|
||||
nginx-vim-1.18.0-r1
|
||||
npth-1.6-r0
|
||||
openssl-1.1.1g-r0
|
||||
p11-kit-0.23.20-r5
|
||||
@@ -123,55 +123,55 @@ pcre2-10.35-r0
|
||||
perl-5.30.3-r0
|
||||
perl-error-0.17029-r0
|
||||
perl-git-2.26.2-r0
|
||||
php7-7.3.23-r0
|
||||
php7-bcmath-7.3.23-r0
|
||||
php7-bz2-7.3.23-r0
|
||||
php7-common-7.3.23-r0
|
||||
php7-ctype-7.3.23-r0
|
||||
php7-curl-7.3.23-r0
|
||||
php7-dom-7.3.23-r0
|
||||
php7-exif-7.3.23-r0
|
||||
php7-fileinfo-7.3.23-r0
|
||||
php7-fpm-7.3.23-r0
|
||||
php7-ftp-7.3.23-r0
|
||||
php7-gd-7.3.23-r0
|
||||
php7-iconv-7.3.23-r0
|
||||
php7-imap-7.3.23-r0
|
||||
php7-intl-7.3.23-r0
|
||||
php7-json-7.3.23-r0
|
||||
php7-ldap-7.3.23-r0
|
||||
php7-mbstring-7.3.23-r0
|
||||
php7-mysqli-7.3.23-r0
|
||||
php7-mysqlnd-7.3.23-r0
|
||||
php7-opcache-7.3.23-r0
|
||||
php7-openssl-7.3.23-r0
|
||||
php7-pdo-7.3.23-r0
|
||||
php7-pdo_mysql-7.3.23-r0
|
||||
php7-pdo_odbc-7.3.23-r0
|
||||
php7-pdo_pgsql-7.3.23-r0
|
||||
php7-pdo_sqlite-7.3.23-r0
|
||||
php7-pear-7.3.23-r0
|
||||
php7-pecl-apcu-5.1.18-r0
|
||||
php7-pecl-igbinary-3.1.4-r0
|
||||
php7-7.3.25-r0
|
||||
php7-bcmath-7.3.25-r0
|
||||
php7-bz2-7.3.25-r0
|
||||
php7-common-7.3.25-r0
|
||||
php7-ctype-7.3.25-r0
|
||||
php7-curl-7.3.25-r0
|
||||
php7-dom-7.3.25-r0
|
||||
php7-exif-7.3.25-r0
|
||||
php7-fileinfo-7.3.25-r0
|
||||
php7-fpm-7.3.25-r0
|
||||
php7-ftp-7.3.25-r0
|
||||
php7-gd-7.3.25-r0
|
||||
php7-iconv-7.3.25-r0
|
||||
php7-imap-7.3.25-r0
|
||||
php7-intl-7.3.25-r0
|
||||
php7-json-7.3.25-r0
|
||||
php7-ldap-7.3.25-r0
|
||||
php7-mbstring-7.3.25-r0
|
||||
php7-mysqli-7.3.25-r0
|
||||
php7-mysqlnd-7.3.25-r0
|
||||
php7-opcache-7.3.25-r0
|
||||
php7-openssl-7.3.25-r0
|
||||
php7-pdo-7.3.25-r0
|
||||
php7-pdo_mysql-7.3.25-r0
|
||||
php7-pdo_odbc-7.3.25-r0
|
||||
php7-pdo_pgsql-7.3.25-r0
|
||||
php7-pdo_sqlite-7.3.25-r0
|
||||
php7-pear-7.3.25-r0
|
||||
php7-pecl-apcu-5.1.19-r0
|
||||
php7-pecl-igbinary-3.1.6-r0
|
||||
php7-pecl-mcrypt-1.0.3-r0
|
||||
php7-pecl-memcached-3.1.5-r0
|
||||
php7-pecl-redis-5.2.2-r1
|
||||
php7-pgsql-7.3.23-r0
|
||||
php7-phar-7.3.23-r0
|
||||
php7-posix-7.3.23-r0
|
||||
php7-session-7.3.23-r0
|
||||
php7-simplexml-7.3.23-r0
|
||||
php7-soap-7.3.23-r0
|
||||
php7-sockets-7.3.23-r0
|
||||
php7-sodium-7.3.23-r0
|
||||
php7-sqlite3-7.3.23-r0
|
||||
php7-tokenizer-7.3.23-r0
|
||||
php7-xml-7.3.23-r0
|
||||
php7-xmlreader-7.3.23-r0
|
||||
php7-xmlrpc-7.3.23-r0
|
||||
php7-xmlwriter-7.3.23-r0
|
||||
php7-xsl-7.3.23-r0
|
||||
php7-zip-7.3.23-r0
|
||||
php7-pgsql-7.3.25-r0
|
||||
php7-phar-7.3.25-r0
|
||||
php7-posix-7.3.25-r0
|
||||
php7-session-7.3.25-r0
|
||||
php7-simplexml-7.3.25-r0
|
||||
php7-soap-7.3.25-r0
|
||||
php7-sockets-7.3.25-r0
|
||||
php7-sodium-7.3.25-r0
|
||||
php7-sqlite3-7.3.25-r0
|
||||
php7-tokenizer-7.3.25-r0
|
||||
php7-xml-7.3.25-r0
|
||||
php7-xmlreader-7.3.25-r0
|
||||
php7-xmlrpc-7.3.25-r0
|
||||
php7-xmlwriter-7.3.25-r0
|
||||
php7-xsl-7.3.25-r0
|
||||
php7-zip-7.3.25-r0
|
||||
pinentry-1.1.0-r2
|
||||
popt-1.16-r7
|
||||
procps-3.3.16-r0
|
||||
@@ -212,7 +212,7 @@ scanelf-1.2.6-r0
|
||||
shadow-4.8.1-r0
|
||||
sqlite-libs-3.32.1-r0
|
||||
ssl_client-1.31.1-r19
|
||||
tzdata-2020a-r0
|
||||
tzdata-2020c-r1
|
||||
unixodbc-2.3.7-r2
|
||||
whois-5.5.6-r0
|
||||
xz-5.2.5-r0
|
||||
|
||||
@@ -50,7 +50,7 @@ cap_add_param_vars:
|
||||
# optional container parameters
|
||||
opt_param_usage_include_env: true
|
||||
opt_param_env_vars:
|
||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
|
||||
- { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" }
|
||||
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications." }
|
||||
@@ -121,10 +121,11 @@ app_setup_block: |
|
||||
2. `privkey.pfx`, a format supported by Microsoft and commonly used by dotnet apps such as Emby Server (no password)
|
||||
3. `priv-fullchain-bundle.pem`, a pem cert that bundles the private key and the fullchain, used by apps like ZNC
|
||||
### Using fail2ban
|
||||
* This container includes fail2ban set up with 3 jails by default:
|
||||
* This container includes fail2ban set up with 4 jails by default:
|
||||
1. nginx-http-auth
|
||||
2. nginx-badbots
|
||||
3. nginx-botsearch
|
||||
4. nginx-deny
|
||||
* To enable or disable other jails, modify the file `/config/fail2ban/jail.local`
|
||||
* To modify filters and actions, instead of editing the `.conf` files, create `.local` files with the same name and edit those because .conf files get overwritten when the actions and filters are updated. `.local` files will append whatever's in the `.conf` files (ie. `nginx-http-auth.conf` --> `nginx-http-auth.local`)
|
||||
* You can check which jails are active via `docker exec -it swag fail2ban-client status`
|
||||
@@ -139,7 +140,7 @@ app_setup_block: |
|
||||
2. Review our repository commits and apply the new changes yourself
|
||||
3. Delete the modified config file with listed updates, restart the container, reapply your changes
|
||||
* If you have NOT modified a file with noted changes in the changelog:
|
||||
1. Delete the config file with listed updates, restart the container, reapply your changes
|
||||
1. Delete the config file with listed updates, restart the container
|
||||
* Proxy sample updates are not listed in the changelog. See the changes here: [https://github.com/linuxserver/reverse-proxy-confs/commits/master](https://github.com/linuxserver/reverse-proxy-confs/commits/master)
|
||||
* Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not.
|
||||
* You can check the new sample and adjust your active config as needed.
|
||||
@@ -149,7 +150,10 @@ app_setup_nginx_reverse_proxy_block: ""
|
||||
|
||||
# changelog
|
||||
changelogs:
|
||||
- { date: "20.09.20:", desc: "Update nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme."}
|
||||
- { date: "01.11.20:", desc: "Add support for netcup dns validation" }
|
||||
- { date: "29.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy." }
|
||||
- { date: "04.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering." }
|
||||
- { date: "20.09.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme."}
|
||||
- { date: "08.09.20:", desc: "Add php7-xsl." }
|
||||
- { date: "01.09.20:", desc: "Update nginx.conf and proxy.conf (and various proxy samples) to better handle websockets." }
|
||||
- { date: "01.09.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and various proxy samples - Global websockets across all configs." }
|
||||
- { date: "03.08.20:", desc: "Initial release." }
|
||||
|
||||
3
root/defaults/dns-conf/netcup.ini
Normal file
3
root/defaults/dns-conf/netcup.ini
Normal file
@@ -0,0 +1,3 @@
|
||||
dns_netcup_customer_id = 123456
|
||||
dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567
|
||||
dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123
|
||||
@@ -1,4 +1,4 @@
|
||||
## Version 2020/09/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf
|
||||
## Version 2020/10/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/geoip2.conf
|
||||
# To enable, uncommment the Geoip2 config line in nginx.conf
|
||||
# Add the -e MAXMINDDB_LICENSE_KEY=<licensekey> to automatically download the Geolite2 database.
|
||||
# A Maxmind license key can be acquired here: https://www.maxmind.com/en/geolite2/signup
|
||||
@@ -18,48 +18,52 @@ geoip2 /config/geoip2db/GeoLite2-City.mmdb {
|
||||
# GEOIP2 COUNTRY CONFIG
|
||||
map $geoip2_data_country_iso_code $allowed_country {
|
||||
# default must be yes or no
|
||||
# If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
|
||||
default yes;
|
||||
|
||||
# Below you will setup conditions with yes or no
|
||||
# ex: <condition> <yes/no>;
|
||||
# If your default is set to yes you can setup conditions that would set it to no (and vice versa)
|
||||
# Conditions are either network address (CIDR notation) or country code
|
||||
|
||||
# allow United Kingdom.
|
||||
#GB yes;
|
||||
|
||||
# allow local access.
|
||||
#192.168.1.0/24 yes;
|
||||
}
|
||||
|
||||
# GEOIP2 CITY CONFIG
|
||||
map $geoip2_data_city_name $allowed_city {
|
||||
# default must be yes or no
|
||||
# If default is set to "no" you will need to add the local ip ranges that you want to allow access in the $allow_list variable below.
|
||||
default yes;
|
||||
|
||||
# Below you will setup conditions with yes or no
|
||||
# ex: <condition> <yes/no>;
|
||||
# If your default is set to yes you can setup conditions that would set it to no (and vice versa)
|
||||
# Conditions are either network address (CIDR notation) or city name
|
||||
|
||||
# allow Inverness.
|
||||
#Inverness yes;
|
||||
}
|
||||
|
||||
# allow local access.
|
||||
#192.168.1.0/24 yes;
|
||||
# ALLOW LOCAL ACCESS
|
||||
geo $allow_list {
|
||||
default yes; # Set this to no if $allowed_country or $allowed_city default is no.
|
||||
# IP/CIDR yes; # e.g. 192.168.1.0/24 yes;
|
||||
}
|
||||
|
||||
# Server config example:
|
||||
# Add the following if statement inside any server context where you want to geo block countries.
|
||||
# Add the following if statements inside any server context where you want to geo block countries.
|
||||
|
||||
########################################
|
||||
# if ($allow_list = yes) {
|
||||
# set $allowed_country yes;
|
||||
# }
|
||||
# if ($allowed_country = no) {
|
||||
# return 444;
|
||||
# }
|
||||
#########################################
|
||||
|
||||
# Add the following if statement inside any server context where you want to geo block cities.
|
||||
# Add the following if statements inside any server context where you want to geo block cities.
|
||||
########################################
|
||||
# if ($allow_list = yes) {
|
||||
# set $allowed_country yes;
|
||||
# }
|
||||
# if ($allowed_city = no) {
|
||||
# return 444;
|
||||
# }
|
||||
@@ -84,6 +88,10 @@ map $geoip2_data_city_name $allowed_city {
|
||||
# #include /config/nginx/authelia-server.conf;
|
||||
|
||||
|
||||
# # Allow lan access if default is set to no
|
||||
# if ($allow_list = yes) {
|
||||
# set $allowed_country yes;
|
||||
# }
|
||||
# # Country geo block
|
||||
# if ($allowed_country = no) {
|
||||
# return 444;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
## Version 2020/09/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
|
||||
## Version 2020/10/04 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
|
||||
|
||||
user abc;
|
||||
worker_processes 4;
|
||||
@@ -16,21 +16,21 @@ http {
|
||||
# Basic Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
client_body_buffer_size 128k;
|
||||
client_max_body_size 0;
|
||||
keepalive_timeout 65;
|
||||
large_client_header_buffers 4 16k;
|
||||
send_timeout 5m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
tcp_nopush on;
|
||||
types_hash_max_size 2048;
|
||||
variables_hash_max_size 2048;
|
||||
large_client_header_buffers 4 16k;
|
||||
|
||||
# server_tokens off;
|
||||
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
@@ -90,9 +90,9 @@ http {
|
||||
##
|
||||
# Geoip2 config
|
||||
##
|
||||
# Uncomment to add the Geoip2 configs needed to geo block countries/cities.
|
||||
# Uncomment to add the Geoip2 configs needed to geo block countries/cities.
|
||||
##
|
||||
|
||||
|
||||
#include /config/nginx/geoip2.conf;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,33 +1,30 @@
|
||||
## Version 2020/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
|
||||
## Version 2020/10/04 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
|
||||
|
||||
client_body_buffer_size 128k;
|
||||
|
||||
#Timeout if the real server is dead
|
||||
# Timeout if the real server is dead
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
|
||||
|
||||
# Advanced Proxy Config
|
||||
send_timeout 5m;
|
||||
proxy_read_timeout 240;
|
||||
proxy_send_timeout 240;
|
||||
proxy_connect_timeout 240;
|
||||
|
||||
# TLS 1.3 early data
|
||||
proxy_set_header Early-Data $ssl_early_data;
|
||||
|
||||
# Basic Proxy Config
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_redirect http:// $scheme://;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
#proxy_cookie_path / "/; HTTPOnly; Secure"; # enable at your own risk, may break certain apps
|
||||
proxy_cache_bypass $cookie_session;
|
||||
proxy_no_cache $cookie_session;
|
||||
# Proxy Connection Settings
|
||||
proxy_buffers 32 4k;
|
||||
proxy_connect_timeout 240;
|
||||
proxy_headers_hash_bucket_size 128;
|
||||
proxy_headers_hash_max_size 1024;
|
||||
proxy_http_version 1.1;
|
||||
proxy_read_timeout 240;
|
||||
proxy_redirect http:// $scheme://;
|
||||
proxy_send_timeout 240;
|
||||
|
||||
# Proxy Cache and Cookie Settings
|
||||
proxy_cache_bypass $cookie_session;
|
||||
#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
|
||||
proxy_no_cache $cookie_session;
|
||||
|
||||
# Proxy Header Settings
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Early-Data $ssl_early_data;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
## Version 2020/06/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
|
||||
## Version 2020/10/29 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
|
||||
|
||||
### Mozilla Recommendations
|
||||
# generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
|
||||
@@ -39,10 +39,10 @@ ssl_early_data on;
|
||||
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
# Optional additional headers
|
||||
#add_header Content-Security-Policy "upgrade-insecure-requests";
|
||||
#add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
#add_header X-XSS-Protection "1; mode=block" always;
|
||||
#add_header X-Content-Type-Options "nosniff" always;
|
||||
#add_header X-UA-Compatible "IE=Edge" always;
|
||||
#add_header Cache-Control "no-transform" always;
|
||||
#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
|
||||
#add_header Referrer-Policy "same-origin" always;
|
||||
#add_header X-Content-Type-Options "nosniff" always;
|
||||
#add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
#add_header X-UA-Compatible "IE=Edge" always;
|
||||
#add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
@@ -92,7 +92,7 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
|
||||
fi
|
||||
|
||||
# check to make sure DNSPLUGIN is selected if dns validation is used
|
||||
[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|google|inwx|linode|luadns|nsone|ovh|rfc2136|route53|transip)$ ]] && \
|
||||
[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|google|inwx|linode|luadns|netcup|nsone|ovh|rfc2136|route53|transip)$ ]] && \
|
||||
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \
|
||||
sleep infinity
|
||||
|
||||
@@ -189,6 +189,9 @@ if [ "$VALIDATION" = "dns" ]; then
|
||||
elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|inwx|transip)$ ]]; then
|
||||
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
|
||||
elif [[ "$DNSPLUGIN" =~ ^(netcup)$ ]]; then
|
||||
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
|
||||
else
|
||||
if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
|
||||
|
||||
Reference in New Issue
Block a user