Bot Updating Package Versions

Update netcup.ini

.editorconfig

@@ -15,6 +15,6 @@ trim_trailing_whitespace = false
 indent_style = space
 indent_size = 2
 
-[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
+[{**.sh,root/etc/s6-overlay/s6-rc.d/**,root/etc/cont-init.d/**,root/etc/services.d/**}]
 indent_style = space
 indent_size = 4

.github/workflows/greetings.yml

@@ -8,6 +8,6 @@ jobs:
     steps:
     - uses: actions/first-interaction@v1
       with:
-        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.yml) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.yml) issue templates!'
+        issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.'
         pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-swag/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
         repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/permissions.yml

@@ -0,0 +1,9 @@
+name: Permission check
+on:
+  pull_request:
+    paths:
+      - '**/run'
+      - '**/finish'
+jobs:
+  permission_check:
+    uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

Jenkinsfile

@@ -57,7 +57,7 @@ pipeline {
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
           env.PULL_REQUEST = env.CHANGE_ID
-          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
+          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/call_invalid_helper.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
         }
         script{
           env.LS_RELEASE_NUMBER = sh(
@@ -442,7 +442,8 @@ pipeline {
       }
       steps {
         echo "Running on node: ${NODE_NAME}"
-        sh "docker build \
+        sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
+        sh "docker buildx build \
           --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
           --label \"org.opencontainers.image.authors=linuxserver.io\" \
           --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@@ -455,7 +456,7 @@ pipeline {
           --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
           --label \"org.opencontainers.image.title=Swag\" \
           --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-          --no-cache --pull -t ${IMAGE}:${META_TAG} \
+          --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
           --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
       }
     }
@@ -472,7 +473,8 @@ pipeline {
         stage('Build X86') {
           steps {
             echo "Running on node: ${NODE_NAME}"
-            sh "docker build \
+            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile"
+            sh "docker buildx build \
               --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
               --label \"org.opencontainers.image.authors=linuxserver.io\" \
               --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@@ -485,7 +487,7 @@ pipeline {
               --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
               --label \"org.opencontainers.image.title=Swag\" \
               --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} \
+              --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
           }
         }
@@ -499,7 +501,8 @@ pipeline {
             sh '''#! /bin/bash
                   echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
                '''
-            sh "docker build \
+            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf"
+            sh "docker buildx build \
               --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
               --label \"org.opencontainers.image.authors=linuxserver.io\" \
               --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@@ -512,7 +515,7 @@ pipeline {
               --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
               --label \"org.opencontainers.image.title=Swag\" \
               --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \
+              --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
             sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
             retry(5) {
@@ -533,7 +536,8 @@ pipeline {
             sh '''#! /bin/bash
                   echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
                '''
-            sh "docker build \
+            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64"
+            sh "docker buildx build \
               --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
               --label \"org.opencontainers.image.authors=linuxserver.io\" \
               --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
@@ -546,7 +550,7 @@ pipeline {
               --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
               --label \"org.opencontainers.image.title=Swag\" \
               --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \
+              --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
             sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
             retry(5) {
@@ -575,26 +579,12 @@ pipeline {
               else
                 LOCAL_CONTAINER=${IMAGE}:${META_TAG}
               fi
-              if [ "${DIST_IMAGE}" == "alpine" ]; then
+              touch ${TEMPDIR}/package_versions.txt
-                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
+              docker run --rm \
-                  apk info -v > /tmp/package_versions.txt && \
+                -v /var/run/docker.sock:/var/run/docker.sock:ro \
-                  sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
+                -v ${TEMPDIR}:/tmp \
-                  chmod 777 /tmp/package_versions.txt'
+                ghcr.io/anchore/syft:latest \
-              elif [ "${DIST_IMAGE}" == "ubuntu" ]; then
+                ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt
-                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
-                  apt list -qq --installed | sed "s#/.*now ##g" | cut -d" " -f1 > /tmp/package_versions.txt && \
-                  sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
-                  chmod 777 /tmp/package_versions.txt'
-              elif [ "${DIST_IMAGE}" == "fedora" ]; then
-                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
-                  rpm -qa > /tmp/package_versions.txt && \
-                  sort -o /tmp/package_versions.txt  /tmp/package_versions.txt && \
-                  chmod 777 /tmp/package_versions.txt'
-              elif [ "${DIST_IMAGE}" == "arch" ]; then
-                docker run --rm --entrypoint '/bin/sh' -v ${TEMPDIR}:/tmp ${LOCAL_CONTAINER} -c '\
-                  pacman -Q > /tmp/package_versions.txt && \
-                  chmod 777 /tmp/package_versions.txt'
-              fi
               NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 )
               echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"
               if [ "${NEW_PACKAGE_TAG}" != "${PACKAGE_TAG}" ]; then
@@ -805,19 +795,19 @@ pipeline {
                   echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
                   if [ "${CI}" == "false" ]; then
                     docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
-                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                     docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
+                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                     docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                   fi
                   for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
                     docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
-                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
-                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
-                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
+                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
+                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
                     docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
+                    docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                    docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                     docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
@@ -825,13 +815,13 @@ pipeline {
                       docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                     fi
                     docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:amd64-latest
-                    docker push ${MANIFESTIMAGE}:arm32v7-latest
-                    docker push ${MANIFESTIMAGE}:arm64v8-latest
                     docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
+                    docker push ${MANIFESTIMAGE}:amd64-latest
+                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
+                    docker push ${MANIFESTIMAGE}:arm32v7-latest
                     docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
+                    docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                    docker push ${MANIFESTIMAGE}:arm64v8-latest
                     docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
@@ -977,12 +967,12 @@ pipeline {
           sh 'echo "build aborted"'
         }
         else if (currentBuild.currentResult == "SUCCESS"){
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 1681177,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\
                  "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }
         else {
-          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 16711680,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\
                  "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }

README.md

@@ -56,7 +56,7 @@ The architectures supported by this image are:
 | :----: | :----: | ---- |
 | x86-64 | ✅ | amd64-\<version tag\> |
 | arm64 | ✅ | arm64v8-\<version tag\> |
-| armhf| ✅ | arm32v7-\<version tag\> |
+| armhf | ✅ | arm32v7-\<version tag\> |
 
 ## Application Setup
 
@@ -154,7 +154,7 @@ services:
     environment:
       - PUID=1000
       - PGID=1000
-      - TZ=Europe/London
+      - TZ=Etc/UTC
       - URL=yourdomain.url
       - VALIDATION=http
       - SUBDOMAINS=www, #optional
@@ -181,7 +181,7 @@ docker run -d \
   --cap-add=NET_ADMIN \
   -e PUID=1000 \
   -e PGID=1000 \
-  -e TZ=Europe/London \
+  -e TZ=Etc/UTC \
   -e URL=yourdomain.url \
   -e VALIDATION=http \
   -e SUBDOMAINS=www, `#optional` \
@@ -197,6 +197,7 @@ docker run -d \
   -v /path/to/appdata/config:/config \
   --restart unless-stopped \
   lscr.io/linuxserver/swag:latest
+
 ```
 
 ## Parameters
@@ -209,7 +210,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-p 80` | Http port (required for http validation and http -> https redirect) |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
-| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. |
+| `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
 | `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
@@ -335,6 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **09.02.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
 * **06.02.23:** - Add porkbun support back in.
 * **21.01.23:** - Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x.
 * **20.01.23:** - Rebase to alpine 3.17 with php8.1.

package_versions.txt

@@ -1,204 +1,331 @@
-alpine-baselayout-3.4.0-r0
+NAME                            VERSION                TYPE   
-alpine-baselayout-data-3.4.0-r0
+ConfigArgParse                  1.5.3                  python  
-alpine-keys-2.4-r1
+PyJWT                           2.6.0                  python  
-alpine-release-3.17.1-r0
+PyYAML                          6.0                    python  
-aom-libs-3.5.0-r0
+acme                            2.3.0                  python  
-apache2-utils-2.4.55-r0
+alpine-baselayout               3.4.0-r0               apk     
-apk-tools-2.12.10-r1
+alpine-baselayout-data          3.4.0-r0               apk     
-apr-1.7.2-r0
+alpine-keys                     2.4-r1                 apk     
-apr-util-1.6.3-r0
+alpine-release                  3.17.2-r0              apk     
-argon2-libs-20190702-r2
+aom-libs                        3.5.0-r0               apk     
-bash-5.2.15-r0
+apache2-utils                   2.4.55-r0              apk     
-brotli-libs-1.0.9-r9
+apk-tools                       2.12.10-r1             apk     
-busybox-1.35.0-r29
+apr                             1.7.2-r0               apk     
-busybox-binsh-1.35.0-r29
+apr-util                        1.6.3-r0               apk     
-c-client-2007f-r14
+argon2-libs                     20190702-r2            apk     
-ca-certificates-20220614-r4
+attrs                           22.2.0                 python  
-ca-certificates-bundle-20220614-r4
+azure-common                    1.1.28                 python  
-coreutils-9.1-r0
+azure-core                      1.26.3                 python  
-curl-7.87.0-r1
+azure-identity                  1.12.0                 python  
-fail2ban-1.0.2-r0
+azure-mgmt-core                 1.3.2                  python  
-fontconfig-2.14.1-r0
+azure-mgmt-dns                  8.0.0                  python  
-freetype-2.12.1-r0
+bash                            5.2.15-r0              apk     
-gdbm-1.23-r0
+beautifulsoup4                  4.11.2                 python  
-git-2.38.3-r1
+boto3                           1.26.82                python  
-git-perl-2.38.3-r1
+botocore                        1.29.82                python  
-gmp-6.2.1-r2
+brotli-libs                     1.0.9-r9               apk     
-gnupg-2.2.40-r0
+bs4                             0.0.1                  python  
-gnupg-dirmngr-2.2.40-r0
+busybox                         1.35.0                 binary  
-gnupg-gpgconf-2.2.40-r0
+busybox                         1.35.0-r29             apk     
-gnupg-utils-2.2.40-r0
+busybox-binsh                   1.35.0-r29             apk     
-gnupg-wks-client-2.2.40-r0
+c-client                        2007f-r14              apk     
-gnutls-3.7.8-r2
+ca-certificates                 20220614-r4            apk     
-gpg-2.2.40-r0
+ca-certificates-bundle          20220614-r4            apk     
-gpg-agent-2.2.40-r0
+cachetools                      5.3.0                  python  
-gpg-wks-server-2.2.40-r0
+certbot                         2.3.0                  python  
-gpgsm-2.2.40-r0
+certbot-dns-acmedns             0.1.0                  python  
-gpgv-2.2.40-r0
+certbot-dns-aliyun              0.38.1                 python  
-icu-data-en-72.1-r1
+certbot-dns-azure               1.5.0                  python  
-icu-libs-72.1-r1
+certbot-dns-cloudflare          2.3.0                  python  
-ip6tables-1.8.8-r2
+certbot-dns-cpanel              0.4.0                  python  
-iptables-1.8.8-r2
+certbot-dns-desec               1.2.1                  python  
-jq-1.6-r2
+certbot-dns-digitalocean        2.3.0                  python  
-libacl-2.3.1-r1
+certbot-dns-directadmin         1.0.3                  python  
-libassuan-2.5.5-r1
+certbot-dns-dnsimple            2.3.0                  python  
-libattr-2.5.1-r2
+certbot-dns-dnsmadeeasy         2.3.0                  python  
-libavif-0.11.1-r0
+certbot-dns-dnspod              0.1.0                  python  
-libbsd-0.11.7-r0
+certbot-dns-do                  0.31.0                 python  
-libbz2-1.0.8-r4
+certbot-dns-domeneshop          0.2.9                  python  
-libc-utils-0.7.2-r3
+certbot-dns-duckdns             1.2.1                  python  
-libcrypto3-3.0.8-r0
+certbot-dns-dynu                0.0.4                  python  
-libcurl-7.87.0-r1
+certbot-dns-gehirn              2.3.0                  python  
-libdav1d-1.0.0-r2
+certbot-dns-godaddy             0.2.2                  python  
-libedit-20221030.3.1-r0
+certbot-dns-google              2.3.0                  python  
-libevent-2.1.12-r5
+certbot-dns-he                  1.0.0                  python  
-libexpat-2.5.0-r0
+certbot-dns-hetzner             2.0.0                  python  
-libffi-3.4.4-r0
+certbot-dns-infomaniak          0.2.1                  python  
-libgcc-12.2.1_git20220924-r4
+certbot-dns-inwx                2.2.0                  python  
-libgcrypt-1.10.1-r0
+certbot-dns-ionos               2022.11.24             python  
-libgd-2.3.3-r3
+certbot-dns-linode              2.3.0                  python  
-libgpg-error-1.46-r1
+certbot-dns-loopia              1.0.1                  python  
-libice-1.0.10-r1
+certbot-dns-luadns              2.3.0                  python  
-libidn-1.41-r0
+certbot-dns-netcup              1.2.0                  python  
-libintl-0.21.1-r1
+certbot-dns-njalla              1.0.0                  python  
-libjpeg-turbo-2.1.4-r0
+certbot-dns-nsone               2.3.0                  python  
-libksba-1.6.3-r0
+certbot-dns-ovh                 2.3.0                  python  
-libldap-2.6.3-r6
+certbot-dns-porkbun             0.7                    python  
-libmaxminddb-libs-1.7.1-r0
+certbot-dns-rfc2136             2.3.0                  python  
-libmcrypt-2.5.8-r10
+certbot-dns-route53             2.3.0                  python  
-libmd-1.0.4-r0
+certbot-dns-sakuracloud         2.3.0                  python  
-libmemcached-libs-1.0.18-r5
+certbot-dns-standalone          1.1                    python  
-libmnl-1.0.5-r0
+certbot-dns-transip             0.5.2                  python  
-libnftnl-1.2.4-r0
+certbot-dns-vultr               1.0.3                  python  
-libpng-1.6.38-r0
+certbot-plugin-gandi            1.4.3                  python  
-libpq-15.1-r0
+certifi                         2022.12.7              python  
-libproc-3.3.17-r2
+cffi                            1.15.1                 python  
-libsasl-2.1.28-r3
+charset-normalizer              3.0.1                  python  
-libseccomp-2.5.4-r0
+cloudflare                      2.11.1                 python  
-libsm-1.2.3-r1
+configobj                       5.0.8                  python  
-libsodium-1.0.18-r2
+coreutils                       9.1-r0                 apk     
-libssl3-3.0.8-r0
+cryptography                    39.0.1                 python  
-libstdc++-12.2.1_git20220924-r4
+curl                            7.87.0-r2              apk     
-libtasn1-4.19.0-r0
+distro                          1.8.0                  python  
-libunistring-1.1-r0
+dns-lexicon                     3.11.7                 python  
-libuuid-2.38.1-r1
+dnslib                          0.9.23                 python  
-libwebp-1.2.4-r1
+dnspython                       2.3.0                  python  
-libx11-1.8.4-r0
+domeneshop                      0.4.3                  python  
-libxau-1.0.10-r0
+fail2ban                        1.0.2                  python  
-libxcb-1.15-r0
+fail2ban                        1.0.2-r0               apk     
-libxdmcp-1.1.4-r0
+filelock                        3.9.0                  python  
-libxext-1.3.5-r0
+fontconfig                      2.14.1-r0              apk     
-libxml2-2.10.3-r1
+freetype                        2.12.1-r0              apk     
-libxpm-3.5.15-r0
+future                          0.18.3                 python  
-libxslt-1.1.37-r0
+gdbm                            1.23-r0                apk     
-libxt-1.2.1-r0
+git                             2.38.4-r0              apk     
-libzip-1.9.2-r2
+git-perl                        2.38.4-r0              apk     
-linux-pam-1.5.2-r1
+gmp                             6.2.1-r2               apk     
-logrotate-3.20.1-r3
+gnupg                           2.2.40-r0              apk     
-lz4-libs-1.9.4-r1
+gnupg-dirmngr                   2.2.40-r0              apk     
-memcached-1.6.17-r0
+gnupg-gpgconf                   2.2.40-r0              apk     
-mpdecimal-2.5.1-r1
+gnupg-utils                     2.2.40-r0              apk     
-musl-1.2.3-r4
+gnupg-wks-client                2.2.40-r0              apk     
-musl-utils-1.2.3-r4
+gnutls                          3.7.8-r3               apk     
-nano-7.0-r0
+google-api-core                 2.11.0                 python  
-ncurses-libs-6.3_p20221119-r0
+google-api-python-client        2.80.0                 python  
-ncurses-terminfo-base-6.3_p20221119-r0
+google-auth                     2.16.1                 python  
-nettle-3.8.1-r0
+google-auth-httplib2            0.1.0                  python  
-nghttp2-libs-1.51.0-r0
+googleapis-common-protos        1.58.0                 python  
-nginx-1.22.1-r0
+gpg                             2.2.40-r0              apk     
-nginx-mod-devel-kit-1.22.1-r0
+gpg-agent                       2.2.40-r0              apk     
-nginx-mod-http-brotli-1.22.1-r0
+gpg-wks-server                  2.2.40-r0              apk     
-nginx-mod-http-dav-ext-1.22.1-r0
+gpgsm                           2.2.40-r0              apk     
-nginx-mod-http-echo-1.22.1-r0
+gpgv                            2.2.40-r0              apk     
-nginx-mod-http-fancyindex-1.22.1-r0
+httplib2                        0.21.0                 python  
-nginx-mod-http-geoip2-1.22.1-r0
+icu-data-en                     72.1-r1                apk     
-nginx-mod-http-headers-more-1.22.1-r0
+icu-libs                        72.1-r1                apk     
-nginx-mod-http-image-filter-1.22.1-r0
+idna                            3.4                    python  
-nginx-mod-http-perl-1.22.1-r0
+importlib-metadata              6.0.0                  python  
-nginx-mod-http-redis2-1.22.1-r0
+ip6tables                       1.8.8-r2               apk     
-nginx-mod-http-set-misc-1.22.1-r0
+iptables                        1.8.8-r2               apk     
-nginx-mod-http-upload-progress-1.22.1-r0
+isodate                         0.6.1                  python  
-nginx-mod-http-xslt-filter-1.22.1-r0
+jmespath                        1.0.1                  python  
-nginx-mod-mail-1.22.1-r0
+josepy                          1.13.0                 python  
-nginx-mod-rtmp-1.22.1-r0
+jq                              1.6-r2                 apk     
-nginx-mod-stream-1.22.1-r0
+jsonlines                       3.1.0                  python  
-nginx-mod-stream-geoip2-1.22.1-r0
+jsonpickle                      3.0.1                  python  
-nginx-vim-1.22.1-r0
+libacl                          2.3.1-r1               apk     
-npth-1.6-r2
+libassuan                       2.5.5-r1               apk     
-oniguruma-6.9.8-r0
+libattr                         2.5.1-r2               apk     
-openssl-3.0.8-r0
+libavif                         0.11.1-r0              apk     
-p11-kit-0.24.1-r1
+libbsd                          0.11.7-r0              apk     
-pcre-8.45-r2
+libbz2                          1.0.8-r4               apk     
-pcre2-10.42-r0
+libc-utils                      0.7.2-r3               apk     
-perl-5.36.0-r0
+libcrypto3                      3.0.8-r0               apk     
-perl-error-0.17029-r1
+libcurl                         7.88.1-r0              apk     
-perl-git-2.38.3-r1
+libdav1d                        1.0.0-r2               apk     
-php81-8.1.15-r0
+libedit                         20221030.3.1-r0        apk     
-php81-bcmath-8.1.15-r0
+libevent                        2.1.12-r5              apk     
-php81-bz2-8.1.15-r0
+libexpat                        2.5.0-r0               apk     
-php81-common-8.1.15-r0
+libffi                          3.4.4-r0               apk     
-php81-ctype-8.1.15-r0
+libgcc                          12.2.1_git20220924-r4  apk     
-php81-curl-8.1.15-r0
+libgcrypt                       1.10.1-r0              apk     
-php81-dom-8.1.15-r0
+libgd                           2.3.3-r3               apk     
-php81-exif-8.1.15-r0
+libgpg-error                    1.46-r1                apk     
-php81-fileinfo-8.1.15-r0
+libice                          1.0.10-r1              apk     
-php81-fpm-8.1.15-r0
+libidn                          1.41-r0                apk     
-php81-ftp-8.1.15-r0
+libintl                         0.21.1-r1              apk     
-php81-gd-8.1.15-r0
+libjpeg-turbo                   2.1.4-r0               apk     
-php81-gmp-8.1.15-r0
+libksba                         1.6.3-r0               apk     
-php81-iconv-8.1.15-r0
+libldap                         2.6.3-r6               apk     
-php81-imap-8.1.15-r0
+libmaxminddb-libs               1.7.1-r0               apk     
-php81-intl-8.1.15-r0
+libmcrypt                       2.5.8-r10              apk     
-php81-ldap-8.1.15-r0
+libmd                           1.0.4-r0               apk     
-php81-mbstring-8.1.15-r0
+libmemcached-libs               1.0.18-r5              apk     
-php81-mysqli-8.1.15-r0
+libmnl                          1.0.5-r0               apk     
-php81-mysqlnd-8.1.15-r0
+libnftnl                        1.2.4-r0               apk     
-php81-opcache-8.1.15-r0
+libpng                          1.6.38-r0              apk     
-php81-openssl-8.1.15-r0
+libpq                           15.2-r0                apk     
-php81-pdo-8.1.15-r0
+libproc                         3.3.17-r2              apk     
-php81-pdo_mysql-8.1.15-r0
+libsasl                         2.1.28-r3              apk     
-php81-pdo_odbc-8.1.15-r0
+libseccomp                      2.5.4-r0               apk     
-php81-pdo_pgsql-8.1.15-r0
+libsm                           1.2.3-r1               apk     
-php81-pdo_sqlite-8.1.15-r0
+libsodium                       1.0.18-r2              apk     
-php81-pear-8.1.15-r0
+libssl3                         3.0.8-r0               apk     
-php81-pecl-apcu-5.1.22-r0
+libstdc++                       12.2.1_git20220924-r4  apk     
-php81-pecl-igbinary-3.2.12-r0
+libtasn1                        4.19.0-r0              apk     
-php81-pecl-mailparse-3.1.4-r0
+libunistring                    1.1-r0                 apk     
-php81-pecl-mcrypt-1.0.4-r0
+libuuid                         2.38.1-r1              apk     
-php81-pecl-memcached-3.2.0-r0
+libwebp                         1.2.4-r1               apk     
-php81-pecl-redis-5.3.7-r0
+libx11                          1.8.4-r0               apk     
-php81-pecl-xmlrpc-1.0.0_rc3-r0
+libxau                          1.0.10-r0              apk     
-php81-pgsql-8.1.15-r0
+libxcb                          1.15-r0                apk     
-php81-phar-8.1.15-r0
+libxdmcp                        1.1.4-r0               apk     
-php81-posix-8.1.15-r0
+libxext                         1.3.5-r0               apk     
-php81-session-8.1.15-r0
+libxml2                         2.10.3-r1              apk     
-php81-simplexml-8.1.15-r0
+libxpm                          3.5.15-r0              apk     
-php81-soap-8.1.15-r0
+libxslt                         1.1.37-r0              apk     
-php81-sockets-8.1.15-r0
+libxt                           1.2.1-r0               apk     
-php81-sodium-8.1.15-r0
+libzip                          1.9.2-r2               apk     
-php81-sqlite3-8.1.15-r0
+linux-pam                       1.5.2-r1               apk     
-php81-tokenizer-8.1.15-r0
+logrotate                       3.20.1-r3              apk     
-php81-xml-8.1.15-r0
+loopialib                       0.2.0                  python  
-php81-xmlreader-8.1.15-r0
+lxml                            4.9.2                  python  
-php81-xmlwriter-8.1.15-r0
+lz4-libs                        1.9.4-r1               apk     
-php81-xsl-8.1.15-r0
+memcached                       1.6.17                 binary  
-php81-zip-8.1.15-r0
+memcached                       1.6.17-r0              apk     
-pinentry-1.2.1-r0
+mock                            5.0.1                  python  
-popt-1.19-r0
+mpdecimal                       2.5.1-r1               apk     
-procps-3.3.17-r2
+msal                            1.21.0                 python  
-python3-3.10.10-r0
+msal-extensions                 1.0.0                  python  
-readline-8.2.0-r0
+msrest                          0.7.1                  python  
-scanelf-1.3.5-r1
+musl                            1.2.3-r4               apk     
-shadow-4.13-r0
+musl-utils                      1.2.3-r4               apk     
-skalibs-2.12.0.1-r0
+nano                            7.0-r0                 apk     
-sqlite-libs-3.40.1-r0
+ncurses-libs                    6.3_p20221119-r0       apk     
-ssl_client-1.35.0-r29
+ncurses-terminfo-base           6.3_p20221119-r0       apk     
-tiff-4.4.0-r1
+nettle                          3.8.1-r0               apk     
-tzdata-2022f-r1
+nghttp2-libs                    1.51.0-r0              apk     
-unixodbc-2.3.11-r0
+nginx                           1.22.1-r0              apk     
-utmps-libs-0.1.2.0-r1
+nginx-mod-devel-kit             1.22.1-r0              apk     
-whois-5.5.14-r0
+nginx-mod-http-brotli           1.22.1-r0              apk     
-xz-5.2.9-r0
+nginx-mod-http-dav-ext          1.22.1-r0              apk     
-xz-libs-5.2.9-r0
+nginx-mod-http-echo             1.22.1-r0              apk     
-zlib-1.2.13-r0
+nginx-mod-http-fancyindex       1.22.1-r0              apk     
-zstd-libs-1.5.2-r9
+nginx-mod-http-geoip2           1.22.1-r0              apk     
+nginx-mod-http-headers-more     1.22.1-r0              apk     
+nginx-mod-http-image-filter     1.22.1-r0              apk     
+nginx-mod-http-perl             1.22.1-r0              apk     
+nginx-mod-http-redis2           1.22.1-r0              apk     
+nginx-mod-http-set-misc         1.22.1-r0              apk     
+nginx-mod-http-upload-progress  1.22.1-r0              apk     
+nginx-mod-http-xslt-filter      1.22.1-r0              apk     
+nginx-mod-mail                  1.22.1-r0              apk     
+nginx-mod-rtmp                  1.22.1-r0              apk     
+nginx-mod-stream                1.22.1-r0              apk     
+nginx-mod-stream-geoip2         1.22.1-r0              apk     
+nginx-vim                       1.22.1-r0              apk     
+npth                            1.6-r2                 apk     
+oauth2client                    4.1.3                  python  
+oauthlib                        3.2.2                  python  
+oniguruma                       6.9.8-r0               apk     
+openssl                         3.0.8-r0               apk     
+p11-kit                         0.24.1-r1              apk     
+parsedatetime                   2.6                    python  
+pcre                            8.45-r2                apk     
+pcre2                           10.42-r0               apk     
+perl                            5.36.0-r0              apk     
+perl-error                      0.17029-r1             apk     
+perl-git                        2.38.4-r0              apk     
+php-cli                         8.1.16                 binary  
+php-fpm                         8.1.16                 binary  
+php81                           8.1.16-r0              apk     
+php81-bcmath                    8.1.16-r0              apk     
+php81-bz2                       8.1.16-r0              apk     
+php81-common                    8.1.16-r0              apk     
+php81-ctype                     8.1.16-r0              apk     
+php81-curl                      8.1.16-r0              apk     
+php81-dom                       8.1.16-r0              apk     
+php81-exif                      8.1.16-r0              apk     
+php81-fileinfo                  8.1.16-r0              apk     
+php81-fpm                       8.1.16-r0              apk     
+php81-ftp                       8.1.16-r0              apk     
+php81-gd                        8.1.16-r0              apk     
+php81-gmp                       8.1.16-r0              apk     
+php81-iconv                     8.1.16-r0              apk     
+php81-imap                      8.1.16-r0              apk     
+php81-intl                      8.1.16-r0              apk     
+php81-ldap                      8.1.16-r0              apk     
+php81-mbstring                  8.1.16-r0              apk     
+php81-mysqli                    8.1.16-r0              apk     
+php81-mysqlnd                   8.1.16-r0              apk     
+php81-opcache                   8.1.16-r0              apk     
+php81-openssl                   8.1.16-r0              apk     
+php81-pdo                       8.1.16-r0              apk     
+php81-pdo_mysql                 8.1.16-r0              apk     
+php81-pdo_odbc                  8.1.16-r0              apk     
+php81-pdo_pgsql                 8.1.16-r0              apk     
+php81-pdo_sqlite                8.1.16-r0              apk     
+php81-pear                      8.1.16-r0              apk     
+php81-pecl-apcu                 5.1.22-r0              apk     
+php81-pecl-igbinary             3.2.12-r0              apk     
+php81-pecl-mailparse            3.1.4-r0               apk     
+php81-pecl-mcrypt               1.0.6-r0               apk     
+php81-pecl-memcached            3.2.0-r0               apk     
+php81-pecl-redis                5.3.7-r0               apk     
+php81-pecl-xmlrpc               1.0.0_rc3-r0           apk     
+php81-pgsql                     8.1.16-r0              apk     
+php81-phar                      8.1.16-r0              apk     
+php81-posix                     8.1.16-r0              apk     
+php81-session                   8.1.16-r0              apk     
+php81-simplexml                 8.1.16-r0              apk     
+php81-soap                      8.1.16-r0              apk     
+php81-sockets                   8.1.16-r0              apk     
+php81-sodium                    8.1.16-r0              apk     
+php81-sqlite3                   8.1.16-r0              apk     
+php81-tokenizer                 8.1.16-r0              apk     
+php81-xml                       8.1.16-r0              apk     
+php81-xmlreader                 8.1.16-r0              apk     
+php81-xmlwriter                 8.1.16-r0              apk     
+php81-xsl                       8.1.16-r0              apk     
+php81-zip                       8.1.16-r0              apk     
+pinentry                        1.2.1-r0               apk     
+pip                             23.0.1                 python  
+pkb-client                      1.2                    python  
+popt                            1.19-r0                apk     
+portalocker                     2.7.0                  python  
+procps                          3.3.17-r2              apk     
+protobuf                        4.22.0                 python  
+pyOpenSSL                       23.0.0                 python  
+pyRFC3339                       1.1                    python  
+pyacmedns                       0.4                    python  
+pyasn1                          0.4.8                  python  
+pyasn1-modules                  0.2.8                  python  
+pycparser                       2.21                   python  
+pyparsing                       3.0.9                  python  
+python                          3.10.10                binary  
+python-dateutil                 2.8.2                  python  
+python-digitalocean             1.17.0                 python  
+python-transip                  0.6.0                  python  
+python3                         3.10.10-r0             apk     
+pytz                            2022.7.1               python  
+readline                        8.2.0-r0               apk     
+requests                        2.28.2                 python  
+requests-file                   1.5.1                  python  
+requests-mock                   1.10.0                 python  
+requests-oauthlib               1.3.1                  python  
+rsa                             4.9                    python  
+s3transfer                      0.6.0                  python  
+scanelf                         1.3.5-r1               apk     
+setuptools                      65.5.0                 python  
+shadow                          4.13-r0                apk     
+six                             1.16.0                 python  
+skalibs                         2.12.0.1-r0            apk     
+soupsieve                       2.4                    python  
+sqlite-libs                     3.40.1-r0              apk     
+ssl_client                      1.35.0-r29             apk     
+tiff                            4.4.0-r1               apk     
+tldextract                      3.4.0                  python  
+typing_extensions               4.5.0                  python  
+tzdata                          2022f-r1               apk     
+unixodbc                        2.3.11-r0              apk     
+uritemplate                     4.1.1                  python  
+urllib3                         1.26.14                python  
+utmps-libs                      0.1.2.0-r1             apk     
+wheel                           0.38.4                 python  
+whois                           5.5.14-r0              apk     
+xz                              5.2.9-r0               apk     
+xz-libs                         5.2.9-r0               apk     
+zipp                            3.15.0                 python  
+zlib                            1.2.13-r0              apk     
+zope.interface                  5.5.2                  python  
+zstd-libs                       1.5.2-r9               apk     

readme-vars.yml

@@ -154,6 +154,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "09.02.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs." }
   - { date: "06.02.23:", desc: "Add porkbun support back in." }
   - { date: "21.01.23:", desc: "Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x." }
   - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }

root/defaults/dns-conf/netcup.ini

@@ -1,3 +1,5 @@
+# Recommended PROPAGATION value in environment for netcup is 900
+
 dns_netcup_customer_id  = 123456
 dns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567
 dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123

root/defaults/nginx/authelia-location.conf.sample

@@ -1,15 +1,29 @@
-## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
+# Rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
 # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
 
+## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
 auth_request /authelia/api/verify;
-auth_request_set $target_url $scheme://$http_host$request_uri;
+## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
+error_page 401 = @authelia_proxy_signin;
+
+## Translate response headers from Authelia into variables
 auth_request_set $user $upstream_http_remote_user;
 auth_request_set $groups $upstream_http_remote_groups;
 auth_request_set $name $upstream_http_remote_name;
 auth_request_set $email $upstream_http_remote_email;
+auth_request_set $authorization $upstream_http_authorization;
+auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
+
+## Inject the response header variables into the request made to the actual upstream
 proxy_set_header Remote-User $user;
 proxy_set_header Remote-Groups $groups;
 proxy_set_header Remote-Name $name;
 proxy_set_header Remote-Email $email;
-error_page 401 =302 https://$http_host/authelia/?rd=$target_url;
+proxy_set_header Authorization $authorization;
+proxy_set_header Proxy-Authorization $proxy_authorization;
+
+## Include the Set-Cookie header if present.
+auth_request_set $set_cookie $upstream_http_set_cookie;
+add_header Set-Cookie $set_cookie;

root/defaults/nginx/authelia-server.conf.sample

@@ -1,50 +1,55 @@
-## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
+# Rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
+# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
 
+# location for authelia subfolder requests
 location ^~ /authelia {
+    auth_request off; # requests to this subfolder must be accessible without authentication
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authelia authelia;
     proxy_pass http://$upstream_authelia:9091;
 }
 
+# location for authelia auth requests
 location = /authelia/api/verify {
     internal;
 
+    include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authelia authelia;
+    proxy_pass http://$upstream_authelia:9091/authelia/api/verify;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
     proxy_pass_request_body off;
-    proxy_pass http://$upstream_authelia:9091;
     proxy_set_header Content-Length "";
-
+}
-    # Timeout if the real server is dead
+
-    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+# Virtual location for authelia 401 redirects
-
+location @authelia_proxy_signin {
-    # [REQUIRED] Needed by Authelia to check authorizations of the resource.
+    internal;
-    # Provide either X-Original-URL and X-Forwarded-Proto or
+
-    # X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
+    ## Set the $target_url variable based on the original request.
-    # Those headers will be used by Authelia to deduce the target url of the user.
+    set_escape_uri $target_url $scheme://$http_host$request_uri;
-    # Basic Proxy Config
+
-    client_body_buffer_size 128k;
+    ## Include the Set-Cookie header if present.
-    proxy_set_header Host $host;
+    auth_request_set $set_cookie $upstream_http_set_cookie;
-    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+    add_header Set-Cookie $set_cookie;
-    proxy_set_header X-Real-IP $remote_addr;
+
-    proxy_set_header X-Forwarded-For $remote_addr;
+    ## Set $authelia_backend to route requests to the current domain by default
-    proxy_set_header X-Forwarded-Method $request_method;
+    set $authelia_backend $http_host;
-    proxy_set_header X-Forwarded-Proto $scheme;
+    ## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
-    proxy_set_header X-Forwarded-Host $http_host;
+    ## To use authelia on a separate subdomain:
-    proxy_set_header X-Forwarded-Uri $request_uri;
+    ##  * comment the $authelia_backend line above
-    proxy_set_header X-Forwarded-Ssl on;
+    ##  * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
-    proxy_redirect  http://  $scheme://;
+    ##  * make sure that your dns has a cname set for authelia
-    proxy_http_version 1.1;
+    ##  * uncomment the $authelia_backend line below and change example.com to your domain
-    proxy_set_header Connection "";
+    ##  * restart the swag container
-    proxy_cache_bypass $cookie_session;
+    #set $authelia_backend authelia.example.com;
-    proxy_no_cache $cookie_session;
+
-    proxy_buffers 4 32k;
+    return 302 https://$authelia_backend/authelia/?rd=$target_url;
-
-    # Advanced Proxy Config
-    send_timeout 5m;
-    proxy_read_timeout 240;
-    proxy_send_timeout 240;
-    proxy_connect_timeout 240;
 }

root/defaults/nginx/authentik-location.conf.sample

@@ -0,0 +1,26 @@
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
+# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
+# Rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf
+
+## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
+auth_request /outpost.goauthentik.io/auth/nginx;
+## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
+error_page 401 = @goauthentik_proxy_signin;
+
+## Translate response headers from Authentik into variables
+auth_request_set $authentik_username $upstream_http_x_authentik_username;
+auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
+auth_request_set $authentik_email $upstream_http_x_authentik_email;
+auth_request_set $authentik_name $upstream_http_x_authentik_name;
+auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
+
+## Inject the response header variables into the request made to the actual upstream
+proxy_set_header X-authentik-username $authentik_username;
+proxy_set_header X-authentik-groups $authentik_groups;
+proxy_set_header X-authentik-email $authentik_email;
+proxy_set_header X-authentik-name $authentik_name;
+proxy_set_header X-authentik-uid $authentik_uid;
+
+## Include the Set-Cookie header if present.
+auth_request_set $set_cookie $upstream_http_set_cookie;
+add_header Set-Cookie $set_cookie;

root/defaults/nginx/authentik-server.conf.sample

@@ -0,0 +1,45 @@
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
+# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
+# Rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf
+
+# location for authentik subfolder requests
+location ^~ /outpost.goauthentik.io {
+    auth_request off; # requests to this subfolder must be accessible without authentication
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_authentik authentik-server;
+    proxy_pass http://$upstream_authentik:9000;
+}
+
+# location for authentik auth requests
+location = /outpost.goauthentik.io/auth/nginx {
+    internal;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_authentik authentik-server;
+    proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+}
+
+# Virtual location for authentik 401 redirects
+location @goauthentik_proxy_signin {
+    internal;
+
+    ## Set the $target_url variable based on the original request.
+    set_escape_uri $target_url $scheme://$http_host$request_uri;
+
+    ## Include the Set-Cookie header if present.
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
+    ## Set $authentik_backend to route requests to the current domain by default
+    set $authentik_backend $http_host;
+    return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url;
+}

root/defaults/nginx/proxy.conf.sample

@@ -1,4 +1,4 @@
-## Version 2022/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
 
 # Timeout if the real server is dead
 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
@@ -25,11 +25,13 @@ proxy_set_header Host $host;
 proxy_set_header Proxy "";
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Host $host:$server_port;
+proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Method $request_method;
+proxy_set_header X-Forwarded-Port $server_port;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-Ssl on;
 proxy_set_header X-Forwarded-Uri $request_uri;
+proxy_set_header X-Original-Method $request_method;
 proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
 proxy_set_header X-Real-IP $remote_addr;

root/defaults/nginx/site-confs/default.conf.sample

@@ -1,4 +1,4 @@
-## Version 2022/10/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
 
 # redirect all traffic to https
 server {
@@ -29,6 +29,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable for basic auth
         #auth_basic "Restricted";
@@ -40,6 +43,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         try_files $uri $uri/ /index.html /index.php$is_args$args =404;
     }
 

root/etc/s6-overlay/s6-rc.d/init-nginx-config/run

@@ -14,6 +14,14 @@ if [[ ! -f /config/nginx/authelia-server.conf ]]; then
     cp /defaults/nginx/authelia-server.conf.sample /config/nginx/authelia-server.conf
 fi
 
+# copy authentik config files if they don't exist
+if [[ ! -f /config/nginx/authentik-location.conf ]]; then
+    cp /defaults/nginx/authentik-location.conf.sample /config/nginx/authentik-location.conf
+fi
+if [[ ! -f /config/nginx/authentik-server.conf ]]; then
+    cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
+fi
+
 # copy old ldap config file to new location
 if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
     cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf