mirror of
https://github.com/linuxserver/docker-swag.git
synced 2026-03-03 00:43:34 +09:00
Compare commits
60 Commits
2.6.0-ls21
...
2.6.0-ls23
| Author | SHA1 | Date | |
|---|---|---|---|
|
3b49643c78 | ||
|
|
0f9d247ba4 | ||
|
|
cab0b86b65 | ||
|
4d3875d37e | ||
|
|
badea52047 | ||
|
|
97baf76a10 | ||
|
|
6ed02e1e00 | ||
|
|
a6778ab7c7 | ||
|
|
95c791acfc | ||
|
|
42ccafc064 | ||
|
|
6b7cdb26f1 | ||
|
e19a030eff | ||
|
|
4d4cb0ca74 | ||
|
|
9554582962 | ||
|
|
42ebe4a584 | ||
|
|
b9f5763ee5 | ||
|
|
2b0bf5869c | ||
|
|
b46830f214 | ||
|
|
66a8694772 | ||
|
|
33568e1bd3 | ||
|
|
0004cd1ce8 | ||
|
8dbd50ac06 | ||
|
|
cae42496e2 | ||
|
|
2f8c5b4487 | ||
|
|
9f75c7a713 | ||
|
|
262c1013aa | ||
|
|
54e4cfa047 | ||
|
|
97ba6a7de9 | ||
|
|
f11a753445 | ||
|
|
ee6153c817 | ||
|
|
93424877a9 | ||
|
|
eaf8b3648b | ||
|
|
b754cedda2 | ||
|
|
0d05560652 | ||
|
|
7f9b637353 | ||
|
|
675d67bbd4 | ||
|
|
402d513115 | ||
|
|
fac669ea43 | ||
|
|
3aab75dc8b | ||
|
|
b2e8d8c8ab | ||
|
973abbefbb | ||
|
|
dede63fdcf | ||
|
|
bee6793d45 | ||
|
|
29e9daa606 | ||
|
|
5255b117f9 | ||
|
|
d7a8d6cc6a | ||
|
|
d67459e852 | ||
|
|
0ddb5be5f5 | ||
|
|
9d695718f0 | ||
|
|
908571dea8 | ||
|
|
d7e2455e7a | ||
|
|
ebd233860e | ||
|
|
5fb909d7dc | ||
|
|
fd6d8764a2 | ||
|
|
ab7c85e4de | ||
|
|
d60847483d | ||
|
|
53bb2e284f | ||
|
|
43e50ffb03 | ||
|
|
18019fb216 | ||
|
|
d57dffef82 |
@@ -91,6 +91,7 @@ RUN \
|
||||
certbot-dns-acmedns \
|
||||
certbot-dns-aliyun \
|
||||
certbot-dns-azure \
|
||||
certbot-dns-bunny \
|
||||
certbot-dns-cloudflare \
|
||||
certbot-dns-cpanel \
|
||||
certbot-dns-desec \
|
||||
@@ -101,8 +102,10 @@ RUN \
|
||||
certbot-dns-dnspod \
|
||||
certbot-dns-do \
|
||||
certbot-dns-domeneshop \
|
||||
certbot-dns-dreamhost \
|
||||
certbot-dns-duckdns \
|
||||
certbot-dns-dynu \
|
||||
certbot-dns-freedns \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-godaddy \
|
||||
certbot-dns-google \
|
||||
|
||||
@@ -91,6 +91,7 @@ RUN \
|
||||
certbot-dns-acmedns \
|
||||
certbot-dns-aliyun \
|
||||
certbot-dns-azure \
|
||||
certbot-dns-bunny \
|
||||
certbot-dns-cloudflare \
|
||||
certbot-dns-cpanel \
|
||||
certbot-dns-desec \
|
||||
@@ -101,8 +102,10 @@ RUN \
|
||||
certbot-dns-dnspod \
|
||||
certbot-dns-do \
|
||||
certbot-dns-domeneshop \
|
||||
certbot-dns-dreamhost \
|
||||
certbot-dns-duckdns \
|
||||
certbot-dns-dynu \
|
||||
certbot-dns-freedns \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-godaddy \
|
||||
certbot-dns-google \
|
||||
|
||||
5
Jenkinsfile
vendored
5
Jenkinsfile
vendored
@@ -280,7 +280,7 @@ pipeline {
|
||||
echo "Jenkinsfile is up to date."
|
||||
fi
|
||||
# Stage 2 - Delete old templates
|
||||
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml"
|
||||
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf"
|
||||
for i in ${OLD_TEMPLATES}; do
|
||||
if [[ -f "${i}" ]]; then
|
||||
TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
|
||||
@@ -316,12 +316,13 @@ pipeline {
|
||||
mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/workflows
|
||||
mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/ISSUE_TEMPLATE
|
||||
cp --parents ${TEMPLATED_FILES} ${TEMPDIR}/repo/${LS_REPO}/ || :
|
||||
cp --parents readme-vars.yml ${TEMPDIR}/repo/${LS_REPO}/ || :
|
||||
cd ${TEMPDIR}/repo/${LS_REPO}/
|
||||
if ! grep -q '.jenkins-external' .gitignore 2>/dev/null; then
|
||||
echo ".jenkins-external" >> .gitignore
|
||||
git add .gitignore
|
||||
fi
|
||||
git add ${TEMPLATED_FILES}
|
||||
git add readme-vars.yml ${TEMPLATED_FILES}
|
||||
git commit -m 'Bot Updating Templated Files'
|
||||
git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
|
||||
echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
|
||||
|
||||
@@ -68,7 +68,7 @@ The architectures supported by this image are:
|
||||
* For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
|
||||
* Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
|
||||
* Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
|
||||
* DuckDNS only supoprts two types of DNS validated certificates (not both at the same time):
|
||||
* DuckDNS only supports two types of DNS validated certificates (not both at the same time):
|
||||
1. Certs that only cover your main subdomain (ie. `yoursubdomain.duckdns.org`, leave the `SUBDOMAINS` variable empty)
|
||||
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
|
||||
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
|
||||
@@ -215,7 +215,7 @@ Container images are configured using parameters passed at runtime (such as thos
|
||||
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
|
||||
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
|
||||
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
|
||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
||||
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
|
||||
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
|
||||
@@ -336,6 +336,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
||||
|
||||
## Versions
|
||||
|
||||
* **12.08.23:** - Add FreeDNS plugin. Detect certbot DNS authenticators using CLI.
|
||||
* **07.08.23:** - Add Bunny DNS Configuration.
|
||||
* **27.07.23:** - Added support for dreamhost validation.
|
||||
* **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf.
|
||||
* **27.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug.
|
||||
* **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik.
|
||||
|
||||
@@ -1,33 +1,33 @@
|
||||
NAME VERSION TYPE
|
||||
ConfigArgParse 1.5.3 python
|
||||
PyJWT 2.7.0 python
|
||||
PyYAML 6.0 python
|
||||
ConfigArgParse 1.7 python
|
||||
PyJWT 2.8.0 python
|
||||
PyYAML 6.0.1 python
|
||||
Simple Launcher Executable 1.1.0.14 dotnet
|
||||
acme 2.6.0 python
|
||||
alpine-baselayout 3.4.3-r1 apk
|
||||
alpine-baselayout-data 3.4.3-r1 apk
|
||||
alpine-keys 2.4-r1 apk
|
||||
alpine-release 3.18.0-r0 apk
|
||||
alpine-release 3.18.3-r0 apk
|
||||
aom-libs 3.6.1-r0 apk
|
||||
apache2-utils 2.4.57-r2 apk
|
||||
apache2-utils 2.4.57-r3 apk
|
||||
apk-tools 2.14.0-r2 apk
|
||||
apr 1.7.4-r0 apk
|
||||
apr-util 1.6.3-r1 apk
|
||||
argon2-libs 20190702-r4 apk
|
||||
attrs 23.1.0 python
|
||||
azure-common 1.1.28 python
|
||||
azure-core 1.27.0 python
|
||||
azure-identity 1.13.0 python
|
||||
azure-core 1.29.3 python
|
||||
azure-identity 1.14.0 python
|
||||
azure-mgmt-core 1.4.0 python
|
||||
azure-mgmt-dns 8.0.0 python
|
||||
azure-mgmt-dns 8.1.0 python
|
||||
bash 5.2.15-r5 apk
|
||||
beautifulsoup4 4.12.2 python
|
||||
boto3 1.26.148 python
|
||||
botocore 1.29.148 python
|
||||
boto3 1.28.35 python
|
||||
botocore 1.31.35 python
|
||||
brotli-libs 1.0.9-r14 apk
|
||||
bs4 0.0.1 python
|
||||
busybox 1.36.0 binary
|
||||
busybox 1.36.0-r9 apk
|
||||
busybox-binsh 1.36.0-r9 apk
|
||||
busybox 1.36.1-r2 apk
|
||||
busybox-binsh 1.36.1-r2 apk
|
||||
c-client 2007f-r15 apk
|
||||
ca-certificates 20230506-r0 apk
|
||||
ca-certificates-bundle 20230506-r0 apk
|
||||
@@ -35,7 +35,8 @@ cachetools 5.3.1 python
|
||||
certbot 2.6.0 python
|
||||
certbot-dns-acmedns 0.1.0 python
|
||||
certbot-dns-aliyun 2.0.0 python
|
||||
certbot-dns-azure 2.1.0 python
|
||||
certbot-dns-azure 2.4.0 python
|
||||
certbot-dns-bunny 0.0.9 python
|
||||
certbot-dns-cloudflare 2.6.0 python
|
||||
certbot-dns-cpanel 0.4.0 python
|
||||
certbot-dns-desec 1.2.1 python
|
||||
@@ -46,10 +47,12 @@ certbot-dns-dnsmadeeasy 2.6.0 python
|
||||
certbot-dns-dnspod 0.1.0 python
|
||||
certbot-dns-do 0.31.0 python
|
||||
certbot-dns-domeneshop 0.2.9 python
|
||||
certbot-dns-dreamhost 1.0 python
|
||||
certbot-dns-duckdns 1.3 python
|
||||
certbot-dns-dynu 0.0.4 python
|
||||
certbot-dns-freedns 0.1.0 python
|
||||
certbot-dns-gehirn 2.6.0 python
|
||||
certbot-dns-godaddy 0.2.2 python
|
||||
certbot-dns-godaddy 2.6.0 python
|
||||
certbot-dns-google 2.6.0 python
|
||||
certbot-dns-google-domains 0.1.11 python
|
||||
certbot-dns-he 1.0.0 python
|
||||
@@ -72,24 +75,24 @@ certbot-dns-standalone 1.1 python
|
||||
certbot-dns-transip 0.5.2 python
|
||||
certbot-dns-vultr 1.1.0 python
|
||||
certbot-plugin-gandi 1.4.3 python
|
||||
certifi 2023.5.7 python
|
||||
certifi 2023.7.22 python
|
||||
cffi 1.15.1 python
|
||||
charset-normalizer 3.1.0 python
|
||||
cloudflare 2.11.6 python
|
||||
charset-normalizer 3.2.0 python
|
||||
cloudflare 2.11.7 python
|
||||
configobj 5.0.8 python
|
||||
coreutils 9.3-r1 apk
|
||||
cryptography 41.0.1 python
|
||||
curl 8.1.1-r1 apk
|
||||
dataclasses-json 0.5.7 python
|
||||
cryptography 41.0.3 python
|
||||
curl 8.2.1-r0 apk
|
||||
dataclasses-json 0.5.14 python
|
||||
distro 1.8.0 python
|
||||
dns-lexicon 3.11.7 python
|
||||
dnslib 0.9.23 python
|
||||
dnspython 2.3.0 python
|
||||
dnspython 2.4.2 python
|
||||
domeneshop 0.4.3 python
|
||||
fail2ban 1.0.2 python
|
||||
fail2ban 1.0.2-r2 apk
|
||||
fail2ban-pyc 1.0.2-r2 apk
|
||||
filelock 3.12.0 python
|
||||
filelock 3.12.2 python
|
||||
fontconfig 2.14.2-r3 apk
|
||||
freetype 2.13.0-r5 apk
|
||||
future 0.18.3 python
|
||||
@@ -97,28 +100,28 @@ gdbm 1.23-r1 apk
|
||||
git 2.40.1-r0 apk
|
||||
git-perl 2.40.1-r0 apk
|
||||
gmp 6.2.1-r3 apk
|
||||
gnupg 2.4.1-r1 apk
|
||||
gnupg-dirmngr 2.4.1-r1 apk
|
||||
gnupg-gpgconf 2.4.1-r1 apk
|
||||
gnupg-keyboxd 2.4.1-r1 apk
|
||||
gnupg-utils 2.4.1-r1 apk
|
||||
gnupg-wks-client 2.4.1-r1 apk
|
||||
gnupg 2.4.3-r0 apk
|
||||
gnupg-dirmngr 2.4.3-r0 apk
|
||||
gnupg-gpgconf 2.4.3-r0 apk
|
||||
gnupg-keyboxd 2.4.3-r0 apk
|
||||
gnupg-utils 2.4.3-r0 apk
|
||||
gnupg-wks-client 2.4.3-r0 apk
|
||||
gnutls 3.8.0-r2 apk
|
||||
google-api-core 2.11.0 python
|
||||
google-api-python-client 2.88.0 python
|
||||
google-auth 2.19.1 python
|
||||
google-api-core 2.11.1 python
|
||||
google-api-python-client 2.97.0 python
|
||||
google-auth 2.22.0 python
|
||||
google-auth-httplib2 0.1.0 python
|
||||
googleapis-common-protos 1.59.0 python
|
||||
gpg 2.4.1-r1 apk
|
||||
gpg-agent 2.4.1-r1 apk
|
||||
gpg-wks-server 2.4.1-r1 apk
|
||||
gpgsm 2.4.1-r1 apk
|
||||
gpgv 2.4.1-r1 apk
|
||||
googleapis-common-protos 1.60.0 python
|
||||
gpg 2.4.3-r0 apk
|
||||
gpg-agent 2.4.3-r0 apk
|
||||
gpg-wks-server 2.4.3-r0 apk
|
||||
gpgsm 2.4.3-r0 apk
|
||||
gpgv 2.4.3-r0 apk
|
||||
httplib2 0.22.0 python
|
||||
icu-data-en 73.1-r1 apk
|
||||
icu-libs 73.1-r1 apk
|
||||
icu-data-en 73.2-r2 apk
|
||||
icu-libs 73.2-r2 apk
|
||||
idna 3.4 python
|
||||
importlib-metadata 6.6.0 python
|
||||
importlib-metadata 6.8.0 python
|
||||
ip6tables 1.8.9-r2 apk
|
||||
iptables 1.8.9-r2 apk
|
||||
isodate 0.6.1 python
|
||||
@@ -126,16 +129,16 @@ jmespath 1.0.1 python
|
||||
josepy 1.13.0 python
|
||||
jq 1.6-r3 apk
|
||||
jsonlines 3.1.0 python
|
||||
jsonpickle 3.0.1 python
|
||||
jsonpickle 3.0.2 python
|
||||
libacl 2.3.1-r3 apk
|
||||
libassuan 2.5.5-r2 apk
|
||||
libassuan 2.5.6-r0 apk
|
||||
libattr 2.5.1-r4 apk
|
||||
libavif 0.11.1-r2 apk
|
||||
libbsd 0.11.7-r1 apk
|
||||
libbz2 1.0.8-r5 apk
|
||||
libc-utils 0.7.2-r5 apk
|
||||
libcrypto3 3.1.1-r1 apk
|
||||
libcurl 8.1.1-r1 apk
|
||||
libcrypto3 3.1.2-r0 apk
|
||||
libcurl 8.2.1-r0 apk
|
||||
libdav1d 1.2.1-r0 apk
|
||||
libedit 20221030.3.1-r1 apk
|
||||
libevent 2.1.12-r6 apk
|
||||
@@ -148,9 +151,9 @@ libgpg-error 1.47-r1 apk
|
||||
libice 1.1.1-r2 apk
|
||||
libidn2 2.3.4-r1 apk
|
||||
libintl 0.21.1-r7 apk
|
||||
libjpeg-turbo 2.1.5.1-r2 apk
|
||||
libksba 1.6.3-r2 apk
|
||||
libldap 2.6.4-r3 apk
|
||||
libjpeg-turbo 2.1.5.1-r3 apk
|
||||
libksba 1.6.4-r0 apk
|
||||
libldap 2.6.5-r0 apk
|
||||
libmaxminddb-libs 1.7.1-r1 apk
|
||||
libmcrypt 2.5.8-r10 apk
|
||||
libmd 1.0.4-r2 apk
|
||||
@@ -160,19 +163,19 @@ libncursesw 6.4_p20230506-r0 apk
|
||||
libnftnl 1.2.5-r1 apk
|
||||
libpanelw 6.4_p20230506-r0 apk
|
||||
libpng 1.6.39-r3 apk
|
||||
libpq 15.3-r0 apk
|
||||
libpq 15.4-r0 apk
|
||||
libproc2 4.0.3-r1 apk
|
||||
libsasl 2.1.28-r4 apk
|
||||
libseccomp 2.5.4-r2 apk
|
||||
libsm 1.2.4-r1 apk
|
||||
libsodium 1.0.18-r3 apk
|
||||
libssl3 3.1.1-r1 apk
|
||||
libssl3 3.1.2-r0 apk
|
||||
libstdc++ 12.2.1_git20220924-r10 apk
|
||||
libtasn1 4.19.0-r1 apk
|
||||
libunistring 1.1-r1 apk
|
||||
libuuid 2.38.1-r7 apk
|
||||
libwebp 1.3.0-r2 apk
|
||||
libx11 1.8.4-r3 apk
|
||||
libuuid 2.38.1-r8 apk
|
||||
libwebp 1.3.1-r0 apk
|
||||
libx11 1.8.4-r4 apk
|
||||
libxau 1.0.11-r2 apk
|
||||
libxcb 1.15-r1 apk
|
||||
libxdmcp 1.1.4-r2 apk
|
||||
@@ -185,25 +188,22 @@ libzip 1.9.2-r2 apk
|
||||
linux-pam 1.5.2-r10 apk
|
||||
logrotate 3.21.0-r1 apk
|
||||
loopialib 0.2.0 python
|
||||
lxml 4.9.2 python
|
||||
lxml 4.9.3 python
|
||||
lz4-libs 1.9.4-r4 apk
|
||||
marshmallow 3.19.0 python
|
||||
marshmallow-enum 1.5.1 python
|
||||
memcached 1.6.20 binary
|
||||
memcached 1.6.20-r0 apk
|
||||
mock 5.0.2 python
|
||||
marshmallow 3.20.1 python
|
||||
memcached 1.6.21-r0 apk
|
||||
mock 5.1.0 python
|
||||
mpdecimal 2.5.1-r2 apk
|
||||
msal 1.22.0 python
|
||||
msal 1.23.0 python
|
||||
msal-extensions 1.0.0 python
|
||||
msrest 0.7.1 python
|
||||
musl 1.2.4-r0 apk
|
||||
musl-utils 1.2.4-r0 apk
|
||||
musl 1.2.4-r1 apk
|
||||
musl-utils 1.2.4-r1 apk
|
||||
mypy-extensions 1.0.0 python
|
||||
nano 7.2-r1 apk
|
||||
ncurses-terminfo-base 6.4_p20230506-r0 apk
|
||||
netcat-openbsd 1.219-r1 apk
|
||||
nettle 3.8.1-r2 apk
|
||||
nghttp2-libs 1.53.0-r0 apk
|
||||
nghttp2-libs 1.55.1-r0 apk
|
||||
nginx 1.24.0-r6 apk
|
||||
nginx-mod-devel-kit 1.24.0-r6 apk
|
||||
nginx-mod-http-brotli 1.24.0-r6 apk
|
||||
@@ -224,9 +224,8 @@ nginx-mod-stream 1.24.0-r6 apk
|
||||
nginx-mod-stream-geoip2 1.24.0-r6 apk
|
||||
nginx-vim 1.24.0-r6 apk
|
||||
npth 1.6-r4 apk
|
||||
oauthlib 3.2.2 python
|
||||
oniguruma 6.9.8-r1 apk
|
||||
openssl 3.1.1-r1 apk
|
||||
openssl 3.1.2-r0 apk
|
||||
p11-kit 0.24.1-r2 apk
|
||||
packaging 23.1 python
|
||||
parsedatetime 2.6 python
|
||||
@@ -235,64 +234,62 @@ pcre2 10.42-r1 apk
|
||||
perl 5.36.1-r2 apk
|
||||
perl-error 0.17029-r1 apk
|
||||
perl-git 2.40.1-r0 apk
|
||||
php-cli 8.2.6 binary
|
||||
php-fpm 8.2.6 binary
|
||||
php82 8.2.6-r1 apk
|
||||
php82-bcmath 8.2.6-r1 apk
|
||||
php82-bz2 8.2.6-r1 apk
|
||||
php82-common 8.2.6-r1 apk
|
||||
php82-ctype 8.2.6-r1 apk
|
||||
php82-curl 8.2.6-r1 apk
|
||||
php82-dom 8.2.6-r1 apk
|
||||
php82-exif 8.2.6-r1 apk
|
||||
php82-fileinfo 8.2.6-r1 apk
|
||||
php82-fpm 8.2.6-r1 apk
|
||||
php82-ftp 8.2.6-r1 apk
|
||||
php82-gd 8.2.6-r1 apk
|
||||
php82-gmp 8.2.6-r1 apk
|
||||
php82-iconv 8.2.6-r1 apk
|
||||
php82-imap 8.2.6-r1 apk
|
||||
php82-intl 8.2.6-r1 apk
|
||||
php82-ldap 8.2.6-r1 apk
|
||||
php82-mbstring 8.2.6-r1 apk
|
||||
php82-mysqli 8.2.6-r1 apk
|
||||
php82-mysqlnd 8.2.6-r1 apk
|
||||
php82-opcache 8.2.6-r1 apk
|
||||
php82-openssl 8.2.6-r1 apk
|
||||
php82-pdo 8.2.6-r1 apk
|
||||
php82-pdo_mysql 8.2.6-r1 apk
|
||||
php82-pdo_odbc 8.2.6-r1 apk
|
||||
php82-pdo_pgsql 8.2.6-r1 apk
|
||||
php82-pdo_sqlite 8.2.6-r1 apk
|
||||
php82-pear 8.2.6-r1 apk
|
||||
php82 8.2.8-r0 apk
|
||||
php82-bcmath 8.2.8-r0 apk
|
||||
php82-bz2 8.2.8-r0 apk
|
||||
php82-common 8.2.8-r0 apk
|
||||
php82-ctype 8.2.8-r0 apk
|
||||
php82-curl 8.2.8-r0 apk
|
||||
php82-dom 8.2.8-r0 apk
|
||||
php82-exif 8.2.8-r0 apk
|
||||
php82-fileinfo 8.2.8-r0 apk
|
||||
php82-fpm 8.2.8-r0 apk
|
||||
php82-ftp 8.2.8-r0 apk
|
||||
php82-gd 8.2.8-r0 apk
|
||||
php82-gmp 8.2.8-r0 apk
|
||||
php82-iconv 8.2.8-r0 apk
|
||||
php82-imap 8.2.8-r0 apk
|
||||
php82-intl 8.2.8-r0 apk
|
||||
php82-ldap 8.2.8-r0 apk
|
||||
php82-mbstring 8.2.8-r0 apk
|
||||
php82-mysqli 8.2.8-r0 apk
|
||||
php82-mysqlnd 8.2.8-r0 apk
|
||||
php82-opcache 8.2.8-r0 apk
|
||||
php82-openssl 8.2.8-r0 apk
|
||||
php82-pdo 8.2.8-r0 apk
|
||||
php82-pdo_mysql 8.2.8-r0 apk
|
||||
php82-pdo_odbc 8.2.8-r0 apk
|
||||
php82-pdo_pgsql 8.2.8-r0 apk
|
||||
php82-pdo_sqlite 8.2.8-r0 apk
|
||||
php82-pear 8.2.8-r0 apk
|
||||
php82-pecl-apcu 5.1.22-r0 apk
|
||||
php82-pecl-igbinary 3.2.14-r0 apk
|
||||
php82-pecl-mcrypt 1.0.6-r0 apk
|
||||
php82-pecl-memcached 3.2.0-r1 apk
|
||||
php82-pecl-msgpack 2.2.0-r0 apk
|
||||
php82-pecl-redis 5.3.7-r2 apk
|
||||
php82-pgsql 8.2.6-r1 apk
|
||||
php82-phar 8.2.6-r1 apk
|
||||
php82-posix 8.2.6-r1 apk
|
||||
php82-session 8.2.6-r1 apk
|
||||
php82-simplexml 8.2.6-r1 apk
|
||||
php82-soap 8.2.6-r1 apk
|
||||
php82-sockets 8.2.6-r1 apk
|
||||
php82-sodium 8.2.6-r1 apk
|
||||
php82-sqlite3 8.2.6-r1 apk
|
||||
php82-tokenizer 8.2.6-r1 apk
|
||||
php82-xml 8.2.6-r1 apk
|
||||
php82-xmlreader 8.2.6-r1 apk
|
||||
php82-xmlwriter 8.2.6-r1 apk
|
||||
php82-xsl 8.2.6-r1 apk
|
||||
php82-zip 8.2.6-r1 apk
|
||||
php82-pgsql 8.2.8-r0 apk
|
||||
php82-phar 8.2.8-r0 apk
|
||||
php82-posix 8.2.8-r0 apk
|
||||
php82-session 8.2.8-r0 apk
|
||||
php82-simplexml 8.2.8-r0 apk
|
||||
php82-soap 8.2.8-r0 apk
|
||||
php82-sockets 8.2.8-r0 apk
|
||||
php82-sodium 8.2.8-r0 apk
|
||||
php82-sqlite3 8.2.8-r0 apk
|
||||
php82-tokenizer 8.2.8-r0 apk
|
||||
php82-xml 8.2.8-r0 apk
|
||||
php82-xmlreader 8.2.8-r0 apk
|
||||
php82-xmlwriter 8.2.8-r0 apk
|
||||
php82-xsl 8.2.8-r0 apk
|
||||
php82-zip 8.2.8-r0 apk
|
||||
pinentry 1.2.1-r1 apk
|
||||
pip 23.1.2 python
|
||||
pip 23.2.1 python
|
||||
pkb-client 1.2 python
|
||||
popt 1.19-r2 apk
|
||||
portalocker 2.7.0 python
|
||||
procps-ng 4.0.3-r1 apk
|
||||
protobuf 4.23.2 python
|
||||
protobuf 4.24.2 python
|
||||
publicsuffixlist 0.9.4 python
|
||||
pyOpenSSL 23.2.0 python
|
||||
pyRFC3339 1.1 python
|
||||
@@ -301,43 +298,41 @@ pyasn1 0.5.0 python
|
||||
pyasn1-modules 0.3.0 python
|
||||
pyc 0.1-r0 apk
|
||||
pycparser 2.21 python
|
||||
pyparsing 3.0.9 python
|
||||
python 3.11.3 binary
|
||||
pyparsing 3.1.1 python
|
||||
python-dateutil 2.8.2 python
|
||||
python-digitalocean 1.17.0 python
|
||||
python-transip 0.6.0 python
|
||||
python3 3.11.3-r11 apk
|
||||
python3-pyc 3.11.3-r11 apk
|
||||
python3-pycache-pyc0 3.11.3-r11 apk
|
||||
python3 3.11.4-r0 apk
|
||||
python3-pyc 3.11.4-r0 apk
|
||||
python3-pycache-pyc0 3.11.4-r0 apk
|
||||
pytz 2023.3 python
|
||||
readline 8.2.1-r1 apk
|
||||
requests 2.31.0 python
|
||||
requests-file 1.5.1 python
|
||||
requests-mock 1.10.0 python
|
||||
requests-oauthlib 1.3.1 python
|
||||
requests-mock 1.11.0 python
|
||||
rsa 4.9 python
|
||||
s3transfer 0.6.1 python
|
||||
s3transfer 0.6.2 python
|
||||
scanelf 1.3.7-r1 apk
|
||||
setuptools 65.5.0 python
|
||||
shadow 4.13-r2 apk
|
||||
shadow 4.13-r4 apk
|
||||
six 1.16.0 python
|
||||
skalibs 2.13.1.1-r1 apk
|
||||
soupsieve 2.4.1 python
|
||||
sqlite-libs 3.41.2-r2 apk
|
||||
ssl_client 1.36.0-r9 apk
|
||||
tiff 4.5.0-r6 apk
|
||||
ssl_client 1.36.1-r2 apk
|
||||
tiff 4.5.1-r0 apk
|
||||
tldextract 3.4.4 python
|
||||
typing-inspect 0.9.0 python
|
||||
typing_extensions 4.6.3 python
|
||||
typing_extensions 4.7.1 python
|
||||
tzdata 2023c-r1 apk
|
||||
unixodbc 2.3.11-r2 apk
|
||||
uritemplate 4.1.1 python
|
||||
urllib3 1.26.16 python
|
||||
utmps-libs 0.1.2.1-r1 apk
|
||||
wheel 0.40.0 python
|
||||
wheel 0.41.2 python
|
||||
whois 5.5.17-r0 apk
|
||||
xz-libs 5.4.3-r0 apk
|
||||
zipp 3.15.0 python
|
||||
zipp 3.16.2 python
|
||||
zlib 1.2.13-r1 apk
|
||||
zope.interface 6.0 python
|
||||
zstd-libs 1.5.5-r4 apk
|
||||
|
||||
@@ -50,7 +50,7 @@ opt_param_usage_include_env: true
|
||||
opt_param_env_vars:
|
||||
- { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
|
||||
- { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
|
||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
|
||||
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
|
||||
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
||||
@@ -83,7 +83,7 @@ app_setup_block: |
|
||||
* For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
|
||||
* Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
|
||||
* Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
|
||||
* DuckDNS only supoprts two types of DNS validated certificates (not both at the same time):
|
||||
* DuckDNS only supports two types of DNS validated certificates (not both at the same time):
|
||||
1. Certs that only cover your main subdomain (ie. `yoursubdomain.duckdns.org`, leave the `SUBDOMAINS` variable empty)
|
||||
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
|
||||
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
|
||||
@@ -153,6 +153,9 @@ app_setup_block: |
|
||||
|
||||
# changelog
|
||||
changelogs:
|
||||
- { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." }
|
||||
- { date: "07.08.23:", desc: "Add Bunny DNS Configuration." }
|
||||
- { date: "27.07.23:", desc: "Added support for dreamhost validation." }
|
||||
- { date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf." }
|
||||
- { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." }
|
||||
- { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." }
|
||||
|
||||
2
root/defaults/dns-conf/bunny.ini
Normal file
2
root/defaults/dns-conf/bunny.ini
Normal file
@@ -0,0 +1,2 @@
|
||||
# Bunny API token used by Certbot
|
||||
dns_bunny_api_key = a65e8ebd-45ab-44d2-a542-40d4d009e3bf
|
||||
4
root/defaults/dns-conf/dreamhost.ini
Normal file
4
root/defaults/dns-conf/dreamhost.ini
Normal file
@@ -0,0 +1,4 @@
|
||||
# Instructions: https://github.com/goncalo-leal/certbot-dns-dreamhost#usage
|
||||
# Replace with your values
|
||||
dns_dreamhost_baseurl = "https://api.dreamhost.com/"
|
||||
dns_dreamhost_api_key = "<api_key>"
|
||||
4
root/defaults/dns-conf/freedns.ini
Normal file
4
root/defaults/dns-conf/freedns.ini
Normal file
@@ -0,0 +1,4 @@
|
||||
# Instructions: https://github.com/schleuss/certbot_dns_freedns#credentials
|
||||
# Replace with your values
|
||||
dns_freedns_username = myremoteuser
|
||||
dns_freedns_password = verysecureremoteuserpassword
|
||||
@@ -24,18 +24,37 @@ for i in "${SANED_VARS[@]}"; do
|
||||
done
|
||||
|
||||
# check to make sure DNSPLUGIN is selected if dns validation is used
|
||||
if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
|
||||
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
|
||||
CERTBOT_DNS_AUTHENTICATORS=$(certbot plugins --authenticators 2>/dev/null | sed -e 's/^Entry point: cpanel =/Entry point: dns-cpanel =/' -e '/^Entry point: dns-/!d' -e 's/^Entry point: dns-\([^ ]*\) =.*/\1/' | sort)
|
||||
if [[ "${VALIDATION}" = "dns" ]] && ! echo "${CERTBOT_DNS_AUTHENTICATORS}" | grep -q "${DNSPLUGIN}"; then
|
||||
echo "Please set the DNSPLUGIN variable to one of the following:"
|
||||
echo "${CERTBOT_DNS_AUTHENTICATORS}"
|
||||
sleep infinity
|
||||
fi
|
||||
|
||||
# set_ini_value logic:
|
||||
# - if the name is not found in the file, append the name=value to the end of the file
|
||||
# - if the name is found in the file, replace the value
|
||||
# - if the name is found in the file but commented out, uncomment the line and replace the value
|
||||
# call set_ini_value with parameters: $1=name $2=value $3=file
|
||||
function set_ini_value() {
|
||||
name=${1//\//\\/}
|
||||
value=${2//\//\\/}
|
||||
sed -i \
|
||||
-e '/^#\?\(\s*'"${name}"'\s*=\s*\).*/{s//\1'"${value}"'/;:a;n;ba;q}' \
|
||||
-e '$a'"${name}"'='"${value}" "${3}"
|
||||
}
|
||||
|
||||
# ensure config files exist and has at least one value set (set_ini_value does not work on empty files)
|
||||
touch /config/etc/letsencrypt/cli.ini
|
||||
grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini
|
||||
|
||||
# copy dns default configs
|
||||
cp -n /defaults/dns-conf/* /config/dns-conf/
|
||||
cp -n /defaults/dns-conf/* /config/dns-conf/ 2> >(grep -v 'cp: not replacing')
|
||||
lsiown -R abc:abc /config/dns-conf
|
||||
|
||||
# copy default renewal hooks
|
||||
chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
|
||||
cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
|
||||
cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ 2> >(grep -v 'cp: not replacing')
|
||||
lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
|
||||
|
||||
# replace nginx service location in renewal hooks
|
||||
@@ -157,21 +176,25 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
|
||||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
|
||||
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
|
||||
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
|
||||
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
|
||||
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
|
||||
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
|
||||
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
|
||||
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
|
||||
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
|
||||
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
||||
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
|
||||
sleep infinity
|
||||
REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
|
||||
REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
|
||||
fi
|
||||
if [[ -n "${REV_ZEROSSL_EAB_KID}" ]] && [[ -n "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
||||
REV_ACMESERVER+=("--eab-kid" "${REV_ZEROSSL_EAB_KID}" "--eab-hmac-key" "${REV_ZEROSSL_EAB_HMAC_KEY}")
|
||||
fi
|
||||
REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
|
||||
elif [[ "${ORIGSTAGING}" = "true" ]]; then
|
||||
REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory")
|
||||
else
|
||||
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
|
||||
fi
|
||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
|
||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
|
||||
else
|
||||
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
|
||||
fi
|
||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||
fi
|
||||
@@ -182,9 +205,11 @@ echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS
|
||||
# Check if the cert is using the old LE root cert, revoke and regen if necessary
|
||||
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
|
||||
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
|
||||
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
|
||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
|
||||
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
|
||||
else
|
||||
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
|
||||
fi
|
||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||
fi
|
||||
@@ -208,52 +233,51 @@ else
|
||||
ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
|
||||
fi
|
||||
|
||||
# figuring out url only vs url & subdomains vs subdomains only
|
||||
set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
|
||||
|
||||
# figuring out domain only vs domain & subdomains vs subdomains only
|
||||
DOMAINS_ARRAY=()
|
||||
if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
|
||||
DOMAINS_ARRAY+=("${URL}")
|
||||
fi
|
||||
if [[ -n "${SUBDOMAINS}" ]]; then
|
||||
echo "SUBDOMAINS entered, processing"
|
||||
SUBDOMAINS_ARRAY=()
|
||||
if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
|
||||
if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
|
||||
export URL_REAL="-d *.${URL}"
|
||||
echo "Wildcard cert for only the subdomains of ${URL} will be requested"
|
||||
else
|
||||
export URL_REAL="-d *.${URL} -d ${URL}"
|
||||
echo "Wildcard cert for ${URL} will be requested"
|
||||
fi
|
||||
SUBDOMAINS_ARRAY+=("*.${URL}")
|
||||
echo "Wildcard cert for ${URL} will be requested"
|
||||
else
|
||||
echo "SUBDOMAINS entered, processing"
|
||||
for job in $(echo "${SUBDOMAINS}" | tr "," " "); do
|
||||
export SUBDOMAINS_REAL="${SUBDOMAINS_REAL} -d ${job}.${URL}"
|
||||
SUBDOMAINS_ARRAY+=("${job}.${URL}")
|
||||
done
|
||||
if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
|
||||
URL_REAL="${SUBDOMAINS_REAL}"
|
||||
echo "Only subdomains, no URL in cert"
|
||||
else
|
||||
URL_REAL="-d ${URL}${SUBDOMAINS_REAL}"
|
||||
fi
|
||||
echo "Sub-domains processed are: ${SUBDOMAINS_REAL}"
|
||||
echo "Sub-domains processed are: $(echo "${SUBDOMAINS_ARRAY[*]}" | tr " " ",")"
|
||||
fi
|
||||
else
|
||||
echo "No subdomains defined"
|
||||
URL_REAL="-d ${URL}"
|
||||
DOMAINS_ARRAY+=("${SUBDOMAINS_ARRAY[@]}")
|
||||
fi
|
||||
|
||||
# add extra domains
|
||||
if [[ -n "${EXTRA_DOMAINS}" ]]; then
|
||||
echo "EXTRA_DOMAINS entered, processing"
|
||||
EXTRA_DOMAINS_ARRAY=()
|
||||
for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do
|
||||
export EXTRA_DOMAINS_REAL="${EXTRA_DOMAINS_REAL} -d ${job}"
|
||||
EXTRA_DOMAINS_ARRAY+=("${job}")
|
||||
done
|
||||
echo "Extra domains processed are: ${EXTRA_DOMAINS_REAL}"
|
||||
URL_REAL="${URL_REAL} ${EXTRA_DOMAINS_REAL}"
|
||||
echo "Extra domains processed are: $(echo "${EXTRA_DOMAINS_ARRAY[*]}" | tr " " ",")"
|
||||
DOMAINS_ARRAY+=("${EXTRA_DOMAINS_ARRAY[@]}")
|
||||
fi
|
||||
|
||||
# setting domains in cli.ini
|
||||
set_ini_value "domains" "$(echo "${DOMAINS_ARRAY[*]}" | tr " " ",")" /config/etc/letsencrypt/cli.ini
|
||||
|
||||
# figuring out whether to use e-mail and which
|
||||
if [[ ${EMAIL} == *@* ]]; then
|
||||
echo "E-mail address entered: ${EMAIL}"
|
||||
EMAILPARAM="-m ${EMAIL} --no-eff-email"
|
||||
set_ini_value "email" "${EMAIL}" /config/etc/letsencrypt/cli.ini
|
||||
set_ini_value "no-eff-email" "true" /config/etc/letsencrypt/cli.ini
|
||||
set_ini_value "register-unsafely-without-email" "false" /config/etc/letsencrypt/cli.ini
|
||||
else
|
||||
echo "No e-mail address entered or address invalid"
|
||||
EMAILPARAM="--register-unsafely-without-email"
|
||||
set_ini_value "register-unsafely-without-email" "true" /config/etc/letsencrypt/cli.ini
|
||||
fi
|
||||
|
||||
# alter extension for error message
|
||||
@@ -265,37 +289,41 @@ fi
|
||||
|
||||
# setting the validation method to use
|
||||
if [[ "${VALIDATION}" = "dns" ]]; then
|
||||
AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
|
||||
DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
set_ini_value "preferred-challenges" "dns" /config/etc/letsencrypt/cli.ini
|
||||
set_ini_value "authenticator" "dns-${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
|
||||
set_ini_value "dns-${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
|
||||
if [[ -n "${PROPAGATION}" ]]; then set_ini_value "dns-${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
|
||||
|
||||
# plugins that don't support setting credentials file
|
||||
if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
|
||||
DNSCREDENTIALSPARAM=""
|
||||
sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini
|
||||
fi
|
||||
# plugins that don't support setting propagation
|
||||
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
|
||||
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
|
||||
PROPAGATIONPARAM=""
|
||||
sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini
|
||||
fi
|
||||
# plugins that use old parameter naming convention
|
||||
if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
|
||||
AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
|
||||
DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
|
||||
if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
|
||||
if [[ "${DNSPLUGIN}" =~ ^(cpanel|directadmin)$ ]]; then
|
||||
sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini
|
||||
sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini
|
||||
set_ini_value "authenticator" "${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
|
||||
set_ini_value "${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
|
||||
if [[ -n "${PROPAGATION}" ]]; then set_ini_value "${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
|
||||
fi
|
||||
# don't restore txt records when using DuckDNS plugin
|
||||
if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
|
||||
AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
|
||||
set_ini_value "dns-${DNSPLUGIN}-no-txt-restore" "true" /config/etc/letsencrypt/cli.ini
|
||||
fi
|
||||
|
||||
PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
|
||||
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
|
||||
elif [[ "${VALIDATION}" = "tls-sni" ]]; then
|
||||
PREFCHAL="--standalone --preferred-challenges http"
|
||||
set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
|
||||
set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
|
||||
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
|
||||
else
|
||||
PREFCHAL="--standalone --preferred-challenges http"
|
||||
set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
|
||||
set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
|
||||
echo "http validation is selected"
|
||||
fi
|
||||
|
||||
@@ -304,17 +332,17 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
|
||||
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
|
||||
echo "Retrieving EAB from ZeroSSL"
|
||||
EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}")
|
||||
ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
|
||||
ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
|
||||
ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | jq .eab_kid)
|
||||
ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | jq .eab_hmac_key)
|
||||
if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then
|
||||
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
|
||||
sleep infinity
|
||||
fi
|
||||
ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
|
||||
set_ini_value "eab-kid" "${ZEROSSL_EAB_KID}" /config/etc/letsencrypt/cli.ini
|
||||
set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
|
||||
fi
|
||||
echo "Generating new certificate"
|
||||
# shellcheck disable=SC2086
|
||||
certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
|
||||
certbot certonly --non-interactive --renew-by-default
|
||||
if [[ ! -d /config/keys/letsencrypt ]]; then
|
||||
if [[ "${VALIDATION}" = "dns" ]]; then
|
||||
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
|
||||
|
||||
@@ -15,7 +15,7 @@ if [[ ! -f /config/crontabs/root ]]; then
|
||||
|
||||
# if crontabs still do not exist in config (were not copied from system)
|
||||
# copy crontab from included defaults (using -n, do not overwrite an existing file)
|
||||
cp -n /etc/crontabs/root /config/crontabs/
|
||||
cp -n /etc/crontabs/root /config/crontabs/ 2> >(grep -v 'cp: not replacing')
|
||||
fi
|
||||
# set permissions and import user crontabs
|
||||
lsiown root:root /config/crontabs/root
|
||||
@@ -31,7 +31,7 @@ if [[ ! -f /config/crontabs/abc ]]; then
|
||||
|
||||
# if crontabs still do not exist in config (were not copied from system)
|
||||
# copy crontab from included defaults (using -n, do not overwrite an existing file)
|
||||
cp -n /etc/crontabs/abc /config/crontabs/
|
||||
cp -n /etc/crontabs/abc /config/crontabs/ 2> >(grep -v 'cp: not replacing')
|
||||
fi
|
||||
# set permissions and import user crontabs
|
||||
lsiown abc:abc /config/crontabs/abc
|
||||
|
||||
Reference in New Issue
Block a user