mirror of
https://github.com/linuxserver/docker-swag.git
synced 2026-03-14 06:05:16 +09:00
Compare commits
20 Commits
2.7.4-ls25
...
2.8.0-ls26
| Author | SHA1 | Date | |
|---|---|---|---|
|
5b77a54620 | ||
|
|
3b1478667b | ||
|
0ddf8a270b | ||
|
|
dabbaa3b14 | ||
|
|
bdd5e047ee | ||
|
|
78689b02e2 | ||
|
6c1c4cd00a | ||
|
|
31cef5050f | ||
|
|
52e8f7223e | ||
|
|
1abab5cb6d | ||
|
|
0061faef15 | ||
|
|
6e64bcbd7e | ||
|
|
b9dd1b7c5a | ||
|
|
e9bceab763 | ||
|
|
eba3c341fa | ||
|
|
5fc5825afd | ||
|
|
de18e4ef24 | ||
|
|
fbe212b67c | ||
|
|
2ca6807b64 | ||
|
|
e3560414dc |
@@ -104,7 +104,6 @@ RUN \
|
|||||||
certbot-dns-domeneshop \
|
certbot-dns-domeneshop \
|
||||||
certbot-dns-dreamhost \
|
certbot-dns-dreamhost \
|
||||||
certbot-dns-duckdns \
|
certbot-dns-duckdns \
|
||||||
certbot-dns-dynu \
|
|
||||||
certbot-dns-freedns \
|
certbot-dns-freedns \
|
||||||
certbot-dns-gehirn \
|
certbot-dns-gehirn \
|
||||||
certbot-dns-godaddy \
|
certbot-dns-godaddy \
|
||||||
|
|||||||
@@ -104,7 +104,6 @@ RUN \
|
|||||||
certbot-dns-domeneshop \
|
certbot-dns-domeneshop \
|
||||||
certbot-dns-dreamhost \
|
certbot-dns-dreamhost \
|
||||||
certbot-dns-duckdns \
|
certbot-dns-duckdns \
|
||||||
certbot-dns-dynu \
|
|
||||||
certbot-dns-freedns \
|
certbot-dns-freedns \
|
||||||
certbot-dns-gehirn \
|
certbot-dns-gehirn \
|
||||||
certbot-dns-godaddy \
|
certbot-dns-godaddy \
|
||||||
|
|||||||
20
README.md
20
README.md
@@ -74,6 +74,21 @@ The architectures supported by this image are:
|
|||||||
* After setup, navigate to `https://yourdomain.url` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
|
* After setup, navigate to `https://yourdomain.url` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
|
||||||
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
|
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
|
||||||
|
|
||||||
|
### Certbot Plugins
|
||||||
|
|
||||||
|
SWAG includes many Certbot plugins out of the box, but not all plugins can be includes.
|
||||||
|
If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
|
||||||
|
|
||||||
|
Set the following environment variables on your container:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
DOCKER_MODS=linuxserver/mods:universal-package-install
|
||||||
|
INSTALL_PIP_PACKAGES=certbot-dns-<plugin>
|
||||||
|
```
|
||||||
|
|
||||||
|
Set the required credentials (usually found in the plugin documentation) in `/config/dns-conf/<plugin>.ini`.
|
||||||
|
It is recommended to attempt obtaining a certificate with `STAGING=true` first to make sure the plugin is working as expected.
|
||||||
|
|
||||||
### Security and password protection
|
### Security and password protection
|
||||||
|
|
||||||
* The container detects changes to url and subdomains, revokes existing certs and generates new ones during start.
|
* The container detects changes to url and subdomains, revokes existing certs and generates new ones during start.
|
||||||
@@ -213,7 +228,7 @@ Containers are configured using parameters passed at runtime (such as those abov
|
|||||||
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
|
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
|
||||||
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
|
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
|
||||||
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
|
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
|
||||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||||
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
||||||
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
|
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
|
||||||
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
|
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
|
||||||
@@ -401,6 +416,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
|||||||
|
|
||||||
## Versions
|
## Versions
|
||||||
|
|
||||||
|
* **11.12.23:** - Deprecate certbot-dns-dynu to resolve dependency conflicts with other plugins.
|
||||||
|
* **30.11.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Fix index.php being downloaded on 404.
|
||||||
|
* **23.11.23:** - Run certbot as root to allow fix http validation.
|
||||||
* **01.10.23:** - Fix "unrecognized arguments" issue in DirectAdmin DNS plugin.
|
* **01.10.23:** - Fix "unrecognized arguments" issue in DirectAdmin DNS plugin.
|
||||||
* **28.08.23:** - Add Namecheap DNS plugin.
|
* **28.08.23:** - Add Namecheap DNS plugin.
|
||||||
* **12.08.23:** - Add FreeDNS plugin. Detect certbot DNS authenticators using CLI.
|
* **12.08.23:** - Add FreeDNS plugin. Detect certbot DNS authenticators using CLI.
|
||||||
|
|||||||
@@ -4,11 +4,11 @@ PyJWT 2.8.0 python
|
|||||||
PyNamecheap 0.0.3 python
|
PyNamecheap 0.0.3 python
|
||||||
PyYAML 6.0.1 python
|
PyYAML 6.0.1 python
|
||||||
SimpleLauncherExecutable 1.1.0.14 dotnet
|
SimpleLauncherExecutable 1.1.0.14 dotnet
|
||||||
acme 2.7.4 python
|
acme 2.8.0 python
|
||||||
alpine-baselayout 3.4.3-r1 apk
|
alpine-baselayout 3.4.3-r1 apk
|
||||||
alpine-baselayout-data 3.4.3-r1 apk
|
alpine-baselayout-data 3.4.3-r1 apk
|
||||||
alpine-keys 2.4-r1 apk
|
alpine-keys 2.4-r1 apk
|
||||||
alpine-release 3.18.4-r0 apk
|
alpine-release 3.18.5-r0 apk
|
||||||
aom-libs 3.6.1-r0 apk
|
aom-libs 3.6.1-r0 apk
|
||||||
apache2-utils 2.4.58-r0 apk
|
apache2-utils 2.4.58-r0 apk
|
||||||
apk-tools 2.14.0-r2 apk
|
apk-tools 2.14.0-r2 apk
|
||||||
@@ -23,8 +23,8 @@ azure-mgmt-core 1.4.0 python
|
|||||||
azure-mgmt-dns 8.1.0 python
|
azure-mgmt-dns 8.1.0 python
|
||||||
bash 5.2.15-r5 apk
|
bash 5.2.15-r5 apk
|
||||||
beautifulsoup4 4.12.2 python
|
beautifulsoup4 4.12.2 python
|
||||||
boto3 1.29.3 python
|
boto3 1.33.12 python
|
||||||
botocore 1.32.3 python
|
botocore 1.33.12 python
|
||||||
brotli-libs 1.0.9-r14 apk
|
brotli-libs 1.0.9-r14 apk
|
||||||
bs4 0.0.1 python
|
bs4 0.0.1 python
|
||||||
busybox 1.36.1-r5 apk
|
busybox 1.36.1-r5 apk
|
||||||
@@ -33,46 +33,45 @@ c-client 2007f-r15 apk
|
|||||||
ca-certificates 20230506-r0 apk
|
ca-certificates 20230506-r0 apk
|
||||||
ca-certificates-bundle 20230506-r0 apk
|
ca-certificates-bundle 20230506-r0 apk
|
||||||
cachetools 5.3.2 python
|
cachetools 5.3.2 python
|
||||||
certbot 2.7.4 python
|
certbot 2.8.0 python
|
||||||
certbot-dns-acmedns 0.1.0 python
|
certbot-dns-acmedns 0.1.0 python
|
||||||
certbot-dns-aliyun 2.0.0 python
|
certbot-dns-aliyun 2.0.0 python
|
||||||
certbot-dns-azure 2.4.0 python
|
certbot-dns-azure 2.4.0 python
|
||||||
certbot-dns-bunny 0.0.9 python
|
certbot-dns-bunny 0.0.9 python
|
||||||
certbot-dns-cloudflare 2.7.4 python
|
certbot-dns-cloudflare 2.8.0 python
|
||||||
certbot-dns-cpanel 0.4.0 python
|
certbot-dns-cpanel 0.4.0 python
|
||||||
certbot-dns-desec 1.2.1 python
|
certbot-dns-desec 1.2.1 python
|
||||||
certbot-dns-digitalocean 2.7.4 python
|
certbot-dns-digitalocean 2.8.0 python
|
||||||
certbot-dns-directadmin 1.0.3 python
|
certbot-dns-directadmin 1.0.3 python
|
||||||
certbot-dns-dnsimple 2.6.0 python
|
certbot-dns-dnsimple 2.8.0 python
|
||||||
certbot-dns-dnsmadeeasy 2.6.0 python
|
certbot-dns-dnsmadeeasy 2.8.0 python
|
||||||
certbot-dns-dnspod 0.1.0 python
|
certbot-dns-dnspod 0.1.0 python
|
||||||
certbot-dns-do 0.31.0 python
|
certbot-dns-do 0.31.0 python
|
||||||
certbot-dns-domeneshop 0.2.9 python
|
certbot-dns-domeneshop 0.2.9 python
|
||||||
certbot-dns-dreamhost 1.0 python
|
certbot-dns-dreamhost 1.0 python
|
||||||
certbot-dns-duckdns 1.3 python
|
certbot-dns-duckdns 1.3 python
|
||||||
certbot-dns-dynu 0.0.4 python
|
|
||||||
certbot-dns-freedns 0.1.0 python
|
certbot-dns-freedns 0.1.0 python
|
||||||
certbot-dns-gehirn 2.6.0 python
|
certbot-dns-gehirn 2.8.0 python
|
||||||
certbot-dns-godaddy 0.2.2 python
|
certbot-dns-godaddy 2.7.4 python
|
||||||
certbot-dns-google 2.7.4 python
|
certbot-dns-google 2.8.0 python
|
||||||
certbot-dns-google-domains 0.1.11 python
|
certbot-dns-google-domains 0.1.11 python
|
||||||
certbot-dns-he 1.0.0 python
|
certbot-dns-he 1.0.0 python
|
||||||
certbot-dns-hetzner 2.0.0 python
|
certbot-dns-hetzner 2.0.0 python
|
||||||
certbot-dns-infomaniak 0.2.1 python
|
certbot-dns-infomaniak 0.2.1 python
|
||||||
certbot-dns-inwx 2.2.0 python
|
certbot-dns-inwx 2.2.0 python
|
||||||
certbot-dns-ionos 2023.11.13.post1 python
|
certbot-dns-ionos 2023.11.13.post1 python
|
||||||
certbot-dns-linode 2.6.0 python
|
certbot-dns-linode 2.8.0 python
|
||||||
certbot-dns-loopia 1.0.1 python
|
certbot-dns-loopia 1.0.1 python
|
||||||
certbot-dns-luadns 2.6.0 python
|
certbot-dns-luadns 2.8.0 python
|
||||||
certbot-dns-namecheap 1.0.0 python
|
certbot-dns-namecheap 1.0.0 python
|
||||||
certbot-dns-netcup 1.4.2 python
|
certbot-dns-netcup 1.4.3 python
|
||||||
certbot-dns-njalla 1.0.0 python
|
certbot-dns-njalla 1.0.0 python
|
||||||
certbot-dns-nsone 2.6.0 python
|
certbot-dns-nsone 2.8.0 python
|
||||||
certbot-dns-ovh 2.6.0 python
|
certbot-dns-ovh 2.8.0 python
|
||||||
certbot-dns-porkbun 0.8 python
|
certbot-dns-porkbun 0.8 python
|
||||||
certbot-dns-rfc2136 2.7.4 python
|
certbot-dns-rfc2136 2.8.0 python
|
||||||
certbot-dns-route53 2.7.4 python
|
certbot-dns-route53 2.8.0 python
|
||||||
certbot-dns-sakuracloud 2.6.0 python
|
certbot-dns-sakuracloud 2.8.0 python
|
||||||
certbot-dns-standalone 1.1 python
|
certbot-dns-standalone 1.1 python
|
||||||
certbot-dns-transip 0.5.2 python
|
certbot-dns-transip 0.5.2 python
|
||||||
certbot-dns-vultr 1.1.0 python
|
certbot-dns-vultr 1.1.0 python
|
||||||
@@ -80,14 +79,14 @@ certbot-plugin-gandi 1.5.0 python
|
|||||||
certifi 2023.11.17 python
|
certifi 2023.11.17 python
|
||||||
cffi 1.16.0 python
|
cffi 1.16.0 python
|
||||||
charset-normalizer 3.3.2 python
|
charset-normalizer 3.3.2 python
|
||||||
cloudflare 2.12.4 python
|
cloudflare 2.14.2 python
|
||||||
configobj 5.0.8 python
|
configobj 5.0.8 python
|
||||||
coreutils 9.3-r1 apk
|
coreutils 9.3-r1 apk
|
||||||
cryptography 41.0.5 python
|
cryptography 41.0.7 python
|
||||||
curl 8.4.0-r0 apk
|
curl 8.5.0-r0 apk
|
||||||
dataclasses-json 0.5.14 python
|
dataclasses-json 0.5.14 python
|
||||||
distro 1.8.0 python
|
distro 1.8.0 python
|
||||||
dns-lexicon 3.11.7 python
|
dns-lexicon 3.17.0 python
|
||||||
dnslib 0.9.23 python
|
dnslib 0.9.23 python
|
||||||
dnspython 2.4.2 python
|
dnspython 2.4.2 python
|
||||||
domeneshop 0.4.3 python
|
domeneshop 0.4.3 python
|
||||||
@@ -109,11 +108,11 @@ gnupg-keyboxd 2.4.3-r0 apk
|
|||||||
gnupg-utils 2.4.3-r0 apk
|
gnupg-utils 2.4.3-r0 apk
|
||||||
gnupg-wks-client 2.4.3-r0 apk
|
gnupg-wks-client 2.4.3-r0 apk
|
||||||
gnutls 3.8.0-r2 apk
|
gnutls 3.8.0-r2 apk
|
||||||
google-api-core 2.14.0 python
|
google-api-core 2.15.0 python
|
||||||
google-api-python-client 2.108.0 python
|
google-api-python-client 2.110.0 python
|
||||||
google-auth 2.23.4 python
|
google-auth 2.25.2 python
|
||||||
google-auth-httplib2 0.1.1 python
|
google-auth-httplib2 0.1.1 python
|
||||||
googleapis-common-protos 1.61.0 python
|
googleapis-common-protos 1.62.0 python
|
||||||
gpg 2.4.3-r0 apk
|
gpg 2.4.3-r0 apk
|
||||||
gpg-agent 2.4.3-r0 apk
|
gpg-agent 2.4.3-r0 apk
|
||||||
gpg-wks-server 2.4.3-r0 apk
|
gpg-wks-server 2.4.3-r0 apk
|
||||||
@@ -122,14 +121,13 @@ gpgv 2.4.3-r0 apk
|
|||||||
httplib2 0.22.0 python
|
httplib2 0.22.0 python
|
||||||
icu-data-en 73.2-r2 apk
|
icu-data-en 73.2-r2 apk
|
||||||
icu-libs 73.2-r2 apk
|
icu-libs 73.2-r2 apk
|
||||||
idna 3.4 python
|
idna 3.6 python
|
||||||
importlib-metadata 6.8.0 python
|
|
||||||
ip6tables 1.8.9-r2 apk
|
ip6tables 1.8.9-r2 apk
|
||||||
iptables 1.8.9-r2 apk
|
iptables 1.8.9-r2 apk
|
||||||
isodate 0.6.1 python
|
isodate 0.6.1 python
|
||||||
jmespath 1.0.1 python
|
jmespath 1.0.1 python
|
||||||
josepy 1.14.0 python
|
josepy 1.14.0 python
|
||||||
jq 1.6-r3 apk
|
jq 1.6-r4 apk
|
||||||
jsonlines 4.0.0 python
|
jsonlines 4.0.0 python
|
||||||
jsonpickle 3.0.2 python
|
jsonpickle 3.0.2 python
|
||||||
libacl 2.3.1-r3 apk
|
libacl 2.3.1-r3 apk
|
||||||
@@ -140,7 +138,7 @@ libbsd 0.11.7-r1 apk
|
|||||||
libbz2 1.0.8-r5 apk
|
libbz2 1.0.8-r5 apk
|
||||||
libc-utils 0.7.2-r5 apk
|
libc-utils 0.7.2-r5 apk
|
||||||
libcrypto3 3.1.4-r1 apk
|
libcrypto3 3.1.4-r1 apk
|
||||||
libcurl 8.4.0-r0 apk
|
libcurl 8.5.0-r0 apk
|
||||||
libdav1d 1.2.1-r0 apk
|
libdav1d 1.2.1-r0 apk
|
||||||
libedit 20221030.3.1-r1 apk
|
libedit 20221030.3.1-r1 apk
|
||||||
libevent 2.1.12-r6 apk
|
libevent 2.1.12-r6 apk
|
||||||
@@ -182,7 +180,7 @@ libxau 1.0.11-r2 apk
|
|||||||
libxcb 1.15-r1 apk
|
libxcb 1.15-r1 apk
|
||||||
libxdmcp 1.1.4-r2 apk
|
libxdmcp 1.1.4-r2 apk
|
||||||
libxext 1.3.5-r2 apk
|
libxext 1.3.5-r2 apk
|
||||||
libxml2 2.11.4-r0 apk
|
libxml2 2.11.6-r0 apk
|
||||||
libxpm 3.5.16-r1 apk
|
libxpm 3.5.16-r1 apk
|
||||||
libxslt 1.1.38-r0 apk
|
libxslt 1.1.38-r0 apk
|
||||||
libxt 1.3.0-r2 apk
|
libxt 1.3.0-r2 apk
|
||||||
@@ -196,8 +194,8 @@ marshmallow 3.20.1 python
|
|||||||
memcached 1.6.21-r0 apk
|
memcached 1.6.21-r0 apk
|
||||||
mock 5.1.0 python
|
mock 5.1.0 python
|
||||||
mpdecimal 2.5.1-r2 apk
|
mpdecimal 2.5.1-r2 apk
|
||||||
msal 1.25.0 python
|
msal 1.26.0 python
|
||||||
msal-extensions 1.0.0 python
|
msal-extensions 1.1.0 python
|
||||||
musl 1.2.4-r2 apk
|
musl 1.2.4-r2 apk
|
||||||
musl-utils 1.2.4-r2 apk
|
musl-utils 1.2.4-r2 apk
|
||||||
mypy-extensions 1.0.0 python
|
mypy-extensions 1.0.0 python
|
||||||
@@ -233,58 +231,58 @@ packaging 23.2 python
|
|||||||
parsedatetime 2.6 python
|
parsedatetime 2.6 python
|
||||||
pcre 8.45-r3 apk
|
pcre 8.45-r3 apk
|
||||||
pcre2 10.42-r1 apk
|
pcre2 10.42-r1 apk
|
||||||
perl 5.36.1-r2 apk
|
perl 5.36.2-r0 apk
|
||||||
perl-error 0.17029-r1 apk
|
perl-error 0.17029-r1 apk
|
||||||
perl-git 2.40.1-r0 apk
|
perl-git 2.40.1-r0 apk
|
||||||
php82 8.2.12-r0 apk
|
php82 8.2.13-r0 apk
|
||||||
php82-bcmath 8.2.12-r0 apk
|
php82-bcmath 8.2.13-r0 apk
|
||||||
php82-bz2 8.2.12-r0 apk
|
php82-bz2 8.2.13-r0 apk
|
||||||
php82-common 8.2.12-r0 apk
|
php82-common 8.2.13-r0 apk
|
||||||
php82-ctype 8.2.12-r0 apk
|
php82-ctype 8.2.13-r0 apk
|
||||||
php82-curl 8.2.12-r0 apk
|
php82-curl 8.2.13-r0 apk
|
||||||
php82-dom 8.2.12-r0 apk
|
php82-dom 8.2.13-r0 apk
|
||||||
php82-exif 8.2.12-r0 apk
|
php82-exif 8.2.13-r0 apk
|
||||||
php82-fileinfo 8.2.12-r0 apk
|
php82-fileinfo 8.2.13-r0 apk
|
||||||
php82-fpm 8.2.12-r0 apk
|
php82-fpm 8.2.13-r0 apk
|
||||||
php82-ftp 8.2.12-r0 apk
|
php82-ftp 8.2.13-r0 apk
|
||||||
php82-gd 8.2.12-r0 apk
|
php82-gd 8.2.13-r0 apk
|
||||||
php82-gmp 8.2.12-r0 apk
|
php82-gmp 8.2.13-r0 apk
|
||||||
php82-iconv 8.2.12-r0 apk
|
php82-iconv 8.2.13-r0 apk
|
||||||
php82-imap 8.2.12-r0 apk
|
php82-imap 8.2.13-r0 apk
|
||||||
php82-intl 8.2.12-r0 apk
|
php82-intl 8.2.13-r0 apk
|
||||||
php82-ldap 8.2.12-r0 apk
|
php82-ldap 8.2.13-r0 apk
|
||||||
php82-mbstring 8.2.12-r0 apk
|
php82-mbstring 8.2.13-r0 apk
|
||||||
php82-mysqli 8.2.12-r0 apk
|
php82-mysqli 8.2.13-r0 apk
|
||||||
php82-mysqlnd 8.2.12-r0 apk
|
php82-mysqlnd 8.2.13-r0 apk
|
||||||
php82-opcache 8.2.12-r0 apk
|
php82-opcache 8.2.13-r0 apk
|
||||||
php82-openssl 8.2.12-r0 apk
|
php82-openssl 8.2.13-r0 apk
|
||||||
php82-pdo 8.2.12-r0 apk
|
php82-pdo 8.2.13-r0 apk
|
||||||
php82-pdo_mysql 8.2.12-r0 apk
|
php82-pdo_mysql 8.2.13-r0 apk
|
||||||
php82-pdo_odbc 8.2.12-r0 apk
|
php82-pdo_odbc 8.2.13-r0 apk
|
||||||
php82-pdo_pgsql 8.2.12-r0 apk
|
php82-pdo_pgsql 8.2.13-r0 apk
|
||||||
php82-pdo_sqlite 8.2.12-r0 apk
|
php82-pdo_sqlite 8.2.13-r0 apk
|
||||||
php82-pear 8.2.12-r0 apk
|
php82-pear 8.2.13-r0 apk
|
||||||
php82-pecl-apcu 5.1.22-r0 apk
|
php82-pecl-apcu 5.1.22-r0 apk
|
||||||
php82-pecl-igbinary 3.2.14-r0 apk
|
php82-pecl-igbinary 3.2.14-r0 apk
|
||||||
php82-pecl-mcrypt 1.0.6-r0 apk
|
php82-pecl-mcrypt 1.0.6-r0 apk
|
||||||
php82-pecl-memcached 3.2.0-r1 apk
|
php82-pecl-memcached 3.2.0-r1 apk
|
||||||
php82-pecl-msgpack 2.2.0-r0 apk
|
php82-pecl-msgpack 2.2.0-r0 apk
|
||||||
php82-pecl-redis 6.0.2-r0 apk
|
php82-pecl-redis 6.0.2-r0 apk
|
||||||
php82-pgsql 8.2.12-r0 apk
|
php82-pgsql 8.2.13-r0 apk
|
||||||
php82-phar 8.2.12-r0 apk
|
php82-phar 8.2.13-r0 apk
|
||||||
php82-posix 8.2.12-r0 apk
|
php82-posix 8.2.13-r0 apk
|
||||||
php82-session 8.2.12-r0 apk
|
php82-session 8.2.13-r0 apk
|
||||||
php82-simplexml 8.2.12-r0 apk
|
php82-simplexml 8.2.13-r0 apk
|
||||||
php82-soap 8.2.12-r0 apk
|
php82-soap 8.2.13-r0 apk
|
||||||
php82-sockets 8.2.12-r0 apk
|
php82-sockets 8.2.13-r0 apk
|
||||||
php82-sodium 8.2.12-r0 apk
|
php82-sodium 8.2.13-r0 apk
|
||||||
php82-sqlite3 8.2.12-r0 apk
|
php82-sqlite3 8.2.13-r0 apk
|
||||||
php82-tokenizer 8.2.12-r0 apk
|
php82-tokenizer 8.2.13-r0 apk
|
||||||
php82-xml 8.2.12-r0 apk
|
php82-xml 8.2.13-r0 apk
|
||||||
php82-xmlreader 8.2.12-r0 apk
|
php82-xmlreader 8.2.13-r0 apk
|
||||||
php82-xmlwriter 8.2.12-r0 apk
|
php82-xmlwriter 8.2.13-r0 apk
|
||||||
php82-xsl 8.2.12-r0 apk
|
php82-xsl 8.2.13-r0 apk
|
||||||
php82-zip 8.2.12-r0 apk
|
php82-zip 8.2.13-r0 apk
|
||||||
pinentry 1.2.1-r1 apk
|
pinentry 1.2.1-r1 apk
|
||||||
pip 23.3.1 python
|
pip 23.3.1 python
|
||||||
pkb-client 1.2 python
|
pkb-client 1.2 python
|
||||||
@@ -296,10 +294,11 @@ publicsuffixlist 0.9.4 python
|
|||||||
pyOpenSSL 23.3.0 python
|
pyOpenSSL 23.3.0 python
|
||||||
pyRFC3339 1.1 python
|
pyRFC3339 1.1 python
|
||||||
pyacmedns 0.4 python
|
pyacmedns 0.4 python
|
||||||
pyasn1 0.5.0 python
|
pyasn1 0.5.1 python
|
||||||
pyasn1-modules 0.3.0 python
|
pyasn1-modules 0.3.0 python
|
||||||
pyc 0.1-r0 apk
|
pyc 0.1-r0 apk
|
||||||
pycparser 2.21 python
|
pycparser 2.21 python
|
||||||
|
pyotp 2.9.0 python
|
||||||
pyparsing 3.1.1 python
|
pyparsing 3.1.1 python
|
||||||
python-dateutil 2.8.2 python
|
python-dateutil 2.8.2 python
|
||||||
python-digitalocean 1.17.0 python
|
python-digitalocean 1.17.0 python
|
||||||
@@ -313,7 +312,7 @@ requests 2.31.0 python
|
|||||||
requests-file 1.5.1 python
|
requests-file 1.5.1 python
|
||||||
requests-mock 1.11.0 python
|
requests-mock 1.11.0 python
|
||||||
rsa 4.9 python
|
rsa 4.9 python
|
||||||
s3transfer 0.7.0 python
|
s3transfer 0.8.2 python
|
||||||
scanelf 1.3.7-r1 apk
|
scanelf 1.3.7-r1 apk
|
||||||
setuptools 65.5.0 python
|
setuptools 65.5.0 python
|
||||||
shadow 4.13-r4 apk
|
shadow 4.13-r4 apk
|
||||||
@@ -325,16 +324,15 @@ ssl_client 1.36.1-r5 apk
|
|||||||
tiff 4.5.1-r0 apk
|
tiff 4.5.1-r0 apk
|
||||||
tldextract 5.1.1 python
|
tldextract 5.1.1 python
|
||||||
typing-inspect 0.9.0 python
|
typing-inspect 0.9.0 python
|
||||||
typing_extensions 4.8.0 python
|
typing_extensions 4.9.0 python
|
||||||
tzdata 2023c-r1 apk
|
tzdata 2023c-r1 apk
|
||||||
unixodbc 2.3.11-r2 apk
|
unixodbc 2.3.11-r2 apk
|
||||||
uritemplate 4.1.1 python
|
uritemplate 4.1.1 python
|
||||||
urllib3 1.26.18 python
|
urllib3 2.0.7 python
|
||||||
utmps-libs 0.1.2.1-r1 apk
|
utmps-libs 0.1.2.1-r1 apk
|
||||||
wheel 0.41.3 python
|
wheel 0.42.0 python
|
||||||
whois 5.5.17-r0 apk
|
whois 5.5.17-r0 apk
|
||||||
xz-libs 5.4.3-r0 apk
|
xz-libs 5.4.3-r0 apk
|
||||||
zipp 3.17.0 python
|
|
||||||
zlib 1.2.13-r1 apk
|
zlib 1.2.13-r1 apk
|
||||||
zope.interface 6.1 python
|
zope.interface 6.1 python
|
||||||
zstd-libs 1.5.5-r4 apk
|
zstd-libs 1.5.5-r4 apk
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ opt_param_usage_include_env: true
|
|||||||
opt_param_env_vars:
|
opt_param_env_vars:
|
||||||
- { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
|
- { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
|
||||||
- { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
|
- { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
|
||||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||||
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
|
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
|
||||||
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
|
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
|
||||||
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
||||||
@@ -90,6 +90,21 @@ app_setup_block: |
|
|||||||
* After setup, navigate to `https://yourdomain.url` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
|
* After setup, navigate to `https://yourdomain.url` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
|
||||||
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
|
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
|
||||||
|
|
||||||
|
### Certbot Plugins
|
||||||
|
|
||||||
|
SWAG includes many Certbot plugins out of the box, but not all plugins can be includes.
|
||||||
|
If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
|
||||||
|
|
||||||
|
Set the following environment variables on your container:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
DOCKER_MODS=linuxserver/mods:universal-package-install
|
||||||
|
INSTALL_PIP_PACKAGES=certbot-dns-<plugin>
|
||||||
|
```
|
||||||
|
|
||||||
|
Set the required credentials (usually found in the plugin documentation) in `/config/dns-conf/<plugin>.ini`.
|
||||||
|
It is recommended to attempt obtaining a certificate with `STAGING=true` first to make sure the plugin is working as expected.
|
||||||
|
|
||||||
### Security and password protection
|
### Security and password protection
|
||||||
|
|
||||||
* The container detects changes to url and subdomains, revokes existing certs and generates new ones during start.
|
* The container detects changes to url and subdomains, revokes existing certs and generates new ones during start.
|
||||||
@@ -153,6 +168,9 @@ app_setup_block: |
|
|||||||
|
|
||||||
# changelog
|
# changelog
|
||||||
changelogs:
|
changelogs:
|
||||||
|
- { date: "11.12.23:", desc: "Deprecate certbot-dns-dynu to resolve dependency conflicts with other plugins." }
|
||||||
|
- { date: "30.11.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Fix index.php being downloaded on 404." }
|
||||||
|
- { date: "23.11.23:", desc: "Run certbot as root to allow fix http validation." }
|
||||||
- { date: "01.10.23:", desc: "Fix \"unrecognized arguments\" issue in DirectAdmin DNS plugin." }
|
- { date: "01.10.23:", desc: "Fix \"unrecognized arguments\" issue in DirectAdmin DNS plugin." }
|
||||||
- { date: "28.08.23:", desc: "Add Namecheap DNS plugin." }
|
- { date: "28.08.23:", desc: "Add Namecheap DNS plugin." }
|
||||||
- { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." }
|
- { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." }
|
||||||
|
|||||||
@@ -1,3 +0,0 @@
|
|||||||
# Instructions: https://github.com/bikram990/certbot-dns-dynu#configuration
|
|
||||||
# Replace with your API token from your dynu account.
|
|
||||||
dns_dynu_auth_token = AbCbASsd!@34
|
|
||||||
@@ -12,4 +12,4 @@ datepattern = {^LN-BEG}
|
|||||||
|
|
||||||
# DEV NOTES:
|
# DEV NOTES:
|
||||||
#
|
#
|
||||||
# Author: Will L (driz@linuxserver.io)
|
# Author: notdriz
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
## Version 2023/06/05 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
## Version 2023/11/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
||||||
|
|
||||||
# redirect all traffic to https
|
# redirect all traffic to https
|
||||||
server {
|
server {
|
||||||
@@ -48,7 +48,7 @@ server {
|
|||||||
# enable for Authentik (requires authentik-server.conf in the server block)
|
# enable for Authentik (requires authentik-server.conf in the server block)
|
||||||
#include /config/nginx/authentik-location.conf;
|
#include /config/nginx/authentik-location.conf;
|
||||||
|
|
||||||
try_files $uri $uri/ /index.html /index.php$is_args$args =404;
|
try_files $uri $uri/ /index.html /index.php$is_args$args;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^(.+\.php)(.*)$ {
|
location ~ ^(.+\.php)(.*)$ {
|
||||||
@@ -65,6 +65,7 @@ server {
|
|||||||
# enable for Authentik (requires authentik-server.conf in the server block)
|
# enable for Authentik (requires authentik-server.conf in the server block)
|
||||||
#include /config/nginx/authentik-location.conf;
|
#include /config/nginx/authentik-location.conf;
|
||||||
|
|
||||||
|
try_files $fastcgi_script_name =404;
|
||||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||||
fastcgi_pass 127.0.0.1:9000;
|
fastcgi_pass 127.0.0.1:9000;
|
||||||
fastcgi_index index.php;
|
fastcgi_index index.php;
|
||||||
|
|||||||
@@ -199,9 +199,9 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
|
|||||||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
|
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
|
||||||
fi
|
fi
|
||||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||||
s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
|
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
|
||||||
else
|
else
|
||||||
s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
|
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
|
||||||
fi
|
fi
|
||||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||||
fi
|
fi
|
||||||
@@ -214,9 +214,9 @@ if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "l
|
|||||||
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
|
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
|
||||||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
|
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
|
||||||
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
|
||||||
s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
|
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
|
||||||
else
|
else
|
||||||
s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
|
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
|
||||||
fi
|
fi
|
||||||
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
|
||||||
fi
|
fi
|
||||||
@@ -349,7 +349,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
|
|||||||
set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
|
set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
|
||||||
fi
|
fi
|
||||||
echo "Generating new certificate"
|
echo "Generating new certificate"
|
||||||
s6-setuidgid abc certbot certonly --non-interactive --renew-by-default
|
certbot certonly --non-interactive --renew-by-default
|
||||||
if [[ ! -d /config/keys/letsencrypt ]]; then
|
if [[ ! -d /config/keys/letsencrypt ]]; then
|
||||||
if [[ "${VALIDATION}" = "dns" ]]; then
|
if [[ "${VALIDATION}" = "dns" ]]; then
|
||||||
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
|
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
|
||||||
|
|||||||
Reference in New Issue
Block a user