mirror of
https://github.com/linuxserver/docker-swag.git
synced 2026-03-04 01:13:35 +09:00
Compare commits
13 Commits
2.9.0-ls28
...
2.10.0-ls2
| Author | SHA1 | Date | |
|---|---|---|---|
|
5c58fa9383 | ||
|
|
ae19b93cc7 | ||
|
|
5dee340726 | ||
|
3109ff8d9c | ||
|
|
4239dc22d4 | ||
|
|
44c6bd721b | ||
|
|
d4a6be8fad | ||
|
a66b478d1d | ||
|
|
9efac76e25 | ||
|
|
23c6384f2c | ||
|
|
13ede8ea87 | ||
|
a9391d07ee | ||
|
|
4b4c103df4 |
@@ -104,6 +104,7 @@ RUN \
|
||||
certbot-dns-domeneshop \
|
||||
certbot-dns-dreamhost \
|
||||
certbot-dns-duckdns \
|
||||
certbot-dns-dynudns \
|
||||
certbot-dns-freedns \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-glesys \
|
||||
|
||||
@@ -104,6 +104,7 @@ RUN \
|
||||
certbot-dns-domeneshop \
|
||||
certbot-dns-dreamhost \
|
||||
certbot-dns-duckdns \
|
||||
certbot-dns-dynudns \
|
||||
certbot-dns-freedns \
|
||||
certbot-dns-gehirn \
|
||||
certbot-dns-glesys \
|
||||
|
||||
@@ -227,7 +227,7 @@ Containers are configured using parameters passed at runtime (such as those abov
|
||||
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
|
||||
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
|
||||
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
|
||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
||||
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
|
||||
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
|
||||
@@ -400,7 +400,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
||||
|
||||
## Versions
|
||||
|
||||
* **23.03.24:** - Fix perms on the generated `priv-fullchain-bundle.pem`.
|
||||
* **14.03.24:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38.
|
||||
* **11.03.24:** - Restore support for DynuDNS using `certbot-dns-dynudns`.
|
||||
* **06.03.24:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Cleanup default site conf.
|
||||
* **04.03.24:** - Remove `stream.conf` inside the container to allow users to include their own block in `nginx.conf`.
|
||||
* **23.01.24:** - Rebase to Alpine 3.19 with php 8.3, add root periodic crontabs for logrotate.
|
||||
|
||||
@@ -4,7 +4,7 @@ PyJWT 2.8.0 python
|
||||
PyNamecheap 0.0.3 python
|
||||
PyYAML 6.0.1 python
|
||||
Simple Launcher 1.1.0.14 dotnet (+5 duplicates)
|
||||
acme 2.9.0 python
|
||||
acme 2.10.0 python
|
||||
alpine-baselayout 3.4.3-r2 apk
|
||||
alpine-baselayout-data 3.4.3-r2 apk
|
||||
alpine-keys 2.4-r1 apk
|
||||
@@ -23,57 +23,58 @@ azure-mgmt-core 1.4.0 python
|
||||
azure-mgmt-dns 8.1.0 python
|
||||
bash 5.2.21-r0 apk
|
||||
beautifulsoup4 4.12.3 python
|
||||
boto3 1.34.64 python
|
||||
botocore 1.34.64 python
|
||||
boto3 1.34.79 python
|
||||
botocore 1.34.79 python
|
||||
brotli-libs 1.1.0-r1 apk
|
||||
bs4 0.0.2 python
|
||||
busybox 1.36.1-r15 apk
|
||||
busybox-binsh 1.36.1-r15 apk
|
||||
c-ares 1.24.0-r1 apk
|
||||
c-ares 1.27.0-r0 apk
|
||||
c-client 2007f-r15 apk
|
||||
ca-certificates 20230506-r0 apk
|
||||
ca-certificates-bundle 20230506-r0 apk
|
||||
ca-certificates 20240226-r0 apk
|
||||
ca-certificates-bundle 20240226-r0 apk
|
||||
cachetools 5.3.3 python
|
||||
certbot 2.9.0 python
|
||||
certbot 2.10.0 python
|
||||
certbot-dns-acmedns 0.1.0 python
|
||||
certbot-dns-aliyun 2.0.0 python
|
||||
certbot-dns-azure 2.4.0 python
|
||||
certbot-dns-azure 2.5.0 python
|
||||
certbot-dns-bunny 0.0.9 python
|
||||
certbot-dns-cloudflare 2.9.0 python
|
||||
certbot-dns-cloudflare 2.10.0 python
|
||||
certbot-dns-cpanel 0.4.0 python
|
||||
certbot-dns-desec 1.2.1 python
|
||||
certbot-dns-digitalocean 2.9.0 python
|
||||
certbot-dns-digitalocean 2.10.0 python
|
||||
certbot-dns-directadmin 1.0.4 python
|
||||
certbot-dns-dnsimple 2.9.0 python
|
||||
certbot-dns-dnsmadeeasy 2.9.0 python
|
||||
certbot-dns-dnsimple 2.10.0 python
|
||||
certbot-dns-dnsmadeeasy 2.10.0 python
|
||||
certbot-dns-dnspod 0.1.0 python
|
||||
certbot-dns-do 0.31.0 python
|
||||
certbot-dns-domeneshop 0.2.9 python
|
||||
certbot-dns-dreamhost 1.0 python
|
||||
certbot-dns-duckdns 1.3 python
|
||||
certbot-dns-dynudns 0.0.6 python
|
||||
certbot-dns-freedns 0.1.0 python
|
||||
certbot-dns-gehirn 2.9.0 python
|
||||
certbot-dns-gehirn 2.10.0 python
|
||||
certbot-dns-glesys 2.1.0 python
|
||||
certbot-dns-godaddy 2.8.0 python
|
||||
certbot-dns-google 2.9.0 python
|
||||
certbot-dns-google 2.10.0 python
|
||||
certbot-dns-google-domains 0.1.11 python
|
||||
certbot-dns-he 1.0.0 python
|
||||
certbot-dns-hetzner 2.0.0 python
|
||||
certbot-dns-infomaniak 0.2.2 python
|
||||
certbot-dns-inwx 2.2.0 python
|
||||
certbot-dns-ionos 2024.1.8 python
|
||||
certbot-dns-linode 2.9.0 python
|
||||
certbot-dns-linode 2.10.0 python
|
||||
certbot-dns-loopia 1.0.1 python
|
||||
certbot-dns-luadns 2.9.0 python
|
||||
certbot-dns-luadns 2.10.0 python
|
||||
certbot-dns-namecheap 1.0.0 python
|
||||
certbot-dns-netcup 1.4.3 python
|
||||
certbot-dns-njalla 1.0.0 python
|
||||
certbot-dns-nsone 2.9.0 python
|
||||
certbot-dns-ovh 2.9.0 python
|
||||
certbot-dns-nsone 2.10.0 python
|
||||
certbot-dns-ovh 2.10.0 python
|
||||
certbot-dns-porkbun 0.8 python
|
||||
certbot-dns-rfc2136 2.9.0 python
|
||||
certbot-dns-route53 2.9.0 python
|
||||
certbot-dns-sakuracloud 2.9.0 python
|
||||
certbot-dns-rfc2136 2.10.0 python
|
||||
certbot-dns-route53 2.10.0 python
|
||||
certbot-dns-sakuracloud 2.10.0 python
|
||||
certbot-dns-standalone 1.1 python
|
||||
certbot-dns-transip 0.5.2 python
|
||||
certbot-dns-vultr 1.1.0 python
|
||||
@@ -99,7 +100,7 @@ domeneshop 0.4.3 python
|
||||
fail2ban 1.0.2 python
|
||||
fail2ban 1.0.2-r3 apk
|
||||
fail2ban-pyc 1.0.2-r3 apk
|
||||
filelock 3.13.1 python
|
||||
filelock 3.13.3 python
|
||||
fontconfig 2.14.2-r4 apk
|
||||
freetype 2.13.2-r0 apk
|
||||
future 1.0.0 python
|
||||
@@ -113,10 +114,10 @@ gnupg-gpgconf 2.4.4-r0 apk
|
||||
gnupg-keyboxd 2.4.4-r0 apk
|
||||
gnupg-utils 2.4.4-r0 apk
|
||||
gnupg-wks-client 2.4.4-r0 apk
|
||||
gnutls 3.8.3-r0 apk
|
||||
google-api-core 2.17.1 python
|
||||
google-api-python-client 2.122.0 python
|
||||
google-auth 2.28.2 python
|
||||
gnutls 3.8.4-r0 apk
|
||||
google-api-core 2.18.0 python
|
||||
google-api-python-client 2.125.0 python
|
||||
google-auth 2.29.0 python
|
||||
google-auth-httplib2 0.2.0 python
|
||||
googleapis-common-protos 1.63.0 python
|
||||
gpg 2.4.4-r0 apk
|
||||
@@ -148,7 +149,7 @@ libcurl 8.5.0-r0 apk
|
||||
libdav1d 1.3.0-r1 apk
|
||||
libedit 20230828.3.1-r3 apk
|
||||
libevent 2.1.12-r7 apk
|
||||
libexpat 2.6.0-r0 apk
|
||||
libexpat 2.6.2-r0 apk
|
||||
libffi 3.4.4-r3 apk
|
||||
libgcc 13.2.1_git20231014-r0 apk
|
||||
libgcrypt 1.10.3-r0 apk
|
||||
@@ -196,13 +197,13 @@ libzip 1.10.1-r0 apk
|
||||
linux-pam 1.5.3-r7 apk
|
||||
logrotate 3.21.0-r1 apk
|
||||
loopialib 0.2.0 python
|
||||
lxml 5.1.0 python
|
||||
lxml 5.2.1 python
|
||||
lz4-libs 1.9.4-r5 apk
|
||||
marshmallow 3.21.1 python
|
||||
memcached 1.6.22-r0 apk
|
||||
mock 5.1.0 python
|
||||
mpdecimal 2.5.1-r2 apk
|
||||
msal 1.27.0 python
|
||||
msal 1.28.0 python
|
||||
msal-extensions 1.1.0 python
|
||||
musl 1.2.4_git20230717-r4 apk
|
||||
musl-utils 1.2.4_git20230717-r4 apk
|
||||
@@ -297,15 +298,16 @@ pkb-client 1.2 python
|
||||
popt 1.19-r3 apk
|
||||
portalocker 2.8.2 python
|
||||
procps-ng 4.0.4-r0 apk
|
||||
proto-plus 1.23.0 python
|
||||
protobuf 4.25.3 python
|
||||
publicsuffixlist 0.9.4 python
|
||||
pyOpenSSL 24.1.0 python
|
||||
pyRFC3339 1.1 python
|
||||
pyacmedns 0.4 python
|
||||
pyasn1 0.5.1 python
|
||||
pyasn1-modules 0.3.0 python
|
||||
pyasn1 0.6.0 python
|
||||
pyasn1_modules 0.4.0 python
|
||||
pyc 3.11.8-r0 apk
|
||||
pycparser 2.21 python
|
||||
pycparser 2.22 python
|
||||
pyotp 2.9.0 python
|
||||
pyparsing 3.1.2 python
|
||||
python-dateutil 2.9.0.post0 python
|
||||
@@ -318,7 +320,7 @@ pytz 2024.1 python
|
||||
readline 8.2.1-r2 apk
|
||||
requests 2.31.0 python
|
||||
requests-file 2.0.0 python
|
||||
requests-mock 1.11.0 python
|
||||
requests-mock 1.12.1 python
|
||||
rsa 4.9 python
|
||||
s3transfer 0.10.1 python
|
||||
scanelf 1.3.7-r2 apk
|
||||
@@ -330,9 +332,9 @@ soupsieve 2.5 python
|
||||
sqlite-libs 3.44.2-r0 apk
|
||||
ssl_client 1.36.1-r15 apk
|
||||
tiff 4.6.0-r0 apk
|
||||
tldextract 5.1.1 python
|
||||
tldextract 5.1.2 python
|
||||
typing-inspect 0.9.0 python
|
||||
typing_extensions 4.10.0 python
|
||||
typing_extensions 4.11.0 python
|
||||
tzdata 2024a-r0 apk
|
||||
unixodbc 2.3.12-r0 apk
|
||||
uritemplate 4.1.1 python
|
||||
|
||||
@@ -50,7 +50,7 @@ opt_param_usage_include_env: true
|
||||
opt_param_env_vars:
|
||||
- { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
|
||||
- { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
|
||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||
- { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
|
||||
- { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
|
||||
- { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
|
||||
- { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
|
||||
@@ -168,7 +168,9 @@ app_setup_block: |
|
||||
|
||||
# changelog
|
||||
changelogs:
|
||||
- { date: "23.03.24:", desc: "Fix perms on the generated `priv-fullchain-bundle.pem`." }
|
||||
- { date: "14.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38." }
|
||||
- { date: "11.03.24:", desc: "Restore support for DynuDNS using `certbot-dns-dynudns`." }
|
||||
- { date: "06.03.24:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Cleanup default site conf." }
|
||||
- { date: "04.03.24:", desc: "Remove `stream.conf` inside the container to allow users to include their own block in `nginx.conf`." }
|
||||
- { date: "23.01.24:", desc: "Rebase to Alpine 3.19 with php 8.3, add root periodic crontabs for logrotate." }
|
||||
|
||||
3
root/defaults/dns-conf/dynu-credentials.ini
Normal file
3
root/defaults/dns-conf/dynu-credentials.ini
Normal file
@@ -0,0 +1,3 @@
|
||||
# Instructions: https://github.com/DustyRah/certbot-dns-dynudns
|
||||
# Replace with your API token from your dynudns account.
|
||||
dns_dynu_auth_token = AbCbASsd!@34
|
||||
@@ -5,4 +5,5 @@ cd /config/keys/letsencrypt || exit 1
|
||||
openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:
|
||||
sleep 1
|
||||
cat {privkey,fullchain}.pem >priv-fullchain-bundle.pem
|
||||
chmod 600 priv-fullchain-bundle.pem
|
||||
chown -R abc:abc /config/etc/letsencrypt
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
## Version 2024/03/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
|
||||
## Version 2024/03/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
|
||||
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
||||
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
|
||||
# For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
||||
@@ -7,14 +7,32 @@
|
||||
# location for authelia subfolder requests
|
||||
location ^~ /authelia {
|
||||
auth_request off; # requests to this subfolder must be accessible without authentication
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authelia authelia;
|
||||
proxy_pass http://$upstream_authelia:9091;
|
||||
}
|
||||
|
||||
# location for authelia auth requests
|
||||
location ~ /authelia/api/(authz/auth-request|verify) {
|
||||
# location for authelia 4.37 and below auth requests
|
||||
location = /authelia/api/verify {
|
||||
internal;
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authelia authelia;
|
||||
proxy_pass http://$upstream_authelia:9091;
|
||||
|
||||
## Include the Set-Cookie header if present
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $set_cookie;
|
||||
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
}
|
||||
|
||||
# location for authelia 4.38 and above auth requests
|
||||
location = /authelia/api/authz/auth-request {
|
||||
internal;
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
# location for authentik subfolder requests
|
||||
location ^~ /outpost.goauthentik.io {
|
||||
auth_request off; # requests to this subfolder must be accessible without authentication
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authentik authentik-server;
|
||||
|
||||
Reference in New Issue
Block a user