Compare commits

...

219 Commits

Author SHA1 Message Date
LinuxServer-CI a9d1f7f0ee Bot Updating Package Versions 2026-06-13 07:04:48 +00:00
LinuxServer-CI d3fe405b46 Bot Updating Package Versions 2026-06-06 06:35:32 +00:00
LinuxServer-CI 32c26223dd Bot Updating Package Versions 2026-06-01 16:09:07 +00:00
aptalca 60161a3baf Merge pull request #613 from linuxserver/cert-check
remove obsolete old cert check logic
2026-06-01 12:02:02 -04:00
aptalca 321837be0d remove obsolete old cert check logic 2026-06-01 11:04:38 -04:00
LinuxServer-CI c371973f5f Bot Updating Package Versions 2026-05-30 06:29:09 +00:00
LinuxServer-CI bc18a403ba Bot Updating Package Versions 2026-05-23 06:17:54 +00:00
LinuxServer-CI b104a66e06 Bot Updating Package Versions 2026-05-16 06:00:50 +00:00
LinuxServer-CI 80bc4b4243 Bot Updating Package Versions 2026-05-14 20:15:20 +00:00
LinuxServer-CI 7cf7838a87 Bot Updating Package Versions 2026-05-14 19:54:29 +00:00
LinuxServer-CI 0cb2c16f7d Bot Updating Package Versions 2026-05-11 17:29:24 +00:00
LinuxServer-CI 36129452e8 Bot Updating Package Versions 2026-05-09 05:55:56 +00:00
LinuxServer-CI bb2b29d9c1 Bot Updating Templated Files 2026-05-09 05:51:19 +00:00
LinuxServer-CI b7ea5c43ec Bot Updating Package Versions 2026-05-02 05:43:26 +00:00
LinuxServer-CI 8fbf8ab449 Bot Updating Package Versions 2026-04-25 05:17:58 +00:00
LinuxServer-CI 9c5ae4f09a Bot Updating Package Versions 2026-04-18 05:12:40 +00:00
LinuxServer-CI 321c7f3295 Bot Updating Package Versions 2026-04-11 05:00:44 +00:00
LinuxServer-CI 005a68591d Bot Updating Package Versions 2026-04-07 19:22:47 +00:00
LinuxServer-CI 01bfb62124 Bot Updating Templated Files 2026-04-07 19:18:28 +00:00
LinuxServer-CI 04ad8386bf Bot Updating Package Versions 2026-04-04 04:55:57 +00:00
LinuxServer-CI b409073642 Bot Updating Package Versions 2026-03-28 04:58:53 +00:00
LinuxServer-CI 1c8a8d004e Bot Updating Package Versions 2026-03-21 04:42:40 +00:00
LinuxServer-CI 9235e504a1 Bot Updating Package Versions 2026-03-14 04:48:10 +00:00
LinuxServer-CI ef520118f5 Bot Updating Package Versions 2026-03-10 19:42:05 +00:00
Adam 4a4e84d26b Merge pull request #602 from linuxserver/tinyauth-fix
Add missing tinyauth blocks to default conf
2026-03-07 14:05:10 +00:00
thespad 8c002e6c56 Add missing tinyauth blocks to default conf 2026-03-07 13:57:15 +00:00
LinuxServer-CI ea840fbfbc Bot Updating Package Versions 2026-03-07 04:26:21 +00:00
LinuxServer-CI 42ba97e46a Bot Updating Package Versions
Mark stale issues and pull requests / stale (push) Failing after 0s
External Trigger Scheduler / external-trigger-scheduler (push) Failing after 10s
2026-02-28 04:20:29 +00:00
LinuxServer-CI b4b73022db Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-21 04:42:02 +00:00
LinuxServer-CI 9d5ebb6a7a Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-14 04:50:10 +00:00
LinuxServer-CI 7ad019e68d Bot Updating Templated Files 2026-02-14 04:45:56 +00:00
LinuxServer-CI 59ef2df680 Bot Updating Templated Files 2026-02-14 04:44:20 +00:00
LinuxServer-CI db874b2c0f Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-10 05:08:06 +00:00
LinuxServer-CI 6182a75998 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-02-07 04:43:17 +00:00
LinuxServer-CI 145c5d84f6 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-06 14:17:14 +00:00
LinuxServer-CI 1039f2a04c Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-02-03 19:48:04 +00:00
LinuxServer-CI 156e3ac160 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-01-31 04:29:28 +00:00
LinuxServer-CI e649bd71da Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-01-26 00:38:36 +00:00
LinuxServer-CI b54c263769 Bot Updating Templated Files 2026-01-26 00:34:15 +00:00
aptalca 7b11fb9643 Merge pull request #600 from linuxserver/sample-race
reorder init to make sure samples are copied before version checks
2026-01-25 19:32:30 -05:00
LinuxServer-CI 72d187c734 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-01-24 04:03:28 +00:00
aptalca b6752babcd sandwich swag folder creation and sample copying between nginx base's permissions and version checks to make sure samples are there when the check happens 2026-01-23 21:37:09 -05:00
Adam 6f38cebe04 Merge pull request #597 from hadjilucasL/patch-1
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-01-18 10:04:48 +00:00
LinuxServer-CI 62b3a02aed Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-01-17 03:59:34 +00:00
LinuxServer-CI 2deac3dac6 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-01-13 11:05:27 +00:00
LinuxServer-CI 48cbb269cc Bot Updating Templated Files 2026-01-13 11:00:44 +00:00
Adam 8489cde7c0 Merge pull request #596 from CaptivatingCat/hetzner-cloud 2026-01-13 10:59:01 +00:00
CaptivatingCat a120a68aae Merge branch 'master' into hetzner-cloud 2026-01-11 14:55:29 +01:00
LinuxServer-CI 1674ff4509 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-01-10 04:00:48 +00:00
CaptivatingCat 52707530e2 Merge branch 'master' into hetzner-cloud 2026-01-07 23:30:22 +01:00
CaptivatingCat cbf78b31bb Fix missing quote in readme-vars.yml 2026-01-07 23:29:05 +01:00
Lucas Hadjilucas 2fc01f4e21 Merge branch 'master' into patch-1 2026-01-04 21:36:59 +02:00
LinuxServer-CI 5491278c13 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-01-03 03:59:18 +00:00
CaptivatingCat 4a7daa06ad Merge branch 'master' into hetzner-cloud 2025-12-31 22:39:27 +01:00
Lucas Hadjilucas 77dc5ff352 Merge branch 'master' into patch-1 2025-12-27 23:14:14 +02:00
LinuxServer-CI e834e13141 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-12-27 03:59:05 +00:00
Lucas Hadjilucas 0ab1a76dae Restore symlink paths for letsencrypt keys
To solve #549
2025-12-23 22:46:59 +02:00
CaptivatingCat 8b8b491df3 add support for hetzner-cloud dns validation 2025-12-21 00:55:30 +01:00
LinuxServer-CI 7f080d8564 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-12-20 03:52:51 +00:00
LinuxServer-CI bb730cbc72 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-12-13 03:53:30 +00:00
LinuxServer-CI 6b609ad159 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-12-10 18:35:07 +00:00
LinuxServer-CI f7a31bb18e Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2025-12-06 03:45:58 +00:00
LinuxServer-CI 01a5c0123e Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-12-03 21:23:08 +00:00
LinuxServer-CI 012b4ac68f Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2025-11-29 03:49:15 +00:00
LinuxServer-CI 8961b7e923 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-11-22 03:43:45 +00:00
LinuxServer-CI 1e3524f927 Bot Updating Templated Files 2025-11-22 03:39:13 +00:00
LinuxServer-CI a2f969a62e Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-11-15 03:43:31 +00:00
LinuxServer-CI caaaccb0b3 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-11-08 03:39:30 +00:00
LinuxServer-CI ae11ca79a0 Bot Updating Templated Files
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-11-05 12:06:21 +00:00
driz 9d7c0d6239 Merge pull request #590 from linuxserver/nemchik-patch-1
Update changelog for Gandi credentials update
2025-11-05 07:04:42 -05:00
Eric Nemchik eb151ebd19 Update changelog for Gandi credentials update
Updated the changelog to reflect changes in Gandi credentials and Azure DNS propagation.
2025-11-04 21:22:08 -06:00
Eric Nemchik 4076c6b012 Merge pull request #577 from jeanrobertjs/patch-1
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
2025-11-04 21:18:42 -06:00
LinuxServer-CI 8437debed5 Bot Updating Package Versions 2025-11-05 03:16:31 +00:00
Eric Nemchik 0f177af593 Merge branch 'master' into patch-1 2025-11-04 20:43:59 -06:00
Eric Nemchik 23dd0531f1 Merge pull request #562 from neoteq-it/master 2025-11-04 20:41:38 -06:00
LinuxServer-CI 56d0503cb3 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2025-11-01 03:46:36 +00:00
LinuxServer-CI 9397e9c70f Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-10-25 03:41:22 +00:00
LinuxServer-CI e87649ffcd Bot Updating Templated Files 2025-10-25 03:37:01 +00:00
LinuxServer-CI e11a8ded00 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-10-18 03:32:52 +00:00
LinuxServer-CI 576de0400c Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-10-11 03:31:40 +00:00
LinuxServer-CI ad2d99029a Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-10-07 18:32:33 +00:00
LinuxServer-CI b8d0c422ab Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2025-10-04 03:29:29 +00:00
LinuxServer-CI 07c7399089 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-09-27 03:32:32 +00:00
LinuxServer-CI 2d9590691c Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-09-20 03:32:41 +00:00
LinuxServer-CI 72e5347c3b Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-09-13 03:26:16 +00:00
LinuxServer-CI be7016bcc1 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-09-06 03:31:28 +00:00
LinuxServer-CI ccd2464a26 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-09-02 17:20:15 +00:00
LinuxServer-CI fb4ba0deb0 Bot Updating Package Versions
Mark stale issues and pull requests / stale (push) Has been cancelled
2025-08-30 03:33:52 +00:00
LinuxServer-CI 7d8332e624 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-08-23 03:39:14 +00:00
Jean-Robert JS 0e19ad9d0f Merge branch 'master' into patch-1 2025-08-19 12:13:04 +02:00
LinuxServer-CI d9dbcd0756 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-08-16 03:49:49 +00:00
LinuxServer-CI 8381b03a05 Bot Updating Package Versions
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-08-09 03:54:46 +00:00
LinuxServer-CI a1efcf3cd4 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-08-05 19:29:36 +00:00
LinuxServer-CI 834de14952 Bot Updating Package Versions 2025-08-05 19:25:33 +00:00
LinuxServer-CI 8353859972 Bot Updating Package Versions 2025-08-02 04:00:44 +00:00
Jean-Robert JS f491b59335 Merge branch 'master' into patch-1 2025-07-31 23:30:29 +02:00
LinuxServer-CI ca399a7fa2 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-07-26 04:01:49 +00:00
Jean-Robert JS d602e9bccf Update gandi.ini 2025-07-24 10:47:17 +02:00
Jean-Robert JS 284a8c66f9 Reflects the depreciation of the API key in favor of the personal access token (PAT) 2025-07-23 14:03:33 +02:00
LinuxServer-CI 1905b3c920 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-07-22 17:06:33 +00:00
LinuxServer-CI c9efb531b0 Bot Updating Templated Files 2025-07-22 17:02:00 +00:00
Roxedus 26d05580ef Merge pull request #576 from linuxserver/typo-fix 2025-07-22 18:59:55 +02:00
driz a2a7292e39 fix typo 2025-07-22 11:43:45 -04:00
LinuxServer-CI 5316c58910 Bot Updating Package Versions 2025-07-20 15:09:08 +00:00
LinuxServer-CI fa860e1349 Bot Updating Templated Files 2025-07-20 15:04:44 +00:00
LinuxServer-CI 72f60b132b Bot Updating Templated Files 2025-07-20 15:03:11 +00:00
Adam 24cf84fd61 Merge pull request #573 from linuxserver/3.22 2025-07-20 16:01:37 +01:00
LinuxServer-CI d4ceeb2f67 Bot Updating Package Versions 2025-07-19 03:56:42 +00:00
thespad 1282274a1a Wording 2025-07-18 20:57:53 +01:00
thespad b05df6cf2a Add UDP buffer note 2025-07-18 20:57:01 +01:00
thespad b96738cdf2 Add header note in readme 2025-07-18 20:32:49 +01:00
thespad 2d6a54a526 Comment out QUIC listeners and update readme 2025-07-18 20:26:10 +01:00
LinuxServer-CI bb78c0f50e Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-07-12 03:57:44 +00:00
thespad 56ff1d5e19 Rebase to 3.22 2025-07-09 18:46:39 +01:00
LinuxServer-CI 7f9835b43f Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-07-05 03:53:44 +00:00
LinuxServer-CI f3ac0dd394 Bot Updating Templated Files 2025-07-05 03:49:27 +00:00
LinuxServer-CI 0168126729 Bot Updating Templated Files 2025-07-05 03:48:01 +00:00
LinuxServer-CI 0e55f7b67e Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-06-28 03:48:42 +00:00
LinuxServer-CI b52e35e494 Bot Updating Package Versions
Mark stale issues and pull requests / stale (push) Has been cancelled
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-06-21 03:48:40 +00:00
LinuxServer-CI ef2a5f2077 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-06-16 17:39:01 +00:00
Adam 0c910b9a7b Merge pull request #570 from jlssmt/add-tinyauth 2025-06-16 18:34:21 +01:00
LinuxServer-CI 9ab0f727d0 Bot Updating Package Versions 2025-06-14 03:47:18 +00:00
LinuxServer-CI adcdf5d748 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-06-12 20:30:24 +00:00
LinuxServer-CI 7a38630c0b Bot Updating Package Versions 2025-06-12 20:26:05 +00:00
LinuxServer-CI 6b6e7b74b5 Bot Updating Package Versions 2025-06-11 01:48:03 +00:00
LinuxServer-CI 3b6d0484b9 Bot Updating Templated Files 2025-06-11 01:43:55 +00:00
jlssmt 0d952bcee1 add tinyauth 2025-06-08 17:47:30 +02:00
LinuxServer-CI 35deb8f654 Bot Updating Package Versions 2025-06-07 03:47:21 +00:00
LinuxServer-CI 2ec9bacf0c Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-05-31 03:44:37 +00:00
LinuxServer-CI bcbad63147 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-05-24 03:40:40 +00:00
LinuxServer-CI 962c2322eb Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-05-17 03:43:00 +00:00
LinuxServer-CI dd8fd8ad05 Bot Updating Templated Files 2025-05-17 03:39:19 +00:00
LinuxServer-CI b818ae1f58 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-05-10 03:39:03 +00:00
LinuxServer-CI 43466fe490 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-05-08 21:11:05 +00:00
LinuxServer-CI 3781360d72 Bot Updating Templated Files 2025-05-08 21:05:17 +00:00
Eric Nemchik a01e4aca17 Merge pull request #564 from linuxserver/max-log-backups 2025-05-08 16:03:57 -05:00
Eric Nemchik b87c9d2886 Update readme-vars.yml 2025-05-05 15:25:41 -05:00
Eric Nemchik 08aa9cc07b Disable Certbot's built in log rotation 2025-05-05 15:24:38 -05:00
LinuxServer-CI 23e05f1f7a Bot Updating Package Versions 2025-05-03 03:40:16 +00:00
LinuxServer-CI f80d14bf8c Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-04-26 03:36:46 +00:00
Jean Stickelmann a5f1da0bcf Update run - Azure Supports propagation 2025-04-24 10:27:16 +02:00
LinuxServer-CI 7e7e22753c Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-04-19 03:33:00 +00:00
LinuxServer-CI 9f76c031fe Bot Updating Package Versions 2025-04-12 03:34:26 +00:00
LinuxServer-CI 2b2ccf9e9a Bot Updating Package Versions 2025-04-11 03:24:16 +00:00
Eric Nemchik 54ed99d81a Merge pull request #554 from linuxserver/remove-old-authelia
chore: ⚰️ remove authelia 4.37 and below comments
2025-04-10 22:18:39 -05:00
LinuxServer-CI a3f72898ff Bot Updating Package Versions 2025-04-08 01:29:27 +00:00
Eric Nemchik 8b8d33a81a Merge branch 'master' into remove-old-authelia 2025-04-05 15:43:54 -05:00
LinuxServer-CI 82ba5dd791 Bot Updating Package Versions 2025-04-05 03:34:00 +00:00
LinuxServer-CI e7c815c27f Bot Updating Package Versions 2025-03-29 03:32:47 +00:00
Eric Nemchik 563ae7e9c5 chore: authentik/authelia consistency
Signed-off-by: GitHub <noreply@github.com>
2025-03-25 21:30:10 +00:00
Eric Nemchik 8caf2a1841 feat: 💩 proxy pass the full authelia auth request subpath
Signed-off-by: GitHub <noreply@github.com>
2025-03-25 21:28:54 +00:00
Eric Nemchik 15a3bc9d2c chore: ⚰️ remove authelia 4.37 and below comments
Signed-off-by: GitHub <noreply@github.com>
2025-03-25 19:50:00 +00:00
LinuxServer-CI 1567416bfb Bot Updating Package Versions 2025-03-22 03:34:48 +00:00
LinuxServer-CI f909c85857 Bot Updating Package Versions 2025-03-17 13:53:02 +00:00
LinuxServer-CI 2992a09e32 Bot Updating Package Versions 2025-03-15 03:30:55 +00:00
LinuxServer-CI 5a8b8010ee Bot Updating Package Versions 2025-03-11 17:20:25 +00:00
LinuxServer-CI 586eaa3b4c Bot Updating Package Versions 2025-03-08 03:24:16 +00:00
LinuxServer-CI 2528e2f027 Bot Updating Package Versions 2025-03-01 03:33:12 +00:00
LinuxServer-CI 4632ecb91a Bot Updating Package Versions 2025-02-26 08:57:28 +00:00
Adam 615ccbc589 Merge pull request #548 from linuxserver/invalid-dns-creds 2025-02-26 08:51:57 +00:00
thespad 199d0a6707 Check for broken dns credentials value in cli.ini and remove 2025-02-25 20:24:11 +00:00
LinuxServer-CI f8171d73ce Bot Updating Package Versions 2025-02-22 03:27:55 +00:00
LinuxServer-CI 503578a870 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-02-15 03:25:45 +00:00
LinuxServer-CI b4978e40c5 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-02-11 22:21:06 +00:00
LinuxServer-CI ed765dbdc1 Bot Updating Templated Files 2025-02-11 22:17:30 +00:00
LinuxServer-CI 6fcd946c0a Bot Updating Package Versions 2025-02-08 03:26:43 +00:00
LinuxServer-CI c1d1a87a0c Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-02-01 03:32:56 +00:00
LinuxServer-CI 990c95b7d9 Bot Updating Templated Files 2025-02-01 03:24:53 +00:00
LinuxServer-CI d83dc89c84 Bot Updating Templated Files 2025-02-01 03:23:39 +00:00
LinuxServer-CI 7046e938e0 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-01-25 03:21:11 +00:00
LinuxServer-CI 27e2e83f03 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-01-23 07:42:30 +00:00
quietsy f11dbcea78 Merge pull request #540 from linuxserver/add-project-categories
Add categories to readme-vars.yml
2025-01-23 09:34:40 +02:00
quietsy 07e9ada724 Add categories to readme-vars.yml 2025-01-22 22:44:19 +02:00
Adam ae72916deb Merge pull request #538 from linuxserver/auto-reload-readme
Update auto reload wording
2025-01-19 19:04:33 +00:00
thespad 06b385d25c Update auto reload wording 2025-01-19 18:30:03 +00:00
thespad 8753119d54 Update wording to fix stupid GH markdown parser 2025-01-19 18:21:28 +00:00
LinuxServer-CI 1f2cc4ade5 Bot Updating Package Versions 2025-01-19 18:13:52 +00:00
LinuxServer-CI fc0986b0be Bot Updating Templated Files 2025-01-19 18:07:41 +00:00
LinuxServer-CI 564fbd271a Bot Updating Templated Files 2025-01-19 18:05:23 +00:00
Adam bffc4c9236 Merge pull request #537 from linuxserver/auto-reload 2025-01-19 18:03:54 +00:00
thespad 14cab18c36 Spelling 2025-01-19 17:56:10 +00:00
thespad c0adf4fd0a Update log message 2025-01-19 17:36:15 +00:00
thespad 2160126f96 Use case-insensitive include just in case (no pun) 2025-01-19 17:34:21 +00:00
thespad d81e33b63b Anchor to avoid samples 2025-01-19 17:33:22 +00:00
thespad 21b5a79e06 Switch to include, document watchlist functionality 2025-01-19 17:30:11 +00:00
thespad 02ed03a455 Add auto-reload 2025-01-19 17:03:14 +00:00
thespad 515fdf45d8 Skip logrotate.status file in log chmod 2025-01-19 16:52:45 +00:00
LinuxServer-CI 5a5d0ebaec Bot Updating Package Versions 2025-01-18 03:24:35 +00:00
LinuxServer-CI 37deacf13a Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-01-11 03:29:15 +00:00
LinuxServer-CI 16d5763dcc Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-01-10 17:43:18 +00:00
LinuxServer-CI e12d7e642c Bot Updating Templated Files 2025-01-10 17:33:54 +00:00
driz 0cddb6d6b7 Merge pull request #534 from linuxserver/man-fail2ban
Add working link for fail2ban-client manpage
2025-01-10 12:32:14 -05:00
thespad ff8cf3bfa5 Add working link for fail2ban-client manpage 2025-01-10 17:16:22 +00:00
LinuxServer-CI db05a6b72b Bot Updating Package Versions 2025-01-08 01:24:02 +00:00
LinuxServer-CI 410fa0515e Bot Updating Package Versions 2025-01-07 10:29:27 +00:00
Adam e1ece8ac1c Merge pull request #532 from linuxserver/more-3.21-migrations 2025-01-07 10:25:12 +00:00
thespad d33df2224b Try and warn about confs looking at /etc for certs 2025-01-07 10:15:49 +00:00
thespad 3b98b3ae65 Simplify 2025-01-07 10:15:27 +00:00
LinuxServer-CI af6a3a2163 Bot Updating Package Versions 2025-01-06 18:11:57 +00:00
Adam 7a8a360746 Merge pull request #530 from linuxserver/3.21-migrations 2025-01-06 18:05:32 +00:00
thespad f467b9539b Include space in replacement path 2025-01-06 17:51:07 +00:00
thespad 3aae7b50d9 Migrate existing renewal confs with old paths 2025-01-06 16:54:53 +00:00
LinuxServer-CI 98e22cb66d Bot Updating Package Versions 2025-01-04 03:26:59 +00:00
LinuxServer-CI 0a9c7ff821 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-01-03 16:00:52 +00:00
LinuxServer-CI 6dd89c8232 Bot Updating Templated Files 2025-01-03 15:56:57 +00:00
Adam d376c95088 Merge pull request #526 from linuxserver/3.21 2025-01-03 15:54:39 +00:00
LinuxServer-CI 9a63c22e77 Bot Updating Package Versions 2025-01-03 15:29:34 +00:00
thespad 29bd5fe1b7 Remove logrotate chmod as the base image handles it 2024-12-31 18:18:47 +00:00
LinuxServer-CI 2e005369f1 Bot Updating Package Versions 2024-12-28 03:23:46 +00:00
LinuxServer-CI d9a92bd940 Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2024-12-21 03:28:51 +00:00
LinuxServer-CI 892cf960a9 Bot Updating Templated Files 2024-12-21 03:24:57 +00:00
LinuxServer-CI aaa6ae77b5 Bot Updating Templated Files 2024-12-21 03:22:04 +00:00
thespad c489e2c07f Can't rm if it's an RO filesystem 2024-12-17 21:27:37 +00:00
thespad 7f4aabeef7 Don't need to create that folder 2024-12-17 21:27:26 +00:00
thespad 03f8285212 Remove proxy cache path 2024-12-17 21:27:15 +00:00
thespad 589b80e492 Support disabling f2b 2024-12-17 20:34:13 +00:00
thespad 2dc24f90c7 Use live base image 2024-12-17 20:20:53 +00:00
thespad e56ade75fb Rebase to 3.21 2024-12-17 20:06:05 +00:00
LinuxServer-CI 584ca6732c Bot Updating Package Versions
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2024-12-14 03:33:45 +00:00
49 changed files with 1028 additions and 729 deletions
Executable → Regular
View File
+1 -1
View File
@@ -6,7 +6,7 @@
* Read, and fill the Pull Request template * Read, and fill the Pull Request template
* If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR * If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR
* If the PR is addressing an existing issue include, closes #\<issue number>, in the body of the PR commit message * If the PR is addressing an existing issue include, closes #\<issue number>, in the body of the PR commit message
* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn) * If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://linuxserver.io/discord)
## Common files ## Common files
Executable → Regular
View File
+1 -1
View File
@@ -1,7 +1,7 @@
blank_issues_enabled: false blank_issues_enabled: false
contact_links: contact_links:
- name: Discord chat support - name: Discord chat support
url: https://discord.gg/YWrKVTn url: https://linuxserver.io/discord
about: Realtime support / chat with the community and the team. about: Realtime support / chat with the community and the team.
- name: Discourse discussion forum - name: Discourse discussion forum
View File
View File
+3
View File
@@ -8,6 +8,9 @@ on:
pull_request_review: pull_request_review:
types: [submitted,edited,dismissed] types: [submitted,edited,dismissed]
permissions:
contents: read
jobs: jobs:
manage-project: manage-project:
permissions: permissions:
+3
View File
@@ -4,6 +4,9 @@ on:
- cron: '35 15 * * *' - cron: '35 15 * * *'
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
stale: stale:
permissions: permissions:
+43 -15
View File
@@ -3,6 +3,9 @@ name: External Trigger Main
on: on:
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
external-trigger-master: external-trigger-master:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -15,7 +18,10 @@ jobs:
SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }} SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }}
run: | run: |
printf "# External trigger for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY printf "# External trigger for docker-swag\n\n" >> $GITHUB_STEP_SUMMARY
if grep -q "^swag_master" <<< "${SKIP_EXTERNAL_TRIGGER}"; then if grep -q "^swag_master_" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`swag_master_\`; will skip trigger if version matches." >> $GITHUB_STEP_SUMMARY
elif grep -q "^swag_master" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`swag_master\`; skipping trigger." >> $GITHUB_STEP_SUMMARY echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`swag_master\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
@@ -25,6 +31,11 @@ jobs:
printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version') EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
echo "Type is \`pip_version\`" >> $GITHUB_STEP_SUMMARY echo "Type is \`pip_version\`" >> $GITHUB_STEP_SUMMARY
if grep -q "^swag_master_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` matches current external release; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY
@@ -35,8 +46,8 @@ jobs:
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
exit 1 exit 1
fi fi
EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
echo "External version: \`${EXT_RELEASE}\`" >> $GITHUB_STEP_SUMMARY echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY
echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY
image="linuxserver/swag" image="linuxserver/swag"
tag="latest" tag="latest"
@@ -48,13 +59,30 @@ jobs:
--header "Accept: application/vnd.oci.image.index.v1+json" \ --header "Accept: application/vnd.oci.image.index.v1+json" \
--header "Authorization: Bearer ${token}" \ --header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${tag}") "https://ghcr.io/v2/${image}/manifests/${tag}")
multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}") if jq -e '.layers // empty' <<< "${multidigest}" >/dev/null 2>&1; then
digest=$(curl -s \ # If there's a layer element it's a single-arch manifest so just get that digest
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ digest=$(jq -r '.config.digest' <<< "${multidigest}")
--header "Accept: application/vnd.oci.image.manifest.v1+json" \ else
--header "Authorization: Bearer ${token}" \ # Otherwise it's multi-arch or has manifest annotations
"https://ghcr.io/v2/${image}/manifests/${multidigest}" \ if jq -e '.manifests[]?.annotations // empty' <<< "${multidigest}" >/dev/null 2>&1; then
| jq -r '.config.digest') # Check for manifest annotations and delete if found
multidigest=$(jq 'del(.manifests[] | select(.annotations))' <<< "${multidigest}")
fi
if [[ $(jq '.manifests | length' <<< "${multidigest}") -gt 1 ]]; then
# If there's still more than one digest, it's multi-arch
multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}")
else
# Otherwise it's single arch
multidigest=$(jq -r ".manifests[].digest?" <<< "${multidigest}")
fi
if digest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${multidigest}"); then
digest=$(jq -r '.config.digest' <<< "${digest}");
fi
fi
image_info=$(curl -sL \ image_info=$(curl -sL \
--header "Authorization: Bearer ${token}" \ --header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/blobs/${digest}") "https://ghcr.io/v2/${image}/blobs/${digest}")
@@ -75,8 +103,8 @@ jobs:
exit 1 exit 1
fi fi
echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY
if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then
echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY
exit 0 exit 0
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
@@ -91,8 +119,8 @@ jobs:
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
else else
printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY
echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY
if "${artifacts_found}" == "true" ]]; then if [[ "${artifacts_found}" == "true" ]]; then
echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY
fi fi
response=$(curl -iX POST \ response=$(curl -iX POST \
@@ -111,7 +139,7 @@ jobs:
--data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit" --data-urlencode "Submit=Submit"
echo "**** Notifying Discord ****" echo "**** Notifying Discord ****"
TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
@@ -5,6 +5,9 @@ on:
- cron: '2 * * * *' - cron: '2 * * * *'
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
external-trigger-scheduler: external-trigger-scheduler:
runs-on: ubuntu-latest runs-on: ubuntu-latest
+6
View File
@@ -2,8 +2,14 @@ name: Greetings
on: [pull_request_target, issues] on: [pull_request_target, issues]
permissions:
contents: read
jobs: jobs:
greeting: greeting:
permissions:
issues: write
pull-requests: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/first-interaction@v1 - uses: actions/first-interaction@v1
@@ -5,6 +5,9 @@ on:
- cron: '1 3 * * 6' - cron: '1 3 * * 6'
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
jobs: jobs:
package-trigger-scheduler: package-trigger-scheduler:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -27,9 +30,18 @@ jobs:
fi fi
printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml) JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml)
if [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then if ! curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/Jenkinsfile >/dev/null 2>&1; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> No Jenkinsfile found. Branch is either deprecated or is an early dev branch." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
elif [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then
echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY
if [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then README_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/readme-vars.yml)
if [[ $(yq -r '.project_deprecation_status' <<< "${README_VARS}") == "true" ]]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Branch appears to be deprecated; skipping trigger." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
elif [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} " skipped_branches="${skipped_branches}${br} "
@@ -37,7 +49,7 @@ jobs:
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`swag_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`swag_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} " skipped_branches="${skipped_branches}${br} "
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/lastBuild/api/json | jq -r '.building') == "true" ]; then elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/lastBuild/api/json | jq -r '.building' 2>/dev/null) == "true" ]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} " skipped_branches="${skipped_branches}${br} "
@@ -49,6 +61,11 @@ jobs:
response=$(curl -iX POST \ response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/buildWithParameters?PACKAGE_CHECK=true \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/${br}/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
if [[ -z "${response}" ]]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Jenkins build could not be triggered. Skipping branch."
continue
fi
echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
sleep 10 sleep 10
@@ -56,11 +73,14 @@ jobs:
buildurl="${buildurl%$'\r'}" buildurl="${buildurl%$'\r'}"
echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
curl -iX POST \ if ! curl -ifX POST \
"${buildurl}submitDescription" \ "${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit" --data-urlencode "Submit=Submit"; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Unable to change the Jenkins job description."
fi
sleep 20 sleep 20
fi fi
else else
View File
+1
View File
@@ -1 +1,2 @@
.idea
.jenkins-external .jenkins-external
+36 -35
View File
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1 # syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.20 FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.22
# set version label # set version label
ARG BUILD_DATE ARG BUILD_DATE
@@ -29,6 +29,7 @@ RUN \
apk add --no-cache \ apk add --no-cache \
fail2ban \ fail2ban \
gnupg \ gnupg \
inotify-tools \
iptables-legacy \ iptables-legacy \
memcached \ memcached \
nginx-mod-http-brotli \ nginx-mod-http-brotli \
@@ -48,37 +49,36 @@ RUN \
nginx-mod-stream \ nginx-mod-stream \
nginx-mod-stream-geoip2 \ nginx-mod-stream-geoip2 \
nginx-vim \ nginx-vim \
php83-bcmath \ php84-bcmath \
php83-bz2 \ php84-bz2 \
php83-dom \ php84-dom \
php83-exif \ php84-exif \
php83-ftp \ php84-ftp \
php83-gd \ php84-gd \
php83-gmp \ php84-gmp \
php83-imap \ php84-imap \
php83-intl \ php84-intl \
php83-ldap \ php84-ldap \
php83-mysqli \ php84-mysqli \
php83-mysqlnd \ php84-mysqlnd \
php83-opcache \ php84-opcache \
php83-pdo_mysql \ php84-pdo_mysql \
php83-pdo_odbc \ php84-pdo_odbc \
php83-pdo_pgsql \ php84-pdo_pgsql \
php83-pdo_sqlite \ php84-pdo_sqlite \
php83-pear \ php84-pear \
php83-pecl-apcu \ php84-pecl-apcu \
php83-pecl-mcrypt \ php84-pecl-memcached \
php83-pecl-memcached \ php84-pecl-redis \
php83-pecl-redis \ php84-pgsql \
php83-pgsql \ php84-posix \
php83-posix \ php84-soap \
php83-soap \ php84-sockets \
php83-sockets \ php84-sodium \
php83-sodium \ php84-sqlite3 \
php83-sqlite3 \ php84-tokenizer \
php83-tokenizer \ php84-xmlreader \
php83-xmlreader \ php84-xsl \
php83-xsl \
whois && \ whois && \
echo "**** install certbot plugins ****" && \ echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \ if [ -z ${CERTBOT_VERSION+x} ]; then \
@@ -88,7 +88,7 @@ RUN \
pip install -U --no-cache-dir \ pip install -U --no-cache-dir \
pip \ pip \
wheel && \ wheel && \
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \ pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.22/ \
certbot==${CERTBOT_VERSION} \ certbot==${CERTBOT_VERSION} \
certbot-dns-acmedns \ certbot-dns-acmedns \
certbot-dns-aliyun \ certbot-dns-aliyun \
@@ -114,6 +114,7 @@ RUN \
certbot-dns-google \ certbot-dns-google \
certbot-dns-he \ certbot-dns-he \
certbot-dns-hetzner \ certbot-dns-hetzner \
certbot-dns-hetzner-cloud \
certbot-dns-infomaniak \ certbot-dns-infomaniak \
certbot-dns-inwx \ certbot-dns-inwx \
certbot-dns-ionos \ certbot-dns-ionos \
@@ -150,9 +151,9 @@ RUN \
rm -f /etc/nginx/conf.d/stream.conf && \ rm -f /etc/nginx/conf.d/stream.conf && \
echo "**** correct ip6tables legacy issue ****" && \ echo "**** correct ip6tables legacy issue ****" && \
rm \ rm \
/sbin/ip6tables && \ /usr/sbin/ip6tables && \
ln -s \ ln -s \
/sbin/ip6tables-nft /sbin/ip6tables && \ /usr/sbin/ip6tables-nft /usr/sbin/ip6tables && \
echo "**** remove unnecessary fail2ban filters ****" && \ echo "**** remove unnecessary fail2ban filters ****" && \
rm \ rm \
/etc/fail2ban/jail.d/alpine-ssh.conf && \ /etc/fail2ban/jail.d/alpine-ssh.conf && \
+36 -35
View File
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1 # syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.20 FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.22
# set version label # set version label
ARG BUILD_DATE ARG BUILD_DATE
@@ -29,6 +29,7 @@ RUN \
apk add --no-cache \ apk add --no-cache \
fail2ban \ fail2ban \
gnupg \ gnupg \
inotify-tools \
iptables-legacy \ iptables-legacy \
memcached \ memcached \
nginx-mod-http-brotli \ nginx-mod-http-brotli \
@@ -48,37 +49,36 @@ RUN \
nginx-mod-stream \ nginx-mod-stream \
nginx-mod-stream-geoip2 \ nginx-mod-stream-geoip2 \
nginx-vim \ nginx-vim \
php83-bcmath \ php84-bcmath \
php83-bz2 \ php84-bz2 \
php83-dom \ php84-dom \
php83-exif \ php84-exif \
php83-ftp \ php84-ftp \
php83-gd \ php84-gd \
php83-gmp \ php84-gmp \
php83-imap \ php84-imap \
php83-intl \ php84-intl \
php83-ldap \ php84-ldap \
php83-mysqli \ php84-mysqli \
php83-mysqlnd \ php84-mysqlnd \
php83-opcache \ php84-opcache \
php83-pdo_mysql \ php84-pdo_mysql \
php83-pdo_odbc \ php84-pdo_odbc \
php83-pdo_pgsql \ php84-pdo_pgsql \
php83-pdo_sqlite \ php84-pdo_sqlite \
php83-pear \ php84-pear \
php83-pecl-apcu \ php84-pecl-apcu \
php83-pecl-mcrypt \ php84-pecl-memcached \
php83-pecl-memcached \ php84-pecl-redis \
php83-pecl-redis \ php84-pgsql \
php83-pgsql \ php84-posix \
php83-posix \ php84-soap \
php83-soap \ php84-sockets \
php83-sockets \ php84-sodium \
php83-sodium \ php84-sqlite3 \
php83-sqlite3 \ php84-tokenizer \
php83-tokenizer \ php84-xmlreader \
php83-xmlreader \ php84-xsl \
php83-xsl \
whois && \ whois && \
echo "**** install certbot plugins ****" && \ echo "**** install certbot plugins ****" && \
if [ -z ${CERTBOT_VERSION+x} ]; then \ if [ -z ${CERTBOT_VERSION+x} ]; then \
@@ -88,7 +88,7 @@ RUN \
pip install -U --no-cache-dir \ pip install -U --no-cache-dir \
pip \ pip \
wheel && \ wheel && \
pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ \ pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.22/ \
certbot==${CERTBOT_VERSION} \ certbot==${CERTBOT_VERSION} \
certbot-dns-acmedns \ certbot-dns-acmedns \
certbot-dns-aliyun \ certbot-dns-aliyun \
@@ -114,6 +114,7 @@ RUN \
certbot-dns-google \ certbot-dns-google \
certbot-dns-he \ certbot-dns-he \
certbot-dns-hetzner \ certbot-dns-hetzner \
certbot-dns-hetzner-cloud \
certbot-dns-infomaniak \ certbot-dns-infomaniak \
certbot-dns-inwx \ certbot-dns-inwx \
certbot-dns-ionos \ certbot-dns-ionos \
@@ -150,9 +151,9 @@ RUN \
rm -f /etc/nginx/conf.d/stream.conf && \ rm -f /etc/nginx/conf.d/stream.conf && \
echo "**** correct ip6tables legacy issue ****" && \ echo "**** correct ip6tables legacy issue ****" && \
rm \ rm \
/sbin/ip6tables && \ /usr/sbin/ip6tables && \
ln -s \ ln -s \
/sbin/ip6tables-nft /sbin/ip6tables && \ /usr/sbin/ip6tables-nft /usr/sbin/ip6tables && \
echo "**** remove unnecessary fail2ban filters ****" && \ echo "**** remove unnecessary fail2ban filters ****" && \
rm \ rm \
/etc/fail2ban/jail.d/alpine-ssh.conf && \ /etc/fail2ban/jail.d/alpine-ssh.conf && \
Vendored
+222 -132
View File
@@ -57,13 +57,27 @@ pipeline {
steps{ steps{
echo "Running on node: ${NODE_NAME}" echo "Running on node: ${NODE_NAME}"
sh '''#! /bin/bash sh '''#! /bin/bash
containers=$(docker ps -aq) echo "Pruning builder"
docker builder prune -f --builder container || :
containers=$(docker ps -q)
if [[ -n "${containers}" ]]; then if [[ -n "${containers}" ]]; then
docker stop ${containers} BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit')
for container in ${containers}; do
if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then
echo "skipping buildx container in docker stop"
else
echo "Stopping container ${container}"
docker stop ${container}
fi
done
fi fi
docker system prune -af --volumes || : ''' docker system prune -f --volumes || :
docker image prune -af || :
'''
script{ script{
env.EXIT_STATUS = '' env.EXIT_STATUS = ''
env.CI_TEST_ATTEMPTED = ''
env.PUSH_ATTEMPTED = ''
env.LS_RELEASE = sh( env.LS_RELEASE = sh(
script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
returnStdout: true).trim() returnStdout: true).trim()
@@ -83,7 +97,11 @@ pipeline {
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
env.PULL_REQUEST = env.CHANGE_ID env.PULL_REQUEST = env.CHANGE_ID
env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./root/donate.txt' env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./root/donate.txt'
if ( env.SYFT_IMAGE_TAG == null ) {
env.SYFT_IMAGE_TAG = 'latest'
}
} }
echo "Using syft image tag ${SYFT_IMAGE_TAG}"
sh '''#! /bin/bash sh '''#! /bin/bash
echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" ''' echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" '''
script{ script{
@@ -192,6 +210,7 @@ pipeline {
env.META_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER env.META_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN
env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
env.CITEST_IMAGETAG = 'latest'
} }
} }
} }
@@ -217,6 +236,7 @@ pipeline {
env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/' env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/'
env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
env.CITEST_IMAGETAG = 'develop'
} }
} }
} }
@@ -242,6 +262,7 @@ pipeline {
env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST
env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/' env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/'
env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache' env.BUILDCACHE = 'docker.io/lsiodev/buildcache,registry.gitlab.com/linuxserver.io/docker-jenkins-builder/lsiodev-buildcache,ghcr.io/linuxserver/lsiodev-buildcache,quay.io/linuxserver.io/lsiodev-buildcache'
env.CITEST_IMAGETAG = 'develop'
} }
} }
} }
@@ -264,7 +285,7 @@ pipeline {
-v ${WORKSPACE}:/mnt \ -v ${WORKSPACE}:/mnt \
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
ghcr.io/linuxserver/baseimage-alpine:3.20 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ ghcr.io/linuxserver/baseimage-alpine:3.23 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
apk add --no-cache python3 && \ apk add --no-cache python3 && \
python3 -m venv /lsiopy && \ python3 -m venv /lsiopy && \
pip install --no-cache-dir -U pip && \ pip install --no-cache-dir -U pip && \
@@ -575,7 +596,7 @@ pipeline {
--label \"org.opencontainers.image.title=Swag\" \ --label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \ --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false --builder=container --load \ --provenance=true --sbom=true --builder=container --load \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -599,12 +620,17 @@ pipeline {
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
if [[ "${PACKAGE_CHECK}" != "true" ]]; then if [[ "${PACKAGE_CHECK}" != "true" ]]; then
declare -A pids
IFS=',' read -ra CACHE <<< "$BUILDCACHE" IFS=',' read -ra CACHE <<< "$BUILDCACHE"
for i in "${CACHE[@]}"; do for i in "${CACHE[@]}"; do
docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} & docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
pids[$!]="$i"
done
for p in "${!pids[@]}"; do
wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
done done
wait
fi fi
''' '''
} }
@@ -639,7 +665,7 @@ pipeline {
--label \"org.opencontainers.image.title=Swag\" \ --label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \ --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false --builder=container --load \ --provenance=true --sbom=true --builder=container --load \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -663,12 +689,17 @@ pipeline {
echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
if [[ "${PACKAGE_CHECK}" != "true" ]]; then if [[ "${PACKAGE_CHECK}" != "true" ]]; then
declare -A pids
IFS=',' read -ra CACHE <<< "$BUILDCACHE" IFS=',' read -ra CACHE <<< "$BUILDCACHE"
for i in "${CACHE[@]}"; do for i in "${CACHE[@]}"; do
docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} & docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
pids[$!]="$i"
done
for p in "${!pids[@]}"; do
wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
done done
wait
fi fi
''' '''
} }
@@ -696,7 +727,7 @@ pipeline {
--label \"org.opencontainers.image.title=Swag\" \ --label \"org.opencontainers.image.title=Swag\" \
--label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \ --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \ --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
--provenance=false --sbom=false --builder=container --load \ --provenance=true --sbom=true --builder=container --load \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -721,11 +752,15 @@ pipeline {
echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
if [[ "${PACKAGE_CHECK}" != "true" ]]; then if [[ "${PACKAGE_CHECK}" != "true" ]]; then
declare -A pids
IFS=',' read -ra CACHE <<< "$BUILDCACHE" IFS=',' read -ra CACHE <<< "$BUILDCACHE"
for i in "${CACHE[@]}"; do for i in "${CACHE[@]}"; do
docker push ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} & docker push ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} &
pids[$!]="$i"
done
for p in "${!pids[@]}"; do
wait "$p" || { [[ "${pids[$p]}" != *"quay.io"* ]] && exit 1; }
done done
wait
fi fi
''' '''
} }
@@ -735,7 +770,8 @@ pipeline {
if [[ -n "${containers}" ]]; then if [[ -n "${containers}" ]]; then
docker stop ${containers} docker stop ${containers}
fi fi
docker system prune -af --volumes || : docker system prune -f --volumes || :
docker image prune -af || :
''' '''
} }
} }
@@ -761,7 +797,7 @@ pipeline {
docker run --rm \ docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock:ro \ -v /var/run/docker.sock:/var/run/docker.sock:ro \
-v ${TEMPDIR}:/tmp \ -v ${TEMPDIR}:/tmp \
ghcr.io/anchore/syft:latest \ ghcr.io/anchore/syft:${SYFT_IMAGE_TAG} \
${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt
NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 )
echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"
@@ -837,6 +873,7 @@ pipeline {
script{ script{
env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json' env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json'
env.CI_TEST_ATTEMPTED = 'true'
} }
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -848,7 +885,7 @@ pipeline {
CI_DOCKERENV="LSIO_FIRST_PARTY=true" CI_DOCKERENV="LSIO_FIRST_PARTY=true"
fi fi
fi fi
docker pull ghcr.io/linuxserver/ci:latest docker pull ghcr.io/linuxserver/ci:${CITEST_IMAGETAG}
if [ "${MULTIARCH}" == "true" ]; then if [ "${MULTIARCH}" == "true" ]; then
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64 docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} --platform=arm64
docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
@@ -871,7 +908,10 @@ pipeline {
-e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_AUTH=\"${CI_AUTH}\" \
-e WEB_PATH=\"${CI_WEBPATH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \
-e NODE_NAME=\"${NODE_NAME}\" \ -e NODE_NAME=\"${NODE_NAME}\" \
-t ghcr.io/linuxserver/ci:latest \ -e SYFT_IMAGE_TAG=\"${CI_SYFT_IMAGE_TAG:-${SYFT_IMAGE_TAG}}\" \
-e COMMIT_SHA=\"${COMMIT_SHA}\" \
-e BUILD_NUMBER=\"${BUILD_NUMBER}\" \
-t ghcr.io/linuxserver/ci:${CITEST_IMAGETAG} \
python3 test_build.py''' python3 test_build.py'''
} }
} }
@@ -886,6 +926,9 @@ pipeline {
environment name: 'EXIT_STATUS', value: '' environment name: 'EXIT_STATUS', value: ''
} }
steps { steps {
script{
env.PUSH_ATTEMPTED = 'true'
}
retry_backoff(5,5) { retry_backoff(5,5) {
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -897,9 +940,11 @@ pipeline {
CACHEIMAGE=${i} CACHEIMAGE=${i}
fi fi
done done
docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:latest -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${META_TAG} -t ${PUSHIMAGE}:latest -t ${PUSHIMAGE}:${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
{ if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
if [ -n "${SEMVER}" ]; then if [ -n "${SEMVER}" ]; then
docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} docker buildx imagetools create --prefer-index=false -t ${PUSHIMAGE}:${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
{ if [[ "${PUSHIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
fi fi
done done
''' '''
@@ -913,31 +958,45 @@ pipeline {
environment name: 'EXIT_STATUS', value: '' environment name: 'EXIT_STATUS', value: ''
} }
steps { steps {
script{
env.PUSH_ATTEMPTED = 'true'
}
retry_backoff(5,5) { retry_backoff(5,5) {
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
[[ ${MANIFESTIMAGE%%/*} =~ \\. ]] && MANIFESTIMAGEPLUS="${MANIFESTIMAGE}" || MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}" if [[ "${MANIFESTIMAGE%%/*}" =~ \\. ]]; then
MANIFESTIMAGEPLUS="${MANIFESTIMAGE}"
else
MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}"
fi
IFS=',' read -ra CACHE <<< "$BUILDCACHE" IFS=',' read -ra CACHE <<< "$BUILDCACHE"
for i in "${CACHE[@]}"; do for i in "${CACHE[@]}"; do
if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then
CACHEIMAGE=${i} CACHEIMAGE=${i}
fi fi
done done
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-latest -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${META_TAG} -t ${MANIFESTIMAGE}:amd64-latest -t ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-latest -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${META_TAG} -t ${MANIFESTIMAGE}:arm64v8-latest -t ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \
{ if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
if [ -n "${SEMVER}" ]; then if [ -n "${SEMVER}" ]; then
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:amd64-${SEMVER} ${CACHEIMAGE}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} || \
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
docker buildx imagetools create --prefer-index=false -t ${MANIFESTIMAGE}:arm64v8-${SEMVER} ${CACHEIMAGE}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || \
{ if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
fi fi
done done
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest docker buildx imagetools create -t ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest || \
docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
docker buildx imagetools create -t ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} || \
docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} { if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
docker buildx imagetools create -t ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} || \
{ if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
if [ -n "${SEMVER}" ]; then if [ -n "${SEMVER}" ]; then
docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} docker buildx imagetools create -t ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} || \
{ if [[ "${MANIFESTIMAGE}" != "${QUAYIMAGE}" ]]; then exit 1; fi; }
fi fi
done done
''' '''
@@ -955,23 +1014,41 @@ pipeline {
environment name: 'EXIT_STATUS', value: '' environment name: 'EXIT_STATUS', value: ''
} }
steps { steps {
echo "Pushing New tag for current commit ${META_TAG}"
sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \
-d '{"tag":"'${META_TAG}'",\
"object": "'${COMMIT_SHA}'",\
"message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\
"type": "commit",\
"tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
echo "Pushing New release for Tag"
sh '''#! /bin/bash sh '''#! /bin/bash
echo "Auto-generating release notes"
if [ "$(git tag --points-at HEAD)" != "" ]; then
echo "Existing tag points to current commit, suggesting no new LS changes"
AUTO_RELEASE_NOTES="No changes"
else
AUTO_RELEASE_NOTES=$(curl -fsL -H "Authorization: token ${GITHUB_TOKEN}" -H "Accept: application/vnd.github+json" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases/generate-notes \
-d '{"tag_name":"'${META_TAG}'",\
"target_commitish": "master"}' \
| jq -r '.body' | sed 's|## What.s Changed||')
fi
echo "Pushing New tag for current commit ${META_TAG}"
curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \
-d '{"tag":"'${META_TAG}'",\
"object": "'${COMMIT_SHA}'",\
"message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\
"type": "commit",\
"tagger": {"name": "LinuxServer-CI","email": "ci@linuxserver.io","date": "'${GITHUB_DATE}'"}}'
echo "Pushing New release for Tag"
echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json echo "Updating PIP version of ${EXT_PIP} to ${EXT_RELEASE_CLEAN}" > releasebody.json
echo '{"tag_name":"'${META_TAG}'",\ jq -n \
"target_commitish": "master",\ --arg tag_name "$META_TAG" \
"name": "'${META_TAG}'",\ --arg target_commitish "master" \
"body": "**CI Report:**\\n\\n'${CI_URL:-N/A}'\\n\\n**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**PIP Changes:**\\n\\n' > start --arg ci_url "${CI_URL:-N/A}" \
printf '","draft": false,"prerelease": false}' >> releasebody.json --arg ls_notes "$AUTO_RELEASE_NOTES" \
paste -d'\\0' start releasebody.json > releasebody.json.done --arg remote_notes "$(cat releasebody.json)" \
curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done''' '{
"tag_name": $tag_name,
"target_commitish": $target_commitish,
"name": $tag_name,
"body": ("**CI Report:**\\n\\n" + $ci_url + "\\n\\n**LinuxServer Changes:**\\n\\n" + $ls_notes + "\\n\\n**Remote Changes:**\\n\\n" + $remote_notes),
"draft": false,
"prerelease": false }' > releasebody.json.done
curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done
'''
} }
} }
// Add protection to the release branch // Add protection to the release branch
@@ -1009,98 +1086,13 @@ EOF
) ''' ) '''
} }
} }
// If this is a Pull request send the CI link as a comment on it
stage('Pull Request Comment') {
when {
not {environment name: 'CHANGE_ID', value: ''}
environment name: 'EXIT_STATUS', value: ''
}
steps {
sh '''#! /bin/bash
# Function to retrieve JSON data from URL
get_json() {
local url="$1"
local response=$(curl -s "$url")
if [ $? -ne 0 ]; then
echo "Failed to retrieve JSON data from $url"
return 1
fi
local json=$(echo "$response" | jq .)
if [ $? -ne 0 ]; then
echo "Failed to parse JSON data from $url"
return 1
fi
echo "$json"
}
build_table() {
local data="$1"
# Get the keys in the JSON data
local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
# Check if keys are empty
if [ -z "$keys" ]; then
echo "JSON report data does not contain any keys or the report does not exist."
return 1
fi
# Build table header
local header="| Tag | Passed |\\n| --- | --- |\\n"
# Loop through the JSON data to build the table rows
local rows=""
for build in $keys; do
local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
if [ "$status" = "true" ]; then
status="✅"
else
status="❌"
fi
local row="| "$build" | "$status" |\\n"
rows="${rows}${row}"
done
local table="${header}${rows}"
local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
echo "$escaped_table"
}
if [[ "${CI}" = "true" ]]; then
# Retrieve JSON data from URL
data=$(get_json "$CI_JSON_URL")
# Create table from JSON data
table=$(build_table "$data")
echo -e "$table"
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
else
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
fi
'''
}
}
} }
/* ###################### /* ######################
Send status to Discord Comment on PR and Send status to Discord
###################### */ ###################### */
post { post {
always { always {
sh '''#!/bin/bash script {
rm -rf /config/.ssh/id_sign
rm -rf /config/.ssh/id_sign.pub
git config --global --unset gpg.format
git config --global --unset user.signingkey
git config --global --unset commit.gpgsign
'''
script{
env.JOB_DATE = sh( env.JOB_DATE = sh(
script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''', script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
returnStdout: true).trim() returnStdout: true).trim()
@@ -1143,15 +1135,113 @@ EOF
"username": "Jenkins"}' ${BUILDS_DISCORD} ''' "username": "Jenkins"}' ${BUILDS_DISCORD} '''
} }
} }
script {
if (env.GITHUBIMAGE =~ /lspipepr/){
if (env.CI_TEST_ATTEMPTED == "true" || env.PUSH_ATTEMPTED == "true"){
sh '''#! /bin/bash
# Function to retrieve JSON data from URL
get_json() {
local url="$1"
local response=$(curl -s "$url")
if [ $? -ne 0 ]; then
echo "Failed to retrieve JSON data from $url"
return 1
fi
local json=$(echo "$response" | jq .)
if [ $? -ne 0 ]; then
echo "Failed to parse JSON data from $url"
return 1
fi
echo "$json"
}
build_table() {
local data="$1"
# Get the keys in the JSON data
local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
# Check if keys are empty
if [ -z "$keys" ]; then
echo "JSON report data does not contain any keys or the report does not exist."
return 1
fi
# Build table header
local header="| Tag | Passed |\\n| --- | --- |\\n"
# Loop through the JSON data to build the table rows
local rows=""
for build in $keys; do
local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
if [ "$status" = "true" ]; then
status="✅"
else
status="❌"
fi
local row="| "$build" | "$status" |\\n"
rows="${rows}${row}"
done
local table="${header}${rows}"
local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
echo "$escaped_table"
}
if [[ "${CI}" = "true" ]]; then
# Retrieve JSON data from URL
data=$(get_json "$CI_JSON_URL")
# Create table from JSON data
table=$(build_table "$data")
echo -e "$table"
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR for commit ${COMMIT_SHA:0:7} : \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
else
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR for commit ${COMMIT_SHA:0:7} : \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
fi
'''
} else {
sh '''#! /bin/bash
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, the build for PR commit ${COMMIT_SHA:0:7} failed and as a result no CI test was attempted and no images were pushed.\\"}"
'''
}
}
}
sh '''#!/bin/bash
rm -rf /config/.ssh/id_sign
rm -rf /config/.ssh/id_sign.pub
git config --global --unset gpg.format
git config --global --unset user.signingkey
git config --global --unset commit.gpgsign
'''
} }
cleanup { cleanup {
sh '''#! /bin/bash sh '''#! /bin/bash
echo "Performing docker system prune!!" echo "Pruning builder!!"
containers=$(docker ps -aq) docker builder prune -f --builder container || :
containers=$(docker ps -q)
if [[ -n "${containers}" ]]; then if [[ -n "${containers}" ]]; then
docker stop ${containers} BUILDX_CONTAINER_ID=$(docker ps -qf 'name=buildx_buildkit')
for container in ${containers}; do
if [[ "${container}" == "${BUILDX_CONTAINER_ID}" ]]; then
echo "skipping buildx container in docker stop"
else
echo "Stopping container ${container}"
docker stop ${container}
fi
done
fi fi
docker system prune -af --volumes || : docker system prune -f --volumes || :
docker image prune -af || :
''' '''
cleanWs() cleanWs()
} }
Executable → Regular
View File
+45 -8
View File
@@ -3,9 +3,8 @@
[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io) [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io)
[![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!") [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!")
[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://discord.gg/YWrKVTn "realtime support / chat with the community and the team.") [![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.")
[![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.") [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.")
[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.")
[![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.") [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.")
[![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget") [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget")
@@ -20,9 +19,8 @@ The [LinuxServer.io](https://linuxserver.io) team brings you another container r
Find us at: Find us at:
* [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more! * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more!
* [Discord](https://discord.gg/YWrKVTn) - realtime support / chat with the community and the team. * [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team.
* [Discourse](https://discourse.linuxserver.io) - post on our community forum. * [Discourse](https://discourse.linuxserver.io) - post on our community forum.
* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images.
* [GitHub](https://github.com/linuxserver) - view the source for all of our repositories. * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories.
* [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget
@@ -54,7 +52,6 @@ The architectures supported by this image are:
| :----: | :----: | ---- | | :----: | :----: | ---- |
| x86-64 | ✅ | amd64-\<version tag\> | | x86-64 | ✅ | amd64-\<version tag\> |
| arm64 | ✅ | arm64v8-\<version tag\> | | arm64 | ✅ | arm64v8-\<version tag\> |
| armhf | ❌ | |
## Application Setup ## Application Setup
@@ -129,7 +126,7 @@ This will *ask* Google et al not to index and list your site. Be careful with th
* You can check which jails are active via `docker exec -it swag fail2ban-client status` * You can check which jails are active via `docker exec -it swag fail2ban-client status`
* You can check the status of a specific jail via `docker exec -it swag fail2ban-client status <jail name>` * You can check the status of a specific jail via `docker exec -it swag fail2ban-client status <jail name>`
* You can unban an IP via `docker exec -it swag fail2ban-client set <jail name> unbanip <IP>` * You can unban an IP via `docker exec -it swag fail2ban-client set <jail name> unbanip <IP>`
* A list of commands can be found here: <https://www.fail2ban.org/wiki/index.php/Commands> * A list of commands for fail2ban-client can be found [here](https://manpages.ubuntu.com/manpages/noble/man1/fail2ban-client.1.html)
### Updating configs ### Updating configs
@@ -145,16 +142,35 @@ This will *ask* Google et al not to index and list your site. Be careful with th
* Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not. * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not.
* You can check the new sample and adjust your active config as needed. * You can check the new sample and adjust your active config as needed.
### QUIC support
This image supports QUIC (also known as HTTP/3) but it must be explicitly enabled in each proxy conf, and the default conf, because if the listener is enabled and you don't expose 443/UDP, it can break connections with some browsers.
To enable QUIC, expose 443/UDP to your clients, then uncomment both QUIC listeners in all of your active proxy confs, as well as the default conf, and restart the container.
You should also uncomment the `Alt-Svc` header in your `ssl.conf` so that browsers are aware that you offer QUIC connectivity.
It is [recommended](https://quic-go.net/docs/quic/optimizations/#udp-buffer-sizes) to increase the UDP send/recieve buffer **on the host** by setting the `net.core.rmem_max` and `net.core.wmem_max` sysctls. Suggested values are 4-16Mb (4194304-16777216 bytes). For persistence between reboots use `/etc/sysctl.d/`.
### Migration from the old `linuxserver/letsencrypt` image ### Migration from the old `linuxserver/letsencrypt` image
Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate). Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
## Read-Only Operation
This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/).
### Caveats
* `/tmp` must be mounted to tmpfs
* fail2ban will not be available
## Usage ## Usage
To help you get started creating a container from this image you can either use docker-compose or the docker cli. To help you get started creating a container from this image you can either use docker-compose or the docker cli.
>[!NOTE] >[!NOTE]
>Unless a parameter is flaged as 'optional', it is *mandatory* and a value must be provided. >Unless a parameter is flagged as 'optional', it is *mandatory* and a value must be provided.
### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose)) ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
@@ -180,11 +196,15 @@ services:
- ONLY_SUBDOMAINS=false #optional - ONLY_SUBDOMAINS=false #optional
- EXTRA_DOMAINS= #optional - EXTRA_DOMAINS= #optional
- STAGING=false #optional - STAGING=false #optional
- DISABLE_F2B= #optional
- SWAG_AUTORELOAD= #optional
- SWAG_AUTORELOAD_WATCHLIST= #optional
volumes: volumes:
- /path/to/swag/config:/config - /path/to/swag/config:/config
ports: ports:
- 443:443 - 443:443
- 80:80 #optional - 80:80 #optional
- 443:443/udp #optional
restart: unless-stopped restart: unless-stopped
``` ```
@@ -207,8 +227,12 @@ docker run -d \
-e ONLY_SUBDOMAINS=false `#optional` \ -e ONLY_SUBDOMAINS=false `#optional` \
-e EXTRA_DOMAINS= `#optional` \ -e EXTRA_DOMAINS= `#optional` \
-e STAGING=false `#optional` \ -e STAGING=false `#optional` \
-e DISABLE_F2B= `#optional` \
-e SWAG_AUTORELOAD= `#optional` \
-e SWAG_AUTORELOAD_WATCHLIST= `#optional` \
-p 443:443 \ -p 443:443 \
-p 80:80 `#optional` \ -p 80:80 `#optional` \
-p 443:443/udp `#optional` \
-v /path/to/swag/config:/config \ -v /path/to/swag/config:/config \
--restart unless-stopped \ --restart unless-stopped \
lscr.io/linuxserver/swag:latest lscr.io/linuxserver/swag:latest
@@ -222,6 +246,7 @@ Containers are configured using parameters passed at runtime (such as those abov
| :----: | --- | | :----: | --- |
| `-p 443:443` | HTTPS port | | `-p 443:443` | HTTPS port |
| `-p 80` | HTTP port (required for HTTP validation and HTTP -> HTTPS redirect) | | `-p 80` | HTTP port (required for HTTP validation and HTTP -> HTTPS redirect) |
| `-p 443/udp` | QUIC (HTTP/3) port. Must be enabled in the default and proxy confs. |
| `-e PUID=1000` | for UserID - see below for explanation | | `-e PUID=1000` | for UserID - see below for explanation |
| `-e PGID=1000` | for GroupID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation |
| `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
@@ -229,13 +254,17 @@ Containers are configured using parameters passed at runtime (such as those abov
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). | | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) | | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
| `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org` | | `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org` |
| `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. | | `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. |
| `-e DISABLE_F2B=` | Set to `true` to disable the Fail2ban service in the container, if you're already running it elsewhere or using a different IPS. |
| `-e SWAG_AUTORELOAD=` | Set to `true` to enable automatic reloading of confs on change without stopping/restarting nginx. Your filesystem must support inotify. This functionality was previously offered [via mod](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload). |
| `-e SWAG_AUTORELOAD_WATCHLIST=` | A [pipe](https://en.wikipedia.org/wiki/Vertical_bar)-separated list of additional folders for auto reload to watch in addition to `/config/nginx` |
| `-v /config` | Persistent config files | | `-v /config` | Persistent config files |
| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). |
| `--cap-add=NET_ADMIN` | Required for fail2Ban to be able to modify iptables rules. | | `--cap-add=NET_ADMIN` | Required for fail2Ban to be able to modify iptables rules. |
### Portainer notice ### Portainer notice
@@ -404,6 +433,14 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **01.06.26:** - Remove obsolete old cert check logic.
* **23.01.26:** - Reorder init to fix proxy conf version checks.
* **21.12.25:** - Add support for hetzner-cloud dns validation.
* **04.11.25:** - Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin.
* **18.07.25:** - Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained.
* **05.05.25:** - Disable Certbot's built in log rotation.
* **19.01.25:** - Add [Auto Reload](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload) functionality to SWAG.
* **17.12.24:** - Rebase to Alpine 3.21.
* **21.10.24:** - Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns). * **21.10.24:** - Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns).
* **30.08.24:** - Fix zerossl cert revocation. * **30.08.24:** - Fix zerossl cert revocation.
* **24.07.14:** - Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings. * **24.07.14:** - Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings.
+377 -363
View File
@@ -1,363 +1,377 @@
NAME VERSION TYPE NAME VERSION TYPE
Simple Launcher 1.1.0.14 dotnet (+5 duplicates) Simple Launcher 1.1.0.14 binary (+5 duplicates)
acme 3.0.1 python acl-libs 2.3.2-r1 apk
alpine-baselayout 3.6.5-r0 apk acme 5.6.0 python
alpine-baselayout-data 3.6.5-r0 apk alpine-baselayout 3.7.0-r0 apk
alpine-keys 2.4-r1 apk alpine-baselayout-data 3.7.0-r0 apk
alpine-release 3.20.3-r0 apk alpine-keys 2.5-r0 apk
aom-libs 3.9.1-r0 apk alpine-release 3.22.4-r0 apk
apache2-utils 2.4.62-r0 apk annotated-types 0.7.0 python
apk-tools 2.14.4-r0 apk anyio 4.13.0 python
apr 1.7.5-r0 apk aom-libs 3.12.1-r0 apk
apr-util 1.6.3-r1 apk apache2-utils 2.4.67-r0 apk
argon2-libs 20190702-r5 apk apk-tools 2.14.9-r3 apk
attrs 24.2.0 python apr 1.7.5-r0 apk
autocommand 2.2.2 python apr-util 1.6.3-r1 apk
azure-common 1.1.28 python argon2-libs 20190702-r5 apk
azure-core 1.32.0 python autocommand 2.2.2 python
azure-identity 1.19.0 python azure-common 1.1.28 python
azure-mgmt-core 1.5.0 python azure-core 1.41.0 python
azure-mgmt-dns 8.2.0 python azure-identity 1.25.3 python
backports-tarfile 1.2.0 python azure-mgmt-core 1.6.0 python
bash 5.2.26-r0 apk azure-mgmt-dns 9.0.0 python
beautifulsoup4 4.12.3 python backports-tarfile 1.2.0 python
boto3 1.35.76 python bash 5.2.37-r0 apk
botocore 1.35.76 python beautifulsoup4 4.15.0 python
brotli-libs 1.1.0-r2 apk boto3 1.43.29 python
bs4 0.0.2 python botocore 1.43.29 python
busybox 1.36.1-r29 apk brotli-libs 1.1.0-r2 apk
busybox-binsh 1.36.1-r29 apk bs4 0.0.2 python
c-ares 1.33.1-r0 apk busybox 1.37.0-r20 apk
c-client 2007f-r15 apk busybox-binsh 1.37.0-r20 apk
ca-certificates 20240705-r0 apk c-ares 1.34.6-r0 apk
ca-certificates-bundle 20240705-r0 apk c-client 2007f-r15 apk
cachetools 5.5.0 python ca-certificates 20260413-r0 apk
catatonit 0.2.0-r0 apk ca-certificates-bundle 20260413-r0 apk
certbot 3.0.1 python catatonit 0.2.1-r0 apk
certbot-dns-acmedns 0.1.0 python certbot 5.6.0 python
certbot-dns-aliyun 2.0.0 python certbot-dns-acmedns 0.1.0 python
certbot-dns-azure 2.6.1 python certbot-dns-aliyun 2.0.0 python
certbot-dns-bunny 3.0.0 python certbot-dns-azure 1.5.0 python
certbot-dns-cloudflare 3.0.1 python certbot-dns-bunny 3.0.0 python
certbot-dns-cpanel 0.4.0 python certbot-dns-cloudflare 5.6.0 python
certbot-dns-desec 1.2.1 python certbot-dns-cpanel 0.4.0 python
certbot-dns-digitalocean 3.0.1 python certbot-dns-desec 1.3.2 python
certbot-dns-directadmin 1.0.12 python certbot-dns-digitalocean 5.6.0 python
certbot-dns-dnsimple 3.0.1 python certbot-dns-directadmin 1.0.15 python
certbot-dns-dnsmadeeasy 3.0.1 python certbot-dns-dnsimple 5.6.0 python
certbot-dns-dnspod 0.1.0 python certbot-dns-dnsmadeeasy 5.6.0 python
certbot-dns-do 0.31.0 python certbot-dns-dnspod 0.1.0 python
certbot-dns-domeneshop 0.2.9 python certbot-dns-do 0.31.0 python
certbot-dns-dreamhost 1.0 python certbot-dns-domeneshop 0.2.9 python
certbot-dns-duckdns 1.5 python certbot-dns-dreamhost 1.0 python
certbot-dns-dynudns 0.0.6 python certbot-dns-duckdns 1.8.0 python
certbot-dns-freedns 0.2.0 python certbot-dns-dynudns 0.0.6 python
certbot-dns-gehirn 3.0.1 python certbot-dns-freedns 0.2.0 python
certbot-dns-glesys 2.1.0 python certbot-dns-gehirn 5.6.0 python
certbot-dns-godaddy 2.8.0 python certbot-dns-glesys 2.1.0 python
certbot-dns-google 3.0.1 python certbot-dns-godaddy 2.8.0 python
certbot-dns-he 1.0.0 python certbot-dns-google 5.6.0 python
certbot-dns-hetzner 2.0.1 python certbot-dns-he 1.0.0 python
certbot-dns-infomaniak 0.2.3 python certbot-dns-hetzner 4.0.0 python
certbot-dns-inwx 3.0.0 python certbot-dns-hetzner-cloud 1.0.5 python
certbot-dns-ionos 2024.11.9 python certbot-dns-infomaniak 0.2.4 python
certbot-dns-linode 3.0.1 python certbot-dns-inwx 3.0.3 python
certbot-dns-loopia 1.0.1 python certbot-dns-ionos 2024.11.9 python
certbot-dns-luadns 3.0.1 python certbot-dns-linode 5.6.0 python
certbot-dns-namecheap 1.0.0 python certbot-dns-loopia 1.0.1 python
certbot-dns-netcup 1.4.4 python certbot-dns-luadns 5.6.0 python
certbot-dns-njalla 2.0.2 python certbot-dns-namecheap 1.0.0 python
certbot-dns-nsone 3.0.1 python certbot-dns-netcup 2.0.3 python
certbot-dns-ovh 3.0.1 python certbot-dns-njalla 2.0.2 python
certbot-dns-porkbun 0.9.1 python certbot-dns-nsone 5.6.0 python
certbot-dns-rfc2136 3.0.1 python certbot-dns-ovh 5.6.0 python
certbot-dns-route53 3.0.1 python certbot-dns-porkbun 0.11.0 python
certbot-dns-sakuracloud 3.0.1 python certbot-dns-rfc2136 5.6.0 python
certbot-dns-standalone 1.1 python certbot-dns-route53 5.6.0 python
certbot-dns-transip 0.5.2 python certbot-dns-sakuracloud 5.6.0 python
certbot-dns-vultr 1.1.0 python certbot-dns-standalone 1.2.1 python
certbot-plugin-gandi 1.5.0 python certbot-dns-transip 0.5.2 python
certifi 2024.8.30 python certbot-dns-vultr 1.1.0 python
cffi 1.17.1 python certbot-plugin-gandi 1.5.0 python
charset-normalizer 3.4.0 python certifi 2026.5.20 python
cloudflare 2.19.4 python cffi 2.0.0 python
composer 2.8.3 binary charset-normalizer 3.4.7 python
configargparse 1.7 python cli UNKNOWN binary
configobj 5.0.9 python cli-32 UNKNOWN binary
coreutils 9.5-r1 apk cli-64 UNKNOWN binary
coreutils-env 9.5-r1 apk cli-arm64 UNKNOWN binary
coreutils-fmt 9.5-r1 apk cloudflare 5.3.0 python
coreutils-sha512sum 9.5-r1 apk composer 2.10.1 binary
cryptography 44.0.0 python configargparse 1.7.5 python
curl 8.9.1-r2 apk configobj 5.0.9 python
distro 1.9.0 python coreutils 9.7-r1 apk
dns-lexicon 3.19.0 python coreutils-env 9.7-r1 apk
dnslib 0.9.25 python coreutils-fmt 9.7-r1 apk
dnspython 2.7.0 python coreutils-sha512sum 9.7-r1 apk
domeneshop 0.4.4 python cryptography 49.0.0 python
fail2ban 1.1.0 python curl 8.14.1-r2 apk
fail2ban 1.1.0-r0 apk distro 1.9.0 python
fail2ban-pyc 1.1.0-r0 apk dns-lexicon 3.25.2 python
filelock 3.16.1 python dnslib 0.9.26 python
findutils 4.9.0-r5 apk dnspython 2.8.0 python
fontconfig 2.15.0-r1 apk domeneshop 0.4.4 python
freetype 2.13.2-r0 apk fail2ban 1.1.0 python
future 1.0.0 python fail2ban 1.1.0-r3 apk
gdbm 1.23-r1 apk fail2ban-pyc 1.1.0-r3 apk
git 2.45.2-r0 apk filelock 3.29.3 python
git-init-template 2.45.2-r0 apk findutils 4.10.0-r0 apk
git-perl 2.45.2-r0 apk fontconfig 2.15.0-r3 apk
gmp 6.3.0-r1 apk freetype 2.13.3-r0 apk
gnupg 2.4.5-r0 apk future 1.0.0 python
gnupg-dirmngr 2.4.5-r0 apk gdbm 1.24-r0 apk
gnupg-gpgconf 2.4.5-r0 apk git 2.49.1-r0 apk
gnupg-keyboxd 2.4.5-r0 apk git-init-template 2.49.1-r0 apk
gnupg-utils 2.4.5-r0 apk git-perl 2.49.1-r0 apk
gnupg-wks-client 2.4.5-r0 apk gmp 6.3.0-r3 apk
gnutls 3.8.5-r0 apk gnupg 2.4.9-r0 apk
google-api-core 2.23.0 python gnupg-dirmngr 2.4.9-r0 apk
google-api-python-client 2.154.0 python gnupg-gpgconf 2.4.9-r0 apk
google-auth 2.36.0 python gnupg-keyboxd 2.4.9-r0 apk
google-auth-httplib2 0.2.0 python gnupg-utils 2.4.9-r0 apk
googleapis-common-protos 1.66.0 python gnupg-wks-client 2.4.9-r0 apk
gpg 2.4.5-r0 apk gnutls 3.8.13-r0 apk
gpg-agent 2.4.5-r0 apk google-api-core 2.31.0 python
gpg-wks-server 2.4.5-r0 apk google-api-python-client 2.197.0 python
gpgsm 2.4.5-r0 apk google-auth 2.54.0 python
gpgv 2.4.5-r0 apk google-auth-httplib2 0.4.0 python
httplib2 0.22.0 python googleapis-common-protos 1.75.0 python
icu-data-en 74.2-r0 apk gpg 2.4.9-r0 apk
icu-libs 74.2-r0 apk gpg-agent 2.4.9-r0 apk
idna 3.10 python gpg-wks-server 2.4.9-r0 apk
importlib-metadata 8.0.0 python gpgsm 2.4.9-r0 apk
inflect 7.3.1 python gpgv 2.4.9-r0 apk
inwx-domrobot 3.2.0 python gui UNKNOWN binary
iptables 1.8.10-r3 apk gui-32 UNKNOWN binary
iptables-legacy 1.8.10-r3 apk gui-64 UNKNOWN binary
isodate 0.7.2 python gui-arm64 UNKNOWN binary
jaraco-collections 5.1.0 python h11 0.16.0 python
jaraco-context 5.3.0 python hcloud 2.21.0 python
jaraco-functools 4.0.1 python httpcore 1.0.9 python
jaraco-text 3.12.1 python httplib2 0.31.2 python
jmespath 1.0.1 python httpx 0.28.1 python
josepy 1.14.0 python icu-data-en 76.1-r1 apk
jq 1.7.1-r0 apk icu-libs 76.1-r1 apk
jsonlines 4.0.0 python idna 3.18 python
jsonpickle 4.0.0 python importlib-metadata 8.7.1 python
libacl 2.3.2-r0 apk inotify-tools 4.23.9.0-r0 apk
libassuan 2.5.7-r0 apk inotify-tools-libs 4.23.9.0-r0 apk
libattr 2.5.2-r0 apk inwx-domrobot 3.2.0 python
libavif 1.0.4-r0 apk iptables 1.8.11-r1 apk
libbsd 0.12.2-r0 apk iptables-legacy 1.8.11-r1 apk
libbz2 1.0.8-r6 apk isodate 0.7.2 python
libcrypto3 3.3.2-r1 apk jaraco-context 6.1.0 python
libcurl 8.9.1-r2 apk jaraco-functools 4.4.0 python
libdav1d 1.4.2-r0 apk jaraco-text 4.0.0 python
libedit 20240517.3.1-r0 apk jinja2 3.1.6 python
libevent 2.1.12-r7 apk jmespath 1.1.0 python
libexpat 2.6.4-r0 apk josepy 2.2.0 python
libffi 3.4.6-r0 apk jq 1.8.1-r0 apk
libgcc 13.2.1_git20240309-r0 apk jsonpickle 4.1.2 python
libgcrypt 1.10.3-r0 apk libapk2 2.14.9-r3 apk
libgd 2.3.3-r9 apk libassuan 2.5.7-r0 apk
libgpg-error 1.49-r0 apk libattr 2.5.2-r2 apk
libice 1.1.1-r6 apk libavif 1.3.0-r0 apk
libidn2 2.3.7-r0 apk libbsd 0.12.2-r0 apk
libintl 0.22.5-r0 apk libbz2 1.0.8-r6 apk
libip4tc 1.8.10-r3 apk libcrypto3 3.5.7-r0 apk
libip6tc 1.8.10-r3 apk libcurl 8.14.1-r2 apk
libjpeg-turbo 3.0.3-r0 apk libdav1d 1.5.1-r0 apk
libksba 1.6.6-r0 apk libedit 20250104.3.1-r1 apk
libldap 2.6.8-r0 apk libevent 2.1.12-r8 apk
libmaxminddb-libs 1.9.1-r0 apk libexpat 2.7.5-r0 apk
libmcrypt 2.5.8-r10 apk libffi 3.4.8-r0 apk
libmd 1.1.0-r0 apk libgcc 14.2.0-r6 apk
libmemcached-libs 1.1.4-r1 apk libgcrypt 1.10.3-r1 apk
libmnl 1.0.5-r2 apk libgd 2.3.3-r10 apk
libncursesw 6.4_p20240420-r2 apk libgpg-error 1.55-r0 apk
libnftnl 1.2.6-r0 apk libice 1.1.2-r0 apk
libpanelw 6.4_p20240420-r2 apk libidn2 2.3.7-r0 apk
libpng 1.6.44-r0 apk libintl 0.24.1-r0 apk
libpq 16.6-r0 apk libip4tc 1.8.11-r1 apk
libproc2 4.0.4-r0 apk libip6tc 1.8.11-r1 apk
libpsl 0.21.5-r1 apk libjpeg-turbo 3.1.0-r0 apk
libsasl 2.1.28-r6 apk libksba 1.6.7-r0 apk
libseccomp 2.5.5-r1 apk libldap 2.6.8-r0 apk
libsharpyuv 1.3.2-r0 apk libmaxminddb-libs 1.9.1-r0 apk
libsm 1.2.4-r4 apk libmd 1.1.0-r0 apk
libsodium 1.0.19-r0 apk libmemcached-libs 1.1.4-r1 apk
libssl3 3.3.2-r1 apk libmnl 1.0.5-r2 apk
libstdc++ 13.2.1_git20240309-r0 apk libncursesw 6.5_p20250503-r0 apk
libtasn1 4.19.0-r2 apk libnftnl 1.2.9-r0 apk
libunistring 1.2-r0 apk libpanelw 6.5_p20250503-r0 apk
libuuid 2.40.1-r1 apk libpng 1.6.57-r0 apk
libwebp 1.3.2-r0 apk libpq 17.10-r0 apk
libx11 1.8.9-r1 apk libproc2 4.0.4-r3 apk
libxau 1.0.11-r4 apk libpsl 0.21.5-r3 apk
libxcb 1.16.1-r0 apk libsasl 2.1.28-r8 apk
libxdmcp 1.1.5-r1 apk libseccomp 2.6.0-r0 apk
libxext 1.3.6-r2 apk libsharpyuv 1.5.0-r0 apk
libxml2 2.12.7-r0 apk libsm 1.2.5-r0 apk
libxpm 3.5.17-r0 apk libsodium 1.0.20-r1 apk
libxslt 1.1.39-r1 apk libssl3 3.5.7-r0 apk
libxt 1.3.0-r5 apk libstdc++ 14.2.0-r6 apk
libxtables 1.8.10-r3 apk libtasn1 4.21.0-r0 apk
libzip 1.10.1-r0 apk libunistring 1.3-r0 apk
linux-pam 1.6.0-r0 apk libuuid 2.41-r9 apk
logrotate 3.21.0-r1 apk libwebp 1.5.0-r0 apk
loopialib 0.2.0 python libx11 1.8.11-r0 apk
lxml 5.3.0 python libxau 1.0.12-r0 apk
lz4-libs 1.9.4-r5 apk libxcb 1.17.0-r0 apk
memcached 1.6.27-r0 apk libxdmcp 1.1.5-r1 apk
mock 5.1.0 python libxext 1.3.6-r2 apk
more-itertools 10.3.0 python libxml2 2.13.9-r1 apk
mpdecimal 4.0.0-r0 apk libxpm 3.5.19-r0 apk
msal 1.31.1 python libxslt 1.1.43-r3 apk
msal-extensions 1.2.0 python libxt 1.3.1-r0 apk
musl 1.2.5-r0 apk libxtables 1.8.11-r1 apk
musl-utils 1.2.5-r0 apk libyuv 0.0.1887.20251502-r1 apk
my-test-package 1.0 python libzip 1.11.4-r0 apk
nano 8.0-r0 apk linux-pam 1.7.0-r4 apk
ncurses-terminfo-base 6.4_p20240420-r2 apk logrotate 3.21.0-r1 apk
netcat-openbsd 1.226-r0 apk loopialib 0.2.0 python
nettle 3.9.1-r0 apk lxml 6.1.1 python
nghttp2-libs 1.62.1-r0 apk lz4-libs 1.10.0-r0 apk
nginx 1.26.2-r0 apk markupsafe 3.0.3 python
nginx-mod-devel-kit 1.26.2-r0 apk memcached 1.6.32-r0 apk
nginx-mod-http-brotli 1.26.2-r0 apk mock 5.2.0 python
nginx-mod-http-dav-ext 1.26.2-r0 apk more-itertools 10.8.0 python
nginx-mod-http-echo 1.26.2-r0 apk mpdecimal 4.0.1-r0 apk
nginx-mod-http-fancyindex 1.26.2-r0 apk msal 1.37.0 python
nginx-mod-http-geoip2 1.26.2-r0 apk msal-extensions 1.3.1 python
nginx-mod-http-headers-more 1.26.2-r0 apk musl 1.2.5-r12 apk
nginx-mod-http-image-filter 1.26.2-r0 apk musl-utils 1.2.5-r12 apk
nginx-mod-http-perl 1.26.2-r0 apk nano 8.4-r0 apk
nginx-mod-http-redis2 1.26.2-r0 apk ncurses-terminfo-base 6.5_p20250503-r0 apk
nginx-mod-http-set-misc 1.26.2-r0 apk netcat-openbsd 1.229.1-r0 apk
nginx-mod-http-upload-progress 1.26.2-r0 apk nettle 3.10.2-r0 apk
nginx-mod-http-xslt-filter 1.26.2-r0 apk nghttp2-libs 1.69.0-r0 apk
nginx-mod-mail 1.26.2-r0 apk nginx 1.28.3-r3 apk
nginx-mod-rtmp 1.26.2-r0 apk nginx-mod-devel-kit 1.28.3-r3 apk
nginx-mod-stream 1.26.2-r0 apk nginx-mod-http-brotli 1.28.3-r3 apk
nginx-mod-stream-geoip2 1.26.2-r0 apk nginx-mod-http-dav-ext 1.28.3-r3 apk
nginx-vim 1.26.2-r0 apk nginx-mod-http-echo 1.28.3-r3 apk
npth 1.6-r4 apk nginx-mod-http-fancyindex 1.28.3-r3 apk
oniguruma 6.9.9-r0 apk nginx-mod-http-geoip2 1.28.3-r3 apk
openssl 3.3.2-r1 apk nginx-mod-http-headers-more 1.28.3-r3 apk
p11-kit 0.25.3-r0 apk nginx-mod-http-image-filter 1.28.3-r3 apk
packaging 24.2 python nginx-mod-http-perl 1.28.3-r3 apk
parsedatetime 2.6 python nginx-mod-http-redis2 1.28.3-r3 apk
pcre 8.45-r3 apk nginx-mod-http-set-misc 1.28.3-r3 apk
pcre2 10.43-r0 apk nginx-mod-http-upload-progress 1.28.3-r3 apk
perl 5.38.2-r0 apk nginx-mod-http-xslt-filter 1.28.3-r3 apk
perl-error 0.17029-r2 apk nginx-mod-mail 1.28.3-r3 apk
perl-git 2.45.2-r0 apk nginx-mod-rtmp 1.28.3-r3 apk
php83 8.3.14-r0 apk nginx-mod-stream 1.28.3-r3 apk
php83-bcmath 8.3.14-r0 apk nginx-mod-stream-geoip2 1.28.3-r3 apk
php83-bz2 8.3.14-r0 apk nginx-vim 1.28.3-r3 apk
php83-common 8.3.14-r0 apk npth 1.8-r0 apk
php83-ctype 8.3.14-r0 apk oniguruma 6.9.10-r0 apk
php83-curl 8.3.14-r0 apk openssl 3.5.7-r0 apk
php83-dom 8.3.14-r0 apk p11-kit 0.25.5-r2 apk
php83-exif 8.3.14-r0 apk packaging 26.0 python
php83-fileinfo 8.3.14-r0 apk packaging 26.2 python
php83-fpm 8.3.14-r0 apk parsedatetime 2.6 python
php83-ftp 8.3.14-r0 apk pcre2 10.46-r0 apk
php83-gd 8.3.14-r0 apk perl 5.40.4-r0 apk
php83-gmp 8.3.14-r0 apk perl-error 0.17030-r0 apk
php83-iconv 8.3.14-r0 apk perl-git 2.49.1-r0 apk
php83-imap 8.3.14-r0 apk php84 8.4.16-r0 apk
php83-intl 8.3.14-r0 apk php84-bcmath 8.4.16-r0 apk
php83-ldap 8.3.14-r0 apk php84-bz2 8.4.16-r0 apk
php83-mbstring 8.3.14-r0 apk php84-common 8.4.16-r0 apk
php83-mysqli 8.3.14-r0 apk php84-ctype 8.4.16-r0 apk
php83-mysqlnd 8.3.14-r0 apk php84-curl 8.4.16-r0 apk
php83-opcache 8.3.14-r0 apk php84-dom 8.4.16-r0 apk
php83-openssl 8.3.14-r0 apk php84-exif 8.4.16-r0 apk
php83-pdo 8.3.14-r0 apk php84-fileinfo 8.4.16-r0 apk
php83-pdo_mysql 8.3.14-r0 apk php84-fpm 8.4.16-r0 apk
php83-pdo_odbc 8.3.14-r0 apk php84-ftp 8.4.16-r0 apk
php83-pdo_pgsql 8.3.14-r0 apk php84-gd 8.4.16-r0 apk
php83-pdo_sqlite 8.3.14-r0 apk php84-gmp 8.4.16-r0 apk
php83-pear 8.3.14-r0 apk php84-iconv 8.4.16-r0 apk
php83-pecl-apcu 5.1.23-r0 apk php84-intl 8.4.16-r0 apk
php83-pecl-igbinary 3.2.15-r0 apk php84-ldap 8.4.16-r0 apk
php83-pecl-mcrypt 1.0.7-r0 apk php84-mbstring 8.4.16-r0 apk
php83-pecl-memcached 3.3.0-r0 apk php84-mysqli 8.4.16-r0 apk
php83-pecl-msgpack 2.2.0-r2 apk php84-mysqlnd 8.4.16-r0 apk
php83-pecl-redis 6.1.0-r0 apk php84-opcache 8.4.16-r0 apk
php83-pgsql 8.3.14-r0 apk php84-openssl 8.4.16-r0 apk
php83-phar 8.3.14-r0 apk php84-pdo 8.4.16-r0 apk
php83-posix 8.3.14-r0 apk php84-pdo_mysql 8.4.16-r0 apk
php83-session 8.3.14-r0 apk php84-pdo_odbc 8.4.16-r0 apk
php83-simplexml 8.3.14-r0 apk php84-pdo_pgsql 8.4.16-r0 apk
php83-soap 8.3.14-r0 apk php84-pdo_sqlite 8.4.16-r0 apk
php83-sockets 8.3.14-r0 apk php84-pear 8.4.16-r0 apk
php83-sodium 8.3.14-r0 apk php84-pecl-apcu 5.1.27-r0 apk
php83-sqlite3 8.3.14-r0 apk php84-pecl-igbinary 3.2.16-r1 apk
php83-tokenizer 8.3.14-r0 apk php84-pecl-imap 1.0.3-r0 apk
php83-xml 8.3.14-r0 apk php84-pecl-memcached 3.3.0-r0 apk
php83-xmlreader 8.3.14-r0 apk php84-pecl-msgpack 3.0.0-r0 apk
php83-xmlwriter 8.3.14-r0 apk php84-pecl-redis 6.3.0-r0 apk
php83-xsl 8.3.14-r0 apk php84-pgsql 8.4.16-r0 apk
php83-zip 8.3.14-r0 apk php84-phar 8.4.16-r0 apk
pinentry 1.3.0-r0 apk php84-posix 8.4.16-r0 apk
pip 24.3.1 python php84-session 8.4.16-r0 apk
pkb-client 2.0.0 python php84-simplexml 8.4.16-r0 apk
platformdirs 4.2.2 python php84-soap 8.4.16-r0 apk
popt 1.19-r3 apk php84-sockets 8.4.16-r0 apk
portalocker 2.10.1 python php84-sodium 8.4.16-r0 apk
procps-ng 4.0.4-r0 apk php84-sqlite3 8.4.16-r0 apk
proto-plus 1.25.0 python php84-tokenizer 8.4.16-r0 apk
protobuf 5.29.1 python php84-xml 8.4.16-r0 apk
pyacmedns 0.4 python php84-xmlreader 8.4.16-r0 apk
pyasn1 0.6.1 python php84-xmlwriter 8.4.16-r0 apk
pyasn1-modules 0.4.1 python php84-xsl 8.4.16-r0 apk
pyc 3.12.8-r0 apk php84-zip 8.4.16-r0 apk
pycparser 2.22 python pinentry 1.3.1-r0 apk
pyjwt 2.10.1 python pip 26.1.2 python
pynamecheap 0.0.3 python pkb-client 2.3.1 python
pyopenssl 24.3.0 python platformdirs 4.4.0 python
pyotp 2.9.0 python popt 1.19-r4 apk
pyparsing 3.2.0 python procps-ng 4.0.4-r3 apk
pyrfc3339 2.0.1 python proto-plus 1.28.0 python
python-dateutil 2.9.0.post0 python protobuf 7.35.1 python
python-digitalocean 1.17.0 python pyacmedns 0.4 python
python-transip 0.6.0 python pyasn1 0.6.3 python
python3 3.12.8-r0 apk pyasn1-modules 0.4.2 python
python3-pyc 3.12.8-r0 apk pyc 3.12.13-r0 apk
python3-pycache-pyc0 3.12.8-r0 apk pycparser 3.0 python
pytz 2024.2 python pydantic 2.13.4 python
pyyaml 6.0.2 python pydantic-core 2.46.4 python
readline 8.2.10-r0 apk pyjwt 2.13.0 python
requests 2.32.3 python pynamecheap 0.0.3 python
requests-file 2.1.0 python pyopenssl 26.3.0 python
requests-mock 1.12.1 python pyotp 2.9.0 python
rsa 4.9 python pyparsing 3.3.2 python
s3transfer 0.10.4 python pyrfc3339 2.1.0 python
scanelf 1.3.7-r2 apk python-dateutil 2.9.0.post0 python
setuptools 75.6.0 python python-digitalocean 1.17.0 python
shadow 4.15.1-r0 apk python-transip 0.6.0 python
six 1.17.0 python python3 3.12.13-r0 apk
skalibs 2.14.1.1-r0 apk python3-pyc 3.12.13-r0 apk
soupsieve 2.6 python python3-pycache-pyc0 3.12.13-r0 apk
sqlite-libs 3.45.3-r1 apk pyyaml 6.0.3 python
ssl_client 1.36.1-r29 apk readline 8.2.13-r1 apk
tiff 4.6.0t-r0 apk requests 2.34.2 python
tldextract 5.1.3 python requests-file 3.0.1 python
tomli 2.0.1 python requests-mock 1.12.1 python
typeguard 4.3.0 python requests-unixsocket 0.4.1 python
typing-extensions 4.12.2 python (+1 duplicate) s3transfer 0.18.0 python
tzdata 2024b-r0 apk scanelf 1.3.8-r1 apk
unixodbc 2.3.12-r0 apk setuptools 82.0.1 python
uritemplate 4.1.1 python shadow 4.17.3-r0 apk
urllib3 2.2.3 python six 1.17.0 python
utmps-libs 0.1.2.2-r1 apk skalibs-libs 2.14.4.0-r0 apk
wheel 0.43.0 python sniffio 1.3.1 python
wheel 0.45.1 python soupsieve 2.8.4 python
whois 5.5.23-r0 apk sqlite-libs 3.49.2-r1 apk
xz-libs 5.6.2-r0 apk ssl_client 1.37.0-r20 apk
zipp 3.19.2 python tiff 4.7.1-r0 apk
zlib 1.3.1-r1 apk tldextract 5.3.1 python
zope-interface 7.2 python tomli 2.4.0 python
zstd-libs 1.5.6-r0 apk typing-extensions 4.15.0 python
typing-inspection 0.4.2 python
tzdata 2026b-r0 apk
unixodbc 2.3.12-r0 apk
uritemplate 4.2.0 python
urllib3 2.7.0 python
utmps-libs 0.1.3.1-r0 apk
wheel 0.46.3 python
wheel 0.47.0 python
whois 5.6.3-r0 apk
xz-libs 5.8.3-r0 apk
zipp 3.23.0 python
zlib 1.3.2-r0 apk
zope-interface 8.5 python
zstd-libs 1.5.7-r0 apk
+41 -14
View File
@@ -6,6 +6,7 @@ project_url: "https://linuxserver.io"
project_logo: "https://github.com/linuxserver/docker-templates/raw/master/linuxserver.io/img/swag.gif" project_logo: "https://github.com/linuxserver/docker-templates/raw/master/linuxserver.io/img/swag.gif"
project_blurb: "SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention." project_blurb: "SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention."
project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}" project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
project_categories: "Reverse Proxy"
# supported architectures # supported architectures
available_architectures: available_architectures:
- {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} - {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
@@ -31,15 +32,23 @@ opt_param_usage_include_env: true
opt_param_env_vars: opt_param_env_vars:
- {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"} - {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"}
- {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."} - {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."}
- {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."} - {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."}
- {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."} - {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."}
- {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."} - {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."}
- {env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`"} - {env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`"}
- {env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org`"} - {env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org`"}
- {env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes."} - {env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes."}
- {env_var: "DISABLE_F2B", env_value: "", desc: "Set to `true` to disable the Fail2ban service in the container, if you're already running it elsewhere or using a different IPS."}
- {env_var: "SWAG_AUTORELOAD", env_value: "", desc: "Set to `true` to enable automatic reloading of confs on change without stopping/restarting nginx. Your filesystem must support inotify. This functionality was previously offered [via mod](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload)."}
- {env_var: "SWAG_AUTORELOAD_WATCHLIST", env_value: "", desc: "A [pipe](https://en.wikipedia.org/wiki/Vertical_bar)-separated list of additional folders for auto reload to watch in addition to `/config/nginx`"}
opt_param_usage_include_ports: true opt_param_usage_include_ports: true
opt_param_ports: opt_param_ports:
- {external_port: "80", internal_port: "80", port_desc: "HTTP port (required for HTTP validation and HTTP -> HTTPS redirect)"} - {external_port: "80", internal_port: "80", port_desc: "HTTP port (required for HTTP validation and HTTP -> HTTPS redirect)"}
- {external_port: "443", internal_port: "443/udp", port_desc: "QUIC (HTTP/3) port. Must be enabled in the default and proxy confs."}
readonly_supported: true
readonly_message: |
* `/tmp` must be mounted to tmpfs
* fail2ban will not be available
# application setup block # application setup block
app_setup_block_enabled: true app_setup_block_enabled: true
app_setup_block: | app_setup_block: |
@@ -114,7 +123,7 @@ app_setup_block: |
* You can check which jails are active via `docker exec -it swag fail2ban-client status` * You can check which jails are active via `docker exec -it swag fail2ban-client status`
* You can check the status of a specific jail via `docker exec -it swag fail2ban-client status <jail name>` * You can check the status of a specific jail via `docker exec -it swag fail2ban-client status <jail name>`
* You can unban an IP via `docker exec -it swag fail2ban-client set <jail name> unbanip <IP>` * You can unban an IP via `docker exec -it swag fail2ban-client set <jail name> unbanip <IP>`
* A list of commands can be found here: <https://www.fail2ban.org/wiki/index.php/Commands> * A list of commands for fail2ban-client can be found [here](https://manpages.ubuntu.com/manpages/noble/man1/fail2ban-client.1.html)
### Updating configs ### Updating configs
@@ -130,6 +139,16 @@ app_setup_block: |
* Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not. * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not.
* You can check the new sample and adjust your active config as needed. * You can check the new sample and adjust your active config as needed.
### QUIC support
This image supports QUIC (also known as HTTP/3) but it must be explicitly enabled in each proxy conf, and the default conf, because if the listener is enabled and you don't expose 443/UDP, it can break connections with some browsers.
To enable QUIC, expose 443/UDP to your clients, then uncomment both QUIC listeners in all of your active proxy confs, as well as the default conf, and restart the container.
You should also uncomment the `Alt-Svc` header in your `ssl.conf` so that browsers are aware that you offer QUIC connectivity.
It is [recommended](https://quic-go.net/docs/quic/optimizations/#udp-buffer-sizes) to increase the UDP send/recieve buffer **on the host** by setting the `net.core.rmem_max` and `net.core.wmem_max` sysctls. Suggested values are 4-16Mb (4194304-16777216 bytes). For persistence between reboots use `/etc/sysctl.d/`.
### Migration from the old `linuxserver/letsencrypt` image ### Migration from the old `linuxserver/letsencrypt` image
Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate). Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
@@ -152,26 +171,24 @@ init_diagram: |
init-nginx-end -> init-config init-nginx-end -> init-config
init-os-end -> init-config init-os-end -> init-config
init-config -> init-config-end init-config -> init-config-end
init-crontab-config -> init-config-end
init-outdated-config -> init-config-end init-outdated-config -> init-config-end
init-os-end -> init-crontab-config init-config -> init-crontab-config
init-mods-end -> init-custom-files init-mods-end -> init-custom-files
init-adduser -> init-device-perms
base -> init-envfile base -> init-envfile
init-swag-samples -> init-fail2ban-config init-require-url -> init-fail2ban-config
init-os-end -> init-folders init-os-end -> init-folders
init-php -> init-keygen init-php -> init-keygen
base -> init-migrations base -> init-migrations
base -> init-mods
init-config-end -> init-mods init-config-end -> init-mods
init-version-checks -> init-mods
init-mods -> init-mods-end
init-mods-package-install -> init-mods-end init-mods-package-install -> init-mods-end
init-mods -> init-mods-package-install init-mods -> init-mods-package-install
init-samples -> init-nginx init-samples -> init-nginx
init-permissions -> init-nginx-end init-version-checks -> init-nginx-end
base -> init-os-end
init-adduser -> init-os-end init-adduser -> init-os-end
init-device-perms -> init-os-end
init-envfile -> init-os-end init-envfile -> init-os-end
init-migrations -> init-os-end
init-renew -> init-outdated-config init-renew -> init-outdated-config
init-keygen -> init-permissions init-keygen -> init-permissions
init-certbot-config -> init-permissions-config init-certbot-config -> init-permissions-config
@@ -180,11 +197,11 @@ init_diagram: |
init-config -> init-require-url init-config -> init-require-url
init-folders -> init-samples init-folders -> init-samples
init-custom-files -> init-services init-custom-files -> init-services
init-mods-end -> init-services
init-fail2ban-config -> init-swag-config init-fail2ban-config -> init-swag-config
init-require-url -> init-swag-folders init-permissions -> init-swag-folders
init-swag-folders -> init-swag-samples init-swag-folders -> init-swag-samples
init-config-end -> init-version-checks init-permissions -> init-version-checks
init-swag-samples -> init-version-checks
init-services -> svc-cron init-services -> svc-cron
svc-cron -> legacy-services svc-cron -> legacy-services
init-services -> svc-fail2ban init-services -> svc-fail2ban
@@ -193,13 +210,23 @@ init_diagram: |
svc-nginx -> legacy-services svc-nginx -> legacy-services
init-services -> svc-php-fpm init-services -> svc-php-fpm
svc-php-fpm -> legacy-services svc-php-fpm -> legacy-services
init-services -> svc-swag-auto-reload
svc-swag-auto-reload -> legacy-services
} }
Base Images: { Base Images: {
"baseimage-alpine-nginx:3.20" <- "baseimage-alpine:3.20" "baseimage-alpine-nginx:3.22" <- "baseimage-alpine:3.22"
} }
"swag:latest" <- Base Images "swag:latest" <- Base Images
# changelog # changelog
changelogs: changelogs:
- {date: "01.06.26:", desc: "Remove obsolete old cert check logic."}
- {date: "23.01.26:", desc: "Reorder init to fix proxy conf version checks."}
- {date: "21.12.25:", desc: "Add support for hetzner-cloud dns validation."}
- {date: "04.11.25:", desc: "Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin."}
- {date: "18.07.25:", desc: "Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained."}
- {date: "05.05.25:", desc: "Disable Certbot's built in log rotation."}
- {date: "19.01.25:", desc: "Add [Auto Reload](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload) functionality to SWAG."}
- {date: "17.12.24:", desc: "Rebase to Alpine 3.21."}
- {date: "21.10.24:", desc: "Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns)."} - {date: "21.10.24:", desc: "Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns)."}
- {date: "30.08.24:", desc: "Fix zerossl cert revocation."} - {date: "30.08.24:", desc: "Fix zerossl cert revocation."}
- {date: "24.07.14:", desc: "Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings."} - {date: "24.07.14:", desc: "Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings."}
+1 -1
View File
@@ -6,4 +6,4 @@ echo
echo "<------------------------------------------------->" echo "<------------------------------------------------->"
echo "cronjob running on $(date)" echo "cronjob running on $(date)"
echo "Running certbot renew" echo "Running certbot renew"
certbot renew --non-interactive certbot renew --non-interactive --config-dir /config/etc/letsencrypt --logs-dir /config/log/letsencrypt --work-dir /tmp/letsencrypt --config /config/etc/letsencrypt/cli.ini
+2 -3
View File
@@ -1,7 +1,6 @@
# Instructions: https://github.com/obynio/certbot-plugin-gandi#usage # Instructions: https://github.com/obynio/certbot-plugin-gandi#usage
# Replace with your value # Replace with your Gandi Live DNS v5 Personal Access Token
# live dns v5 api key dns_gandi_token=TOKEN
dns_gandi_api_key=APIKEY
# optional organization id, remove it if not used # optional organization id, remove it if not used
#dns_gandi_sharing_id=SHARINGID #dns_gandi_sharing_id=SHARINGID
+2
View File
@@ -0,0 +1,2 @@
# Hetzner Cloud API Token
dns_hetzner_cloud_api_token = your_api_token_here
View File
View File
View File
@@ -1,13 +1,8 @@
## Version 2024/03/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample ## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia # Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined
# For authelia 4.38 and above, make sure that the authelia configuration.yml has 'address: "tcp://:9091/authelia"' defined
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource
## For authelia 4.37 and below, use the following line
# auth_request /authelia/api/verify;
## For authelia 4.38 and above, use the following line
auth_request /authelia/api/authz/auth-request; auth_request /authelia/api/authz/auth-request;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
@@ -1,44 +1,15 @@
## Version 2024/03/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample ## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia # Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined
# For authelia 4.38 and above, make sure that the authelia configuration.yml has 'address: "tcp://:9091/authelia"' defined
# location for authelia subfolder requests # location for authelia auth requests
location ^~ /authelia {
auth_request off; # requests to this subfolder must be accessible without authentication
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091;
}
# location for authelia 4.37 and below auth requests
location = /authelia/api/verify {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091;
## Include the Set-Cookie header if present
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
# location for authelia 4.38 and above auth requests
location = /authelia/api/authz/auth-request { location = /authelia/api/authz/auth-request {
internal; internal;
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_authelia authelia; set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091; proxy_pass http://$upstream_authelia:9091/api/authz/auth-request;
## Include the Set-Cookie header if present ## Include the Set-Cookie header if present
auth_request_set $set_cookie $upstream_http_set_cookie; auth_request_set $set_cookie $upstream_http_set_cookie;
@@ -62,11 +33,6 @@ location @authelia_proxy_signin {
## Translate the Location response header from the auth subrequest into a variable ## Translate the Location response header from the auth subrequest into a variable
auth_request_set $signin_url $upstream_http_location; auth_request_set $signin_url $upstream_http_location;
if ($signin_url = '') {
## Set the $signin_url variable
set $signin_url https://$http_host/authelia/?rd=$target_url;
}
## Redirect to login ## Redirect to login
return 302 $signin_url; return 302 $signin_url;
} }
@@ -1,4 +1,4 @@
## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample ## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
@@ -19,7 +19,7 @@ location = /outpost.goauthentik.io/auth/nginx {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_authentik authentik-server; set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000; proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
## Include the Set-Cookie header if present ## Include the Set-Cookie header if present
auth_request_set $set_cookie $upstream_http_set_cookie; auth_request_set $set_cookie $upstream_http_set_cookie;
@@ -1,4 +1,4 @@
## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample ## Version 2026/03/07 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https # redirect all traffic to https
server { server {
@@ -13,7 +13,9 @@ server {
# main server block # main server block
server { server {
listen 443 ssl default_server; listen 443 ssl default_server;
# listen 443 quic reuseport default_server;
listen [::]:443 ssl default_server; listen [::]:443 ssl default_server;
# listen [::]:443 quic reuseport default_server;
server_name _; server_name _;
@@ -34,6 +36,9 @@ server {
# enable for Authentik (requires authentik-location.conf in the location block) # enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf; #include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / { location / {
# enable for basic auth # enable for basic auth
#auth_basic "Restricted"; #auth_basic "Restricted";
@@ -48,6 +53,9 @@ server {
# enable for Authentik (requires authentik-server.conf in the server block) # enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf; #include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
} }
@@ -80,5 +88,3 @@ server {
# enable subdomain method reverse proxy confs # enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf; include /config/nginx/proxy-confs/*.subdomain.conf;
# enable proxy cache for auth
proxy_cache_path cache/ keys_zone=auth_cache:10m;
@@ -0,0 +1,9 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
## Send a subrequest to tinyauth to verify if the user is authenticated and has permission to access the resource
auth_request /tinyauth;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
error_page 401 = @tinyauth_login;
@@ -0,0 +1,35 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
# location for tinyauth auth requests
location /tinyauth {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_tinyauth tinyauth;
proxy_pass http://$upstream_tinyauth:3000/api/auth/nginx;
proxy_set_header x-forwarded-proto $scheme;
proxy_set_header x-forwarded-host $http_host;
proxy_set_header x-forwarded-uri $request_uri;
}
# virtual location for tinyauth 401 redirects
location @tinyauth_login {
internal;
## Set the $target_url variable based on the original request
set_escape_uri $target_url $scheme://$http_host$request_uri;
## Set the $signin_url variable
set $domain $host;
if ($host ~* "^[^.]+\.([^.]+\..+)$") {
set $domain $1;
}
set $signin_url https://tinyauth.$domain/login?redirect_uri=$target_url;
## Redirect to login
return 302 $signin_url;
}
+1 -1
View File
@@ -5,4 +5,4 @@
0 3 * * 6 run-parts /etc/periodic/weekly 0 3 * * 6 run-parts /etc/periodic/weekly
0 5 1 * * run-parts /etc/periodic/monthly 0 5 1 * * run-parts /etc/periodic/monthly
8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1 8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/renewal.log 2>&1
@@ -38,12 +38,6 @@ if [[ "${VALIDATION}" = "dns" ]] && ! echo "${CERTBOT_DNS_AUTHENTICATORS}" | gre
sleep infinity sleep infinity
fi fi
# set owner of certbot's CONFIG_DIR, WORK_DIR, and LOGS_DIR to abc
lsiown -R abc:abc \
/etc/letsencrypt \
/var/lib/letsencrypt \
/var/log/letsencrypt
# set_ini_value logic: # set_ini_value logic:
# - if the name is not found in the file, append the name=value to the end of the file # - if the name is not found in the file, append the name=value to the end of the file
# - if the name is found in the file, replace the value # - if the name is found in the file, replace the value
@@ -62,12 +56,17 @@ touch /config/etc/letsencrypt/cli.ini
lsiown abc:abc /config/etc/letsencrypt/cli.ini lsiown abc:abc /config/etc/letsencrypt/cli.ini
grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini
# Check for broken dns credentials value in cli.ini and remove
sed -i '/dns--credentials/d' /config/etc/letsencrypt/cli.ini
# Disable Certbot's built in log rotation
set_ini_value "max-log-backups" "0" /config/etc/letsencrypt/cli.ini
# copy dns default configs # copy dns default configs
cp -n /defaults/dns-conf/* /config/dns-conf/ 2> >(grep -v 'cp: not replacing') cp -n /defaults/dns-conf/* /config/dns-conf/ 2> >(grep -v 'cp: not replacing')
lsiown -R abc:abc /config/dns-conf lsiown -R abc:abc /config/dns-conf
# copy default renewal hooks # copy default renewal hooks
chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ 2> >(grep -v 'cp: not replacing') cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ 2> >(grep -v 'cp: not replacing')
lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
@@ -175,8 +174,8 @@ else
fi fi
# cleanup unused csr and keys folders # cleanup unused csr and keys folders
rm -rf /etc/letsencrypt/csr rm -rf /config/etc/letsencrypt/csr
rm -rf /etc/letsencrypt/keys rm -rf /config/etc/letsencrypt/keys
# checking for changes in cert variables, revoking certs if necessary # checking for changes in cert variables, revoking certs if necessary
if [[ ! "${URL}" = "${ORIGURL}" ]] || if [[ ! "${URL}" = "${ORIGURL}" ]] ||
@@ -197,9 +196,9 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
fi fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --key-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/privkey.pem --server "${REV_ACMESERVER[@]}" || true certbot revoke --config-dir /config/etc/letsencrypt --logs-dir /config/log/letsencrypt --work-dir /tmp/letsencrypt --config /config/etc/letsencrypt/cli.ini --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --key-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/privkey.pem --server "${REV_ACMESERVER[@]}" || true
else else
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true certbot revoke --config-dir /config/etc/letsencrypt --logs-dir /config/log/letsencrypt --work-dir /tmp/letsencrypt --config /config/etc/letsencrypt/cli.ini --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi fi
@@ -207,18 +206,6 @@ fi
# saving new variables # saving new variables
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
else
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# if zerossl is selected or staging is set to true, use the relevant server # if zerossl is selected or staging is set to true, use the relevant server
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
echo "ZeroSSL does not support staging mode, ignoring STAGING variable" echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
@@ -304,7 +291,7 @@ if [[ "${VALIDATION}" = "dns" ]]; then
sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini
fi fi
# plugins that don't support setting propagation # plugins that don't support setting propagation
if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then if [[ "${DNSPLUGIN}" =~ ^(gandi|route53|standalone)$ ]]; then
if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini
fi fi
@@ -347,7 +334,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
fi fi
echo "Generating new certificate" echo "Generating new certificate"
certbot certonly --non-interactive --renew-by-default certbot certonly --config-dir /config/etc/letsencrypt --logs-dir /config/log/letsencrypt --work-dir /tmp/letsencrypt --config /config/etc/letsencrypt/cli.ini --non-interactive --renew-by-default
if [[ ! -d /config/keys/letsencrypt ]]; then if [[ ! -d /config/keys/letsencrypt ]]; then
if [[ "${VALIDATION}" = "dns" ]]; then if [[ "${VALIDATION}" = "dns" ]]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file." echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
@@ -1,38 +1,40 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash # shellcheck shell=bash
if ! iptables -L &> /dev/null; then if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]] && [[ "${DISABLE_F2B,,}" != "true" ]]; then
ln -sf /sbin/xtables-legacy-multi /sbin/iptables if ! iptables -L &> /dev/null; then
ln -sf /sbin/xtables-legacy-multi /sbin/iptables-save ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/iptables
ln -sf /sbin/xtables-legacy-multi /sbin/iptables-restore ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-save
ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-restore
ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-save ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/ip6tables
ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables-restore ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/ip6tables-save
fi ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/ip6tables-restore
fi
# copy/update the fail2ban config defaults to/in /config # copy/update the fail2ban config defaults to/in /config
cp -R /defaults/fail2ban/filter.d /config/fail2ban/ cp -R /defaults/fail2ban/filter.d /config/fail2ban/
cp -R /defaults/fail2ban/action.d /config/fail2ban/ cp -R /defaults/fail2ban/action.d /config/fail2ban/
# if jail.local is missing in /config, copy default # if jail.local is missing in /config, copy default
if [[ ! -f /config/fail2ban/jail.local ]]; then if [[ ! -f /config/fail2ban/jail.local ]]; then
cp /defaults/fail2ban/jail.local /config/fail2ban/jail.local cp /defaults/fail2ban/jail.local /config/fail2ban/jail.local
fi fi
# Replace fail2ban config with user config # Replace fail2ban config with user config
if [[ -d /etc/fail2ban/filter.d ]]; then if [[ -d /etc/fail2ban/filter.d ]]; then
rm -rf /etc/fail2ban/filter.d rm -rf /etc/fail2ban/filter.d
fi fi
if [[ -d /etc/fail2ban/action.d ]]; then if [[ -d /etc/fail2ban/action.d ]]; then
rm -rf /etc/fail2ban/action.d rm -rf /etc/fail2ban/action.d
fi fi
cp -R /config/fail2ban/filter.d /etc/fail2ban/ cp -R /config/fail2ban/filter.d /etc/fail2ban/
cp -R /config/fail2ban/action.d /etc/fail2ban/ cp -R /config/fail2ban/action.d /etc/fail2ban/
cp /defaults/fail2ban/fail2ban.local /etc/fail2ban/ cp /defaults/fail2ban/fail2ban.local /etc/fail2ban/
cp /config/fail2ban/jail.local /etc/fail2ban/jail.local cp /config/fail2ban/jail.local /etc/fail2ban/jail.local
# logfiles needed by fail2ban # logfiles needed by fail2ban
if [[ ! -f /config/log/nginx/error.log ]]; then if [[ ! -f /config/log/nginx/error.log ]]; then
touch /config/log/nginx/error.log touch /config/log/nginx/error.log
fi fi
if [[ ! -f /config/log/nginx/access.log ]]; then if [[ ! -f /config/log/nginx/access.log ]]; then
touch /config/log/nginx/access.log touch /config/log/nginx/access.log
fi
fi fi
@@ -11,3 +11,9 @@ if [[ -f /config/nginx/ldap.conf ]]; then
Ensure your configs are updated and remove /config/nginx/ldap.conf Ensure your configs are updated and remove /config/nginx/ldap.conf
If you do not use this config, simply remove it." If you do not use this config, simply remove it."
fi fi
if grep -qrle ' /etc/letsencrypt' /config/nginx; then
echo " The following nginx confs are using certificates from the obsolete location
/etc/letsencrypt and should be updated to point to /config/etc/letsencrypt
"
echo -n " " && grep -rle ' /etc/letsencrypt' /config/nginx
fi
@@ -2,10 +2,7 @@
# shellcheck shell=bash # shellcheck shell=bash
# permissions # permissions
find /config/log ! -path '/config/log/logrotate.status' -exec chmod +r {} \+
lsiown -R abc:abc \ lsiown -R abc:abc \
/config /config
chmod -R 0644 /etc/logrotate.d
chmod -R +r /config/log
# Workaround for systems with chmod errors
true
@@ -22,6 +22,14 @@ if [[ ! -f /config/nginx/authentik-server.conf ]]; then
cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
fi fi
# copy tinyauth config files if they don't exist
if [[ ! -f /config/nginx/tinyauth-location.conf ]]; then
cp /defaults/nginx/tinyauth-location.conf.sample /config/nginx/tinyauth-location.conf
fi
if [[ ! -f /config/nginx/tinyauth-server.conf ]]; then
cp /defaults/nginx/tinyauth-server.conf.sample /config/nginx/tinyauth-server.conf
fi
# copy old ldap config file to new location # copy old ldap config file to new location
if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf
@@ -7,6 +7,6 @@ mkdir -p \
/config/etc/letsencrypt/renewal-hooks \ /config/etc/letsencrypt/renewal-hooks \
/config/log/{fail2ban,letsencrypt,nginx} \ /config/log/{fail2ban,letsencrypt,nginx} \
/config/nginx/proxy-confs \ /config/nginx/proxy-confs \
/run/fail2ban /run/fail2ban \
rm -rf /etc/letsencrypt /tmp/letsencrypt
ln -s /config/etc/letsencrypt /etc/letsencrypt
+6 -2
View File
@@ -1,5 +1,9 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash # shellcheck shell=bash
exec \ if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]] && [[ "${DISABLE_F2B,,}" != "true" ]]; then
fail2ban-client -x -f start exec \
fail2ban-client -x -f start
else
sleep infinity
fi
+41
View File
@@ -0,0 +1,41 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
if [[ ${SWAG_AUTORELOAD,,} == "true" ]]; then
if [[ -f "/etc/s6-overlay/s6-rc.d/svc-mod-swag-auto-reload/run" ]]; then
echo "ERROR: Legacy SWAG Auto Reload Mod detected, to use the built-in Auto Reload functionality please remove it from your container config."
sleep infinity
else
echo "Auto-reload: Watching the following folders for changes to .conf files:"
echo "/config/nginx"
ACTIVE_WATCH=("/config/nginx")
for i in $(echo "${SWAG_AUTORELOAD_WATCHLIST}" | tr "|" " "); do
if [ -f "${i}" ] || [ -d "${i}" ]; then
echo "${i}"
ACTIVE_WATCH+=("${i}")
fi
done
function wait_for_changes {
inotifywait -rq \
--event modify,move,create,delete \
--includei '\.conf$' \
"${ACTIVE_WATCH[@]}"
}
while wait_for_changes; do
NGINX_CONF=()
if ! grep -q "/config/nginx/nginx.conf" /etc/nginx/nginx.conf; then
NGINX_CONF=("-c" "/config/nginx/nginx.conf")
fi
if /usr/sbin/nginx "${NGINX_CONF[@]}" -t; then
echo "Changes to nginx config detected and the changes are valid, reloading nginx"
/usr/sbin/nginx "${NGINX_CONF[@]}" -s reload
else
echo "Changes to nginx config detected but the changes are not valid, skipping nginx reload. Please fix your config."
fi
done
fi
else
sleep infinity
fi
@@ -0,0 +1 @@
longrun
+7
View File
@@ -0,0 +1,7 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# Migrate existing renewal confs with old paths from /etc/letsencrypt to /config/etc/letsencrypt
if ls /config/etc/letsencrypt/renewal/*.conf >/dev/null 2>&1; then
sed -i 's| /etc/letsencrypt| /config/etc/letsencrypt|' /config/etc/letsencrypt/renewal/*.conf
fi