Compare commits

..

82 Commits

Author SHA1 Message Date
LinuxServer-CI 2c22ce9573 Bot Updating Package Versions 2026-07-15 18:14:31 +00:00
Eric Nemchik 0a34712336 Merge pull request #594 from jonathanmajh/patch-1
Update tinyauth-location.conf.sample for Forward Auth
2026-07-11 21:48:18 -05:00
Eric Nemchik 4e7e4f7fee Merge branch 'master' into patch-1 2026-07-11 21:07:22 -05:00
Jonathan Ma e39c6487f7 Update root/defaults/nginx/tinyauth-location.conf.sample
Co-authored-by: Eric Nemchik <eric@nemchik.com>
2026-07-11 12:58:10 -04:00
LinuxServer-CI 493982d27e Bot Updating Templated Files 2026-07-10 22:15:07 +00:00
LinuxServer-CI 1e2b94980c Bot Updating Templated Files 2026-07-10 22:13:20 +00:00
Eric Nemchik b3185a5eff Merge pull request #607 from Sausageroll2077/master
Add CERT_PROFILE support and improve ARI renewal scheduling
2026-07-10 17:11:32 -05:00
Sausageroll2077 e857f808b0 Add CERT_PROFILE support and simplify renewal scheduling
Add CERT_PROFILE env var for Let's Encrypt cert profiles. Run certbot
twice daily via a cron entry with a random delay instead of the previous
sed-based cron randomization. Update changelog.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-11 00:09:29 +02:00
LinuxServer-CI 62d5e73cbb Bot Updating Package Versions 2026-07-10 21:57:02 +00:00
LinuxServer-CI 83ab984b17 Bot Updating Templated Files 2026-07-10 21:52:10 +00:00
Eric Nemchik 1a8290dec1 Merge pull request #618 from Sausageroll2077/add-dnsplugin-mijn-host
Add support for mijn.host DNS plugin
2026-07-10 16:50:25 -05:00
Sausageroll2077 057bbb5930 Merge branch 'master' into add-dnsplugin-mijn-host 2026-07-08 19:20:20 +02:00
LinuxServer-CI d6c053dd22 Bot Updating Package Versions 2026-07-04 06:25:57 +00:00
Sausageroll2077 883a216247 Merge branch 'master' into add-dnsplugin-mijn-host 2026-06-29 17:53:31 +02:00
LinuxServer-CI a57ebf0399 Bot Updating Package Versions 2026-06-27 06:34:42 +00:00
Sausageroll2077 37b074c528 Merge branch 'master' into add-dnsplugin-mijn-host 2026-06-26 15:52:01 +02:00
LinuxServer-CI d86d2dbb59 Bot Updating Package Versions 2026-06-25 20:47:23 +00:00
Sausageroll2077 25258a2f90 Merge branch 'master' into add-dnsplugin-mijn-host 2026-06-21 07:17:39 +02:00
LinuxServer-CI 88b7c77e02 Bot Updating Package Versions 2026-06-20 07:05:54 +00:00
Sausageroll2077 2cea93f9b1 Add support for mijn.host DNS plugin
Adds certbot-dns-mijn-host as a DNSPLUGIN option (mijn-host), including
the plugin in both Dockerfiles, a credentials template under
dns-conf, and the DNSPLUGIN list in readme-vars.yml.

Closes #606

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-19 20:21:49 +02:00
LinuxServer-CI a9d1f7f0ee Bot Updating Package Versions 2026-06-13 07:04:48 +00:00
LinuxServer-CI d3fe405b46 Bot Updating Package Versions 2026-06-06 06:35:32 +00:00
LinuxServer-CI 32c26223dd Bot Updating Package Versions 2026-06-01 16:09:07 +00:00
aptalca 60161a3baf Merge pull request #613 from linuxserver/cert-check
remove obsolete old cert check logic
2026-06-01 12:02:02 -04:00
aptalca 321837be0d remove obsolete old cert check logic 2026-06-01 11:04:38 -04:00
LinuxServer-CI c371973f5f Bot Updating Package Versions 2026-05-30 06:29:09 +00:00
LinuxServer-CI bc18a403ba Bot Updating Package Versions 2026-05-23 06:17:54 +00:00
LinuxServer-CI b104a66e06 Bot Updating Package Versions 2026-05-16 06:00:50 +00:00
LinuxServer-CI 80bc4b4243 Bot Updating Package Versions 2026-05-14 20:15:20 +00:00
LinuxServer-CI 7cf7838a87 Bot Updating Package Versions 2026-05-14 19:54:29 +00:00
LinuxServer-CI 0cb2c16f7d Bot Updating Package Versions 2026-05-11 17:29:24 +00:00
LinuxServer-CI 36129452e8 Bot Updating Package Versions 2026-05-09 05:55:56 +00:00
LinuxServer-CI bb2b29d9c1 Bot Updating Templated Files 2026-05-09 05:51:19 +00:00
LinuxServer-CI b7ea5c43ec Bot Updating Package Versions 2026-05-02 05:43:26 +00:00
LinuxServer-CI 8fbf8ab449 Bot Updating Package Versions 2026-04-25 05:17:58 +00:00
Jonathan Ma 6b1745980a Merge branch 'master' into patch-1 2026-04-23 08:56:57 -04:00
LinuxServer-CI 9c5ae4f09a Bot Updating Package Versions 2026-04-18 05:12:40 +00:00
LinuxServer-CI 321c7f3295 Bot Updating Package Versions 2026-04-11 05:00:44 +00:00
LinuxServer-CI 005a68591d Bot Updating Package Versions 2026-04-07 19:22:47 +00:00
LinuxServer-CI 01bfb62124 Bot Updating Templated Files 2026-04-07 19:18:28 +00:00
LinuxServer-CI 04ad8386bf Bot Updating Package Versions 2026-04-04 04:55:57 +00:00
LinuxServer-CI b409073642 Bot Updating Package Versions 2026-03-28 04:58:53 +00:00
LinuxServer-CI 1c8a8d004e Bot Updating Package Versions 2026-03-21 04:42:40 +00:00
LinuxServer-CI 9235e504a1 Bot Updating Package Versions 2026-03-14 04:48:10 +00:00
LinuxServer-CI ef520118f5 Bot Updating Package Versions 2026-03-10 19:42:05 +00:00
Adam 4a4e84d26b Merge pull request #602 from linuxserver/tinyauth-fix
Add missing tinyauth blocks to default conf
2026-03-07 14:05:10 +00:00
thespad 8c002e6c56 Add missing tinyauth blocks to default conf 2026-03-07 13:57:15 +00:00
LinuxServer-CI ea840fbfbc Bot Updating Package Versions 2026-03-07 04:26:21 +00:00
LinuxServer-CI 42ba97e46a Bot Updating Package Versions
Mark stale issues and pull requests / stale (push) Failing after 0s
External Trigger Scheduler / external-trigger-scheduler (push) Failing after 10s
2026-02-28 04:20:29 +00:00
LinuxServer-CI b4b73022db Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-21 04:42:02 +00:00
LinuxServer-CI 9d5ebb6a7a Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-14 04:50:10 +00:00
LinuxServer-CI 7ad019e68d Bot Updating Templated Files 2026-02-14 04:45:56 +00:00
LinuxServer-CI 59ef2df680 Bot Updating Templated Files 2026-02-14 04:44:20 +00:00
LinuxServer-CI db874b2c0f Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-10 05:08:06 +00:00
LinuxServer-CI 6182a75998 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-02-07 04:43:17 +00:00
LinuxServer-CI 145c5d84f6 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-02-06 14:17:14 +00:00
LinuxServer-CI 1039f2a04c Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-02-03 19:48:04 +00:00
LinuxServer-CI 156e3ac160 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-01-31 04:29:28 +00:00
LinuxServer-CI e649bd71da Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-01-26 00:38:36 +00:00
LinuxServer-CI b54c263769 Bot Updating Templated Files 2026-01-26 00:34:15 +00:00
aptalca 7b11fb9643 Merge pull request #600 from linuxserver/sample-race
reorder init to make sure samples are copied before version checks
2026-01-25 19:32:30 -05:00
LinuxServer-CI 72d187c734 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-01-24 04:03:28 +00:00
aptalca b6752babcd sandwich swag folder creation and sample copying between nginx base's permissions and version checks to make sure samples are there when the check happens 2026-01-23 21:37:09 -05:00
Adam 6f38cebe04 Merge pull request #597 from hadjilucasL/patch-1
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-01-18 10:04:48 +00:00
LinuxServer-CI 62b3a02aed Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-01-17 03:59:34 +00:00
LinuxServer-CI 2deac3dac6 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-01-13 11:05:27 +00:00
LinuxServer-CI 48cbb269cc Bot Updating Templated Files 2026-01-13 11:00:44 +00:00
Adam 8489cde7c0 Merge pull request #596 from CaptivatingCat/hetzner-cloud 2026-01-13 10:59:01 +00:00
CaptivatingCat a120a68aae Merge branch 'master' into hetzner-cloud 2026-01-11 14:55:29 +01:00
LinuxServer-CI 1674ff4509 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
2026-01-10 04:00:48 +00:00
CaptivatingCat 52707530e2 Merge branch 'master' into hetzner-cloud 2026-01-07 23:30:22 +01:00
CaptivatingCat cbf78b31bb Fix missing quote in readme-vars.yml 2026-01-07 23:29:05 +01:00
Lucas Hadjilucas 2fc01f4e21 Merge branch 'master' into patch-1 2026-01-04 21:36:59 +02:00
LinuxServer-CI 5491278c13 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2026-01-03 03:59:18 +00:00
CaptivatingCat 4a7daa06ad Merge branch 'master' into hetzner-cloud 2025-12-31 22:39:27 +01:00
Lucas Hadjilucas 77dc5ff352 Merge branch 'master' into patch-1 2025-12-27 23:14:14 +02:00
LinuxServer-CI e834e13141 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-12-27 03:59:05 +00:00
Lucas Hadjilucas 0ab1a76dae Restore symlink paths for letsencrypt keys
To solve #549
2025-12-23 22:46:59 +02:00
CaptivatingCat 8b8b491df3 add support for hetzner-cloud dns validation 2025-12-21 00:55:30 +01:00
LinuxServer-CI 7f080d8564 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-12-20 03:52:51 +00:00
Jonathan Ma 3ffa4aaa77 Update tinyauth-location.conf.sample for Forward Auth
Updated version information and added headers for Forward Auth in the tinyauth NGINX configuration.
2025-12-17 15:28:03 -05:00
LinuxServer-CI bb730cbc72 Bot Updating Package Versions
External Trigger Scheduler / external-trigger-scheduler (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Package Trigger Scheduler / package-trigger-scheduler (push) Has been cancelled
2025-12-13 03:53:30 +00:00
16 changed files with 371 additions and 293 deletions
+2
View File
@@ -114,12 +114,14 @@ RUN \
certbot-dns-google \ certbot-dns-google \
certbot-dns-he \ certbot-dns-he \
certbot-dns-hetzner \ certbot-dns-hetzner \
certbot-dns-hetzner-cloud \
certbot-dns-infomaniak \ certbot-dns-infomaniak \
certbot-dns-inwx \ certbot-dns-inwx \
certbot-dns-ionos \ certbot-dns-ionos \
certbot-dns-linode \ certbot-dns-linode \
certbot-dns-loopia \ certbot-dns-loopia \
certbot-dns-luadns \ certbot-dns-luadns \
certbot-dns-mijn-host \
certbot-dns-namecheap \ certbot-dns-namecheap \
certbot-dns-netcup \ certbot-dns-netcup \
certbot-dns-njalla \ certbot-dns-njalla \
+2
View File
@@ -114,12 +114,14 @@ RUN \
certbot-dns-google \ certbot-dns-google \
certbot-dns-he \ certbot-dns-he \
certbot-dns-hetzner \ certbot-dns-hetzner \
certbot-dns-hetzner-cloud \
certbot-dns-infomaniak \ certbot-dns-infomaniak \
certbot-dns-inwx \ certbot-dns-inwx \
certbot-dns-ionos \ certbot-dns-ionos \
certbot-dns-linode \ certbot-dns-linode \
certbot-dns-loopia \ certbot-dns-loopia \
certbot-dns-luadns \ certbot-dns-luadns \
certbot-dns-mijn-host \
certbot-dns-namecheap \ certbot-dns-namecheap \
certbot-dns-netcup \ certbot-dns-netcup \
certbot-dns-njalla \ certbot-dns-njalla \
Vendored
+105 -89
View File
@@ -76,6 +76,8 @@ pipeline {
''' '''
script{ script{
env.EXIT_STATUS = '' env.EXIT_STATUS = ''
env.CI_TEST_ATTEMPTED = ''
env.PUSH_ATTEMPTED = ''
env.LS_RELEASE = sh( env.LS_RELEASE = sh(
script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
returnStdout: true).trim() returnStdout: true).trim()
@@ -283,7 +285,7 @@ pipeline {
-v ${WORKSPACE}:/mnt \ -v ${WORKSPACE}:/mnt \
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
ghcr.io/linuxserver/baseimage-alpine:3 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ ghcr.io/linuxserver/baseimage-alpine:3.23 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
apk add --no-cache python3 && \ apk add --no-cache python3 && \
python3 -m venv /lsiopy && \ python3 -m venv /lsiopy && \
pip install --no-cache-dir -U pip && \ pip install --no-cache-dir -U pip && \
@@ -871,6 +873,7 @@ pipeline {
script{ script{
env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json' env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json'
env.CI_TEST_ATTEMPTED = 'true'
} }
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -923,6 +926,9 @@ pipeline {
environment name: 'EXIT_STATUS', value: '' environment name: 'EXIT_STATUS', value: ''
} }
steps { steps {
script{
env.PUSH_ATTEMPTED = 'true'
}
retry_backoff(5,5) { retry_backoff(5,5) {
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
@@ -952,11 +958,18 @@ pipeline {
environment name: 'EXIT_STATUS', value: '' environment name: 'EXIT_STATUS', value: ''
} }
steps { steps {
script{
env.PUSH_ATTEMPTED = 'true'
}
retry_backoff(5,5) { retry_backoff(5,5) {
sh '''#! /bin/bash sh '''#! /bin/bash
set -e set -e
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
[[ ${MANIFESTIMAGE%%/*} =~ \\. ]] && MANIFESTIMAGEPLUS="${MANIFESTIMAGE}" || MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}" if [[ "${MANIFESTIMAGE%%/*}" =~ \\. ]]; then
MANIFESTIMAGEPLUS="${MANIFESTIMAGE}"
else
MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}"
fi
IFS=',' read -ra CACHE <<< "$BUILDCACHE" IFS=',' read -ra CACHE <<< "$BUILDCACHE"
for i in "${CACHE[@]}"; do for i in "${CACHE[@]}"; do
if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then
@@ -1073,98 +1086,13 @@ EOF
) ''' ) '''
} }
} }
// If this is a Pull request send the CI link as a comment on it
stage('Pull Request Comment') {
when {
not {environment name: 'CHANGE_ID', value: ''}
environment name: 'EXIT_STATUS', value: ''
}
steps {
sh '''#! /bin/bash
# Function to retrieve JSON data from URL
get_json() {
local url="$1"
local response=$(curl -s "$url")
if [ $? -ne 0 ]; then
echo "Failed to retrieve JSON data from $url"
return 1
fi
local json=$(echo "$response" | jq .)
if [ $? -ne 0 ]; then
echo "Failed to parse JSON data from $url"
return 1
fi
echo "$json"
}
build_table() {
local data="$1"
# Get the keys in the JSON data
local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
# Check if keys are empty
if [ -z "$keys" ]; then
echo "JSON report data does not contain any keys or the report does not exist."
return 1
fi
# Build table header
local header="| Tag | Passed |\\n| --- | --- |\\n"
# Loop through the JSON data to build the table rows
local rows=""
for build in $keys; do
local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
if [ "$status" = "true" ]; then
status="✅"
else
status="❌"
fi
local row="| "$build" | "$status" |\\n"
rows="${rows}${row}"
done
local table="${header}${rows}"
local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
echo "$escaped_table"
}
if [[ "${CI}" = "true" ]]; then
# Retrieve JSON data from URL
data=$(get_json "$CI_JSON_URL")
# Create table from JSON data
table=$(build_table "$data")
echo -e "$table"
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
else
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
fi
'''
}
}
} }
/* ###################### /* ######################
Send status to Discord Comment on PR and Send status to Discord
###################### */ ###################### */
post { post {
always { always {
sh '''#!/bin/bash script {
rm -rf /config/.ssh/id_sign
rm -rf /config/.ssh/id_sign.pub
git config --global --unset gpg.format
git config --global --unset user.signingkey
git config --global --unset commit.gpgsign
'''
script{
env.JOB_DATE = sh( env.JOB_DATE = sh(
script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''', script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
returnStdout: true).trim() returnStdout: true).trim()
@@ -1207,6 +1135,94 @@ EOF
"username": "Jenkins"}' ${BUILDS_DISCORD} ''' "username": "Jenkins"}' ${BUILDS_DISCORD} '''
} }
} }
script {
if (env.GITHUBIMAGE =~ /lspipepr/){
if (env.CI_TEST_ATTEMPTED == "true" || env.PUSH_ATTEMPTED == "true"){
sh '''#! /bin/bash
# Function to retrieve JSON data from URL
get_json() {
local url="$1"
local response=$(curl -s "$url")
if [ $? -ne 0 ]; then
echo "Failed to retrieve JSON data from $url"
return 1
fi
local json=$(echo "$response" | jq .)
if [ $? -ne 0 ]; then
echo "Failed to parse JSON data from $url"
return 1
fi
echo "$json"
}
build_table() {
local data="$1"
# Get the keys in the JSON data
local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
# Check if keys are empty
if [ -z "$keys" ]; then
echo "JSON report data does not contain any keys or the report does not exist."
return 1
fi
# Build table header
local header="| Tag | Passed |\\n| --- | --- |\\n"
# Loop through the JSON data to build the table rows
local rows=""
for build in $keys; do
local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
if [ "$status" = "true" ]; then
status="✅"
else
status="❌"
fi
local row="| "$build" | "$status" |\\n"
rows="${rows}${row}"
done
local table="${header}${rows}"
local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
echo "$escaped_table"
}
if [[ "${CI}" = "true" ]]; then
# Retrieve JSON data from URL
data=$(get_json "$CI_JSON_URL")
# Create table from JSON data
table=$(build_table "$data")
echo -e "$table"
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR for commit ${COMMIT_SHA:0:7} : \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
else
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR for commit ${COMMIT_SHA:0:7} : \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
fi
'''
} else {
sh '''#! /bin/bash
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, the build for PR commit ${COMMIT_SHA:0:7} failed and as a result no CI test was attempted and no images were pushed.\\"}"
'''
}
}
}
sh '''#!/bin/bash
rm -rf /config/.ssh/id_sign
rm -rf /config/.ssh/id_sign.pub
git config --global --unset gpg.format
git config --global --unset user.signingkey
git config --global --unset commit.gpgsign
'''
} }
cleanup { cleanup {
sh '''#! /bin/bash sh '''#! /bin/bash
+11 -3
View File
@@ -68,7 +68,7 @@ The architectures supported by this image are:
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`) 2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`). * After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances. * Certs are checked twice daily using ACME Renewal Information (ARI) to determine the optimal renewal window. If your cert is about to expire, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing.
### Certbot Plugins ### Certbot Plugins
@@ -170,7 +170,7 @@ This image can be run with a read-only container filesystem. For details please
To help you get started creating a container from this image you can either use docker-compose or the docker cli. To help you get started creating a container from this image you can either use docker-compose or the docker cli.
>[!NOTE] >[!NOTE]
>Unless a parameter is flaged as 'optional', it is *mandatory* and a value must be provided. >Unless a parameter is flagged as 'optional', it is *mandatory* and a value must be provided.
### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose)) ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
@@ -190,6 +190,7 @@ services:
- VALIDATION=http - VALIDATION=http
- SUBDOMAINS=www, #optional - SUBDOMAINS=www, #optional
- CERTPROVIDER= #optional - CERTPROVIDER= #optional
- CERT_PROFILE= #optional
- DNSPLUGIN=cloudflare #optional - DNSPLUGIN=cloudflare #optional
- PROPAGATION= #optional - PROPAGATION= #optional
- EMAIL= #optional - EMAIL= #optional
@@ -221,6 +222,7 @@ docker run -d \
-e VALIDATION=http \ -e VALIDATION=http \
-e SUBDOMAINS=www, `#optional` \ -e SUBDOMAINS=www, `#optional` \
-e CERTPROVIDER= `#optional` \ -e CERTPROVIDER= `#optional` \
-e CERT_PROFILE= `#optional` \
-e DNSPLUGIN=cloudflare `#optional` \ -e DNSPLUGIN=cloudflare `#optional` \
-e PROPAGATION= `#optional` \ -e PROPAGATION= `#optional` \
-e EMAIL= `#optional` \ -e EMAIL= `#optional` \
@@ -254,7 +256,8 @@ Containers are configured using parameters passed at runtime (such as those abov
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). | | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) | | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | | `-e CERT_PROFILE=` | Optionally define a cert profile to use for cert generation. This is useful if you want to use a custom cert profile instead of the default one. Currently only supported for Let's Encrypt. See https://letsencrypt.org/docs/profiles/ |
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@@ -433,6 +436,11 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **10.07.26:** - Add support for Let's Encrypt cert profiles. Run certbot twice daily with a random delay.
* **19.06.26:** - Add support for mijn.host dns validation.
* **01.06.26:** - Remove obsolete old cert check logic.
* **23.01.26:** - Reorder init to fix proxy conf version checks.
* **21.12.25:** - Add support for hetzner-cloud dns validation.
* **04.11.25:** - Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin. * **04.11.25:** - Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin.
* **18.07.25:** - Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained. * **18.07.25:** - Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained.
* **05.05.25:** - Disable Certbot's built in log rotation. * **05.05.25:** - Disable Certbot's built in log rotation.
+188 -175
View File
@@ -1,109 +1,111 @@
NAME VERSION TYPE NAME VERSION TYPE
Simple Launcher 1.1.0.14 binary (+5 duplicates) Simple Launcher 1.1.0.14 binary (+5 duplicates)
acl-libs 2.3.2-r1 apk acl-libs 2.3.2-r1 apk
acme 5.2.2 python acme 5.7.0 python
alpine-baselayout 3.7.0-r0 apk alpine-baselayout 3.7.0-r0 apk
alpine-baselayout-data 3.7.0-r0 apk alpine-baselayout-data 3.7.0-r0 apk
alpine-keys 2.5-r0 apk alpine-keys 2.5-r0 apk
alpine-release 3.22.2-r0 apk alpine-release 3.22.5-r0 apk
annotated-types 0.7.0 python
anyio 4.14.2 python
aom-libs 3.12.1-r0 apk aom-libs 3.12.1-r0 apk
apache2-utils 2.4.65-r0 apk apache2-utils 2.4.68-r0 apk
apk-tools 2.14.9-r3 apk apk-tools 2.14.10-r0 apk
apr 1.7.5-r0 apk apr 1.7.5-r0 apk
apr-util 1.6.3-r1 apk apr-util 1.6.3-r1 apk
argon2-libs 20190702-r5 apk argon2-libs 20190702-r5 apk
attrs 25.4.0 python
autocommand 2.2.2 python autocommand 2.2.2 python
azure-common 1.1.28 python azure-common 1.1.28 python
azure-core 1.36.0 python azure-core 1.41.0 python
azure-identity 1.25.1 python azure-identity 1.25.3 python
azure-mgmt-core 1.6.0 python azure-mgmt-core 1.6.0 python
azure-mgmt-dns 9.0.0 python azure-mgmt-dns 9.0.0 python
backports-tarfile 1.2.0 python backports-tarfile 1.2.0 python
bash 5.2.37-r0 apk bash 5.2.37-r0 apk
beautifulsoup4 4.14.3 python beautifulsoup4 4.15.0 python
boto3 1.42.6 python boto3 1.43.48 python
botocore 1.42.6 python botocore 1.43.48 python
brotli-libs 1.1.0-r2 apk brotli-libs 1.1.0-r2 apk
bs4 0.0.2 python bs4 0.0.2 python
busybox 1.37.0-r20 apk busybox 1.37.0-r20 apk
busybox-binsh 1.37.0-r20 apk busybox-binsh 1.37.0-r20 apk
c-ares 1.34.5-r0 apk c-ares 1.34.6-r0 apk
c-client 2007f-r15 apk c-client 2007f-r15 apk
ca-certificates 20250911-r0 apk ca-certificates 20260611-r0 apk
ca-certificates-bundle 20250911-r0 apk ca-certificates-bundle 20260611-r0 apk
cachetools 6.2.2 python
catatonit 0.2.1-r0 apk catatonit 0.2.1-r0 apk
certbot 5.2.2 python certbot 5.7.0 python
certbot-dns-acmedns 0.1.0 python certbot-dns-acmedns 0.1.0 python
certbot-dns-aliyun 2.0.0 python certbot-dns-aliyun 2.0.0 python
certbot-dns-azure 1.5.0 python certbot-dns-azure 1.5.0 python
certbot-dns-bunny 3.0.0 python certbot-dns-bunny 3.0.0 python
certbot-dns-cloudflare 5.2.2 python certbot-dns-cloudflare 5.7.0 python
certbot-dns-cpanel 0.4.0 python certbot-dns-cpanel 0.4.0 python
certbot-dns-desec 1.3.2 python certbot-dns-desec 1.3.2 python
certbot-dns-digitalocean 5.2.2 python certbot-dns-digitalocean 5.7.0 python
certbot-dns-directadmin 1.0.15 python certbot-dns-directadmin 1.0.15 python
certbot-dns-dnsimple 5.2.2 python certbot-dns-dnsimple 5.7.0 python
certbot-dns-dnsmadeeasy 5.2.2 python certbot-dns-dnsmadeeasy 5.7.0 python
certbot-dns-dnspod 0.1.0 python certbot-dns-dnspod 0.1.0 python
certbot-dns-do 0.31.0 python certbot-dns-do 0.31.0 python
certbot-dns-domeneshop 0.2.9 python certbot-dns-domeneshop 0.2.9 python
certbot-dns-dreamhost 1.0 python certbot-dns-dreamhost 1.0 python
certbot-dns-duckdns 1.7.1 python certbot-dns-duckdns 1.8.0 python
certbot-dns-dynudns 0.0.6 python certbot-dns-dynudns 0.0.6 python
certbot-dns-freedns 0.2.0 python certbot-dns-freedns 0.2.0 python
certbot-dns-gehirn 5.2.2 python certbot-dns-gehirn 5.7.0 python
certbot-dns-glesys 2.1.0 python certbot-dns-glesys 2.1.0 python
certbot-dns-godaddy 2.8.0 python certbot-dns-godaddy 2.8.0 python
certbot-dns-google 5.2.2 python certbot-dns-google 5.7.0 python
certbot-dns-he 1.0.0 python certbot-dns-he 1.0.0 python
certbot-dns-hetzner 2.0.1 python certbot-dns-hetzner 4.0.0 python
certbot-dns-hetzner-cloud 1.0.5 python
certbot-dns-infomaniak 0.2.4 python certbot-dns-infomaniak 0.2.4 python
certbot-dns-inwx 3.0.3 python certbot-dns-inwx 3.0.3 python
certbot-dns-ionos 2024.11.9 python certbot-dns-ionos 2024.11.9 python
certbot-dns-linode 5.2.2 python certbot-dns-linode 5.7.0 python
certbot-dns-loopia 1.0.1 python certbot-dns-loopia 1.0.1 python
certbot-dns-luadns 5.2.2 python certbot-dns-luadns 5.7.0 python
certbot-dns-mijn-host 0.0.9 python
certbot-dns-namecheap 1.0.0 python certbot-dns-namecheap 1.0.0 python
certbot-dns-netcup 2.0.0 python certbot-dns-netcup 2.0.3 python
certbot-dns-njalla 2.0.2 python certbot-dns-njalla 2.0.2 python
certbot-dns-nsone 5.2.2 python certbot-dns-nsone 5.7.0 python
certbot-dns-ovh 5.2.2 python certbot-dns-ovh 5.7.0 python
certbot-dns-porkbun 0.11.0 python certbot-dns-porkbun 0.11.0 python
certbot-dns-rfc2136 5.2.2 python certbot-dns-rfc2136 5.7.0 python
certbot-dns-route53 5.2.2 python certbot-dns-route53 5.7.0 python
certbot-dns-sakuracloud 5.2.2 python certbot-dns-sakuracloud 5.7.0 python
certbot-dns-standalone 1.2.1 python certbot-dns-standalone 1.2.1 python
certbot-dns-transip 0.5.2 python certbot-dns-transip 0.5.2 python
certbot-dns-vultr 1.1.0 python certbot-dns-vultr 1.1.0 python
certbot-plugin-gandi 1.5.0 python certbot-plugin-gandi 1.5.0 python
certifi 2025.11.12 python certifi 2024.8.30 python
cffi 2.0.0 python cffi 1.17.0 python
charset-normalizer 3.4.4 python charset-normalizer 3.3.2 python
cli UNKNOWN binary cli UNKNOWN binary
cli-32 UNKNOWN binary cli-32 UNKNOWN binary
cli-64 UNKNOWN binary cli-64 UNKNOWN binary
cli-arm64 UNKNOWN binary cli-arm64 UNKNOWN binary
cloudflare 2.19.4 python cloudflare 5.5.0 python
composer 2.9.2 binary composer 2.10.2 binary
configargparse 1.7.1 python configargparse 1.7 python
configobj 5.0.9 python configobj 5.0.8 python
coreutils 9.7-r1 apk coreutils 9.7-r1 apk
coreutils-env 9.7-r1 apk coreutils-env 9.7-r1 apk
coreutils-fmt 9.7-r1 apk coreutils-fmt 9.7-r1 apk
coreutils-sha512sum 9.7-r1 apk coreutils-sha512sum 9.7-r1 apk
cryptography 46.0.3 python cryptography 46.0.0 python
curl 8.14.1-r2 apk curl 8.14.1-r2 apk
distro 1.9.0 python distro 1.9.0 python
dns-lexicon 3.23.2 python dns-lexicon 3.25.2 python
dnslib 0.9.26 python dnslib 0.9.26 python
dnspython 2.8.0 python dnspython 2.8.0 python
domeneshop 0.4.4 python domeneshop 0.4.4 python
fail2ban 1.1.0 python fail2ban 1.1.0 python
fail2ban 1.1.0-r3 apk fail2ban 1.1.0-r3 apk
fail2ban-pyc 1.1.0-r3 apk fail2ban-pyc 1.1.0-r3 apk
filelock 3.20.0 python filelock 3.29.7 python
findutils 4.10.0-r0 apk findutils 4.10.0-r0 apk
fontconfig 2.15.0-r3 apk fontconfig 2.15.0-r3 apk
freetype 2.13.3-r0 apk freetype 2.13.3-r0 apk
@@ -113,32 +115,37 @@ git 2.49.1-r0 apk
git-init-template 2.49.1-r0 apk git-init-template 2.49.1-r0 apk
git-perl 2.49.1-r0 apk git-perl 2.49.1-r0 apk
gmp 6.3.0-r3 apk gmp 6.3.0-r3 apk
gnupg 2.4.7-r0 apk gnupg 2.4.9-r0 apk
gnupg-dirmngr 2.4.7-r0 apk gnupg-dirmngr 2.4.9-r0 apk
gnupg-gpgconf 2.4.7-r0 apk gnupg-gpgconf 2.4.9-r0 apk
gnupg-keyboxd 2.4.7-r0 apk gnupg-keyboxd 2.4.9-r0 apk
gnupg-utils 2.4.7-r0 apk gnupg-utils 2.4.9-r0 apk
gnupg-wks-client 2.4.7-r0 apk gnupg-wks-client 2.4.9-r0 apk
gnutls 3.8.8-r0 apk gnutls 3.8.13-r0 apk
google-api-core 2.28.1 python google-api-core 2.30.3 python
google-api-python-client 2.187.0 python google-api-python-client 2.198.0 python
google-auth 2.43.0 python google-auth 2.56.0 python
google-auth-httplib2 0.2.1 python google-auth-httplib2 0.4.0 python
googleapis-common-protos 1.72.0 python googleapis-common-protos 1.75.0 python
gpg 2.4.7-r0 apk gpg 2.4.9-r0 apk
gpg-agent 2.4.7-r0 apk gpg-agent 2.4.9-r0 apk
gpg-wks-server 2.4.7-r0 apk gpg-wks-server 2.4.9-r0 apk
gpgsm 2.4.7-r0 apk gpgsm 2.4.9-r0 apk
gpgv 2.4.7-r0 apk gpgv 2.4.9-r0 apk
gui UNKNOWN binary gui UNKNOWN binary
gui-32 UNKNOWN binary gui-32 UNKNOWN binary
gui-64 UNKNOWN binary gui-64 UNKNOWN binary
gui-arm64 UNKNOWN binary gui-arm64 UNKNOWN binary
httplib2 0.31.0 python h11 0.16.0 python
hcloud 2.22.0 python
httpcore 1.0.9 python
httplib2 0.32.0 python
httpx 0.28.1 python
icu-data-en 76.1-r1 apk icu-data-en 76.1-r1 apk
icu-libs 76.1-r1 apk icu-libs 76.1-r1 apk
idna 3.11 python idna 3.8 python
importlib-metadata 8.0.0 python importlib-metadata 8.0.0 python
importlib-resources 6.4.0 python
inflect 7.3.1 python inflect 7.3.1 python
inotify-tools 4.23.9.0-r0 apk inotify-tools 4.23.9.0-r0 apk
inotify-tools-libs 4.23.9.0-r0 apk inotify-tools-libs 4.23.9.0-r0 apk
@@ -146,28 +153,26 @@ inwx-domrobot 3.2.0 python
iptables 1.8.11-r1 apk iptables 1.8.11-r1 apk
iptables-legacy 1.8.11-r1 apk iptables-legacy 1.8.11-r1 apk
isodate 0.7.2 python isodate 0.7.2 python
jaraco-collections 5.1.0 python
jaraco-context 5.3.0 python jaraco-context 5.3.0 python
jaraco-functools 4.0.1 python jaraco-functools 4.0.1 python
jaraco-text 3.12.1 python jaraco-text 3.12.1 python
jinja2 3.1.6 python jinja2 3.1.6 python
jmespath 1.0.1 python jmespath 1.1.0 python
josepy 2.2.0 python josepy 2.2.0 python
jq 1.8.1-r0 apk jq 1.8.1-r0 apk
jsonlines 4.0.0 python jsonpickle 4.1.2 python
jsonpickle 4.1.1 python libapk2 2.14.10-r0 apk
libapk2 2.14.9-r3 apk
libassuan 2.5.7-r0 apk libassuan 2.5.7-r0 apk
libattr 2.5.2-r2 apk libattr 2.5.2-r2 apk
libavif 1.3.0-r0 apk libavif 1.3.0-r0 apk
libbsd 0.12.2-r0 apk libbsd 0.12.2-r0 apk
libbz2 1.0.8-r6 apk libbz2 1.0.8-r6 apk
libcrypto3 3.5.4-r0 apk libcrypto3 3.5.7-r0 apk
libcurl 8.14.1-r2 apk libcurl 8.14.1-r2 apk
libdav1d 1.5.1-r0 apk libdav1d 1.5.1-r0 apk
libedit 20250104.3.1-r1 apk libedit 20250104.3.1-r1 apk
libevent 2.1.12-r8 apk libevent 2.1.13-r0 apk
libexpat 2.7.3-r0 apk libexpat 2.8.2-r0 apk
libffi 3.4.8-r0 apk libffi 3.4.8-r0 apk
libgcc 14.2.0-r6 apk libgcc 14.2.0-r6 apk
libgcrypt 1.10.3-r1 apk libgcrypt 1.10.3-r1 apk
@@ -188,18 +193,18 @@ libmnl 1.0.5-r2 apk
libncursesw 6.5_p20250503-r0 apk libncursesw 6.5_p20250503-r0 apk
libnftnl 1.2.9-r0 apk libnftnl 1.2.9-r0 apk
libpanelw 6.5_p20250503-r0 apk libpanelw 6.5_p20250503-r0 apk
libpng 1.6.53-r0 apk libpng 1.6.57-r0 apk
libpq 17.7-r0 apk libpq 17.10-r0 apk
libproc2 4.0.4-r3 apk libproc2 4.0.4-r3 apk
libpsl 0.21.5-r3 apk libpsl 0.21.5-r3 apk
libsasl 2.1.28-r8 apk libsasl 2.1.28-r8 apk
libseccomp 2.6.0-r0 apk libseccomp 2.6.0-r0 apk
libsharpyuv 1.5.0-r0 apk libsharpyuv 1.5.0-r0 apk
libsm 1.2.5-r0 apk libsm 1.2.5-r0 apk
libsodium 1.0.20-r0 apk libsodium 1.0.20-r1 apk
libssl3 3.5.4-r0 apk libssl3 3.5.7-r0 apk
libstdc++ 14.2.0-r6 apk libstdc++ 14.2.0-r6 apk
libtasn1 4.20.0-r0 apk libtasn1 4.21.0-r0 apk
libunistring 1.3-r0 apk libunistring 1.3-r0 apk
libuuid 2.41-r9 apk libuuid 2.41-r9 apk
libwebp 1.5.0-r0 apk libwebp 1.5.0-r0 apk
@@ -208,8 +213,8 @@ libxau 1.0.12-r0 apk
libxcb 1.17.0-r0 apk libxcb 1.17.0-r0 apk
libxdmcp 1.1.5-r1 apk libxdmcp 1.1.5-r1 apk
libxext 1.3.6-r2 apk libxext 1.3.6-r2 apk
libxml2 2.13.9-r0 apk libxml2 2.13.9-r1 apk
libxpm 3.5.17-r0 apk libxpm 3.5.19-r0 apk
libxslt 1.1.43-r3 apk libxslt 1.1.43-r3 apk
libxt 1.3.1-r0 apk libxt 1.3.1-r0 apk
libxtables 1.8.11-r1 apk libxtables 1.8.11-r1 apk
@@ -218,155 +223,163 @@ libzip 1.11.4-r0 apk
linux-pam 1.7.0-r4 apk linux-pam 1.7.0-r4 apk
logrotate 3.21.0-r1 apk logrotate 3.21.0-r1 apk
loopialib 0.2.0 python loopialib 0.2.0 python
lxml 6.0.2 python lxml 6.1.1 python
lz4-libs 1.10.0-r0 apk lz4-libs 1.10.0-r0 apk
markupsafe 3.0.3 python markupsafe 3.0.3 python
memcached 1.6.32-r0 apk memcached 1.6.32-r0 apk
mock 5.2.0 python mock 5.2.0 python
more-itertools 10.3.0 python more-itertools 10.3.0 python
mpdecimal 4.0.1-r0 apk mpdecimal 4.0.1-r0 apk
msal 1.34.0 python msal 1.37.0 python
msal-extensions 1.3.1 python msal-extensions 1.3.1 python
musl 1.2.5-r10 apk musl 1.2.5-r12 apk
musl-utils 1.2.5-r10 apk musl-utils 1.2.5-r12 apk
my-test-package 1.0 python my-test-package 1.0 python
nano 8.4-r0 apk nano 8.4-r0 apk
ncurses-terminfo-base 6.5_p20250503-r0 apk ncurses-terminfo-base 6.5_p20250503-r0 apk
netcat-openbsd 1.229.1-r0 apk netcat-openbsd 1.229.1-r0 apk
nettle 3.10.1-r0 apk nettle 3.10.2-r0 apk
nghttp2-libs 1.65.0-r0 apk nghttp2-libs 1.69.0-r0 apk
nginx 1.28.0-r3 apk nginx 1.28.3-r4 apk
nginx-mod-devel-kit 1.28.0-r3 apk nginx-mod-devel-kit 1.28.3-r4 apk
nginx-mod-http-brotli 1.28.0-r3 apk nginx-mod-http-brotli 1.28.3-r4 apk
nginx-mod-http-dav-ext 1.28.0-r3 apk nginx-mod-http-dav-ext 1.28.3-r4 apk
nginx-mod-http-echo 1.28.0-r3 apk nginx-mod-http-echo 1.28.3-r4 apk
nginx-mod-http-fancyindex 1.28.0-r3 apk nginx-mod-http-fancyindex 1.28.3-r4 apk
nginx-mod-http-geoip2 1.28.0-r3 apk nginx-mod-http-geoip2 1.28.3-r4 apk
nginx-mod-http-headers-more 1.28.0-r3 apk nginx-mod-http-headers-more 1.28.3-r4 apk
nginx-mod-http-image-filter 1.28.0-r3 apk nginx-mod-http-image-filter 1.28.3-r4 apk
nginx-mod-http-perl 1.28.0-r3 apk nginx-mod-http-perl 1.28.3-r4 apk
nginx-mod-http-redis2 1.28.0-r3 apk nginx-mod-http-redis2 1.28.3-r4 apk
nginx-mod-http-set-misc 1.28.0-r3 apk nginx-mod-http-set-misc 1.28.3-r4 apk
nginx-mod-http-upload-progress 1.28.0-r3 apk nginx-mod-http-upload-progress 1.28.3-r4 apk
nginx-mod-http-xslt-filter 1.28.0-r3 apk nginx-mod-http-xslt-filter 1.28.3-r4 apk
nginx-mod-mail 1.28.0-r3 apk nginx-mod-mail 1.28.3-r4 apk
nginx-mod-rtmp 1.28.0-r3 apk nginx-mod-rtmp 1.28.3-r4 apk
nginx-mod-stream 1.28.0-r3 apk nginx-mod-stream 1.28.3-r4 apk
nginx-mod-stream-geoip2 1.28.0-r3 apk nginx-mod-stream-geoip2 1.28.3-r4 apk
nginx-vim 1.28.0-r3 apk nginx-vim 1.28.3-r4 apk
npth 1.8-r0 apk npth 1.8-r0 apk
oniguruma 6.9.10-r0 apk oniguruma 6.9.10-r0 apk
openssl 3.5.4-r0 apk openssl 3.5.7-r0 apk
p11-kit 0.25.5-r2 apk p11-kit 0.26.2-r0 apk
packaging 24.2 python packaging 24.1 python
packaging 26.2 python
parsedatetime 2.6 python parsedatetime 2.6 python
pcre2 10.46-r0 apk pcre2 10.46-r0 apk
perl 5.40.3-r0 apk perl 5.40.4-r0 apk
perl-error 0.17030-r0 apk perl-error 0.17030-r0 apk
perl-git 2.49.1-r0 apk perl-git 2.49.1-r0 apk
php84 8.4.14-r0 apk php84 8.4.16-r0 apk
php84-bcmath 8.4.14-r0 apk php84-bcmath 8.4.16-r0 apk
php84-bz2 8.4.14-r0 apk php84-bz2 8.4.16-r0 apk
php84-common 8.4.14-r0 apk php84-common 8.4.16-r0 apk
php84-ctype 8.4.14-r0 apk php84-ctype 8.4.16-r0 apk
php84-curl 8.4.14-r0 apk php84-curl 8.4.16-r0 apk
php84-dom 8.4.14-r0 apk php84-dom 8.4.16-r0 apk
php84-exif 8.4.14-r0 apk php84-exif 8.4.16-r0 apk
php84-fileinfo 8.4.14-r0 apk php84-fileinfo 8.4.16-r0 apk
php84-fpm 8.4.14-r0 apk php84-fpm 8.4.16-r0 apk
php84-ftp 8.4.14-r0 apk php84-ftp 8.4.16-r0 apk
php84-gd 8.4.14-r0 apk php84-gd 8.4.16-r0 apk
php84-gmp 8.4.14-r0 apk php84-gmp 8.4.16-r0 apk
php84-iconv 8.4.14-r0 apk php84-iconv 8.4.16-r0 apk
php84-intl 8.4.14-r0 apk php84-intl 8.4.16-r0 apk
php84-ldap 8.4.14-r0 apk php84-ldap 8.4.16-r0 apk
php84-mbstring 8.4.14-r0 apk php84-mbstring 8.4.16-r0 apk
php84-mysqli 8.4.14-r0 apk php84-mysqli 8.4.16-r0 apk
php84-mysqlnd 8.4.14-r0 apk php84-mysqlnd 8.4.16-r0 apk
php84-opcache 8.4.14-r0 apk php84-opcache 8.4.16-r0 apk
php84-openssl 8.4.14-r0 apk php84-openssl 8.4.16-r0 apk
php84-pdo 8.4.14-r0 apk php84-pdo 8.4.16-r0 apk
php84-pdo_mysql 8.4.14-r0 apk php84-pdo_mysql 8.4.16-r0 apk
php84-pdo_odbc 8.4.14-r0 apk php84-pdo_odbc 8.4.16-r0 apk
php84-pdo_pgsql 8.4.14-r0 apk php84-pdo_pgsql 8.4.16-r0 apk
php84-pdo_sqlite 8.4.14-r0 apk php84-pdo_sqlite 8.4.16-r0 apk
php84-pear 8.4.14-r0 apk php84-pear 8.4.16-r0 apk
php84-pecl-apcu 5.1.27-r0 apk php84-pecl-apcu 5.1.27-r0 apk
php84-pecl-igbinary 3.2.16-r1 apk php84-pecl-igbinary 3.2.16-r1 apk
php84-pecl-imap 1.0.3-r0 apk php84-pecl-imap 1.0.3-r0 apk
php84-pecl-memcached 3.3.0-r0 apk php84-pecl-memcached 3.3.0-r0 apk
php84-pecl-msgpack 3.0.0-r0 apk php84-pecl-msgpack 3.0.0-r0 apk
php84-pecl-redis 6.3.0-r0 apk php84-pecl-redis 6.3.0-r0 apk
php84-pgsql 8.4.14-r0 apk php84-pgsql 8.4.16-r0 apk
php84-phar 8.4.14-r0 apk php84-phar 8.4.16-r0 apk
php84-posix 8.4.14-r0 apk php84-posix 8.4.16-r0 apk
php84-session 8.4.14-r0 apk php84-session 8.4.16-r0 apk
php84-simplexml 8.4.14-r0 apk php84-simplexml 8.4.16-r0 apk
php84-soap 8.4.14-r0 apk php84-soap 8.4.16-r0 apk
php84-sockets 8.4.14-r0 apk php84-sockets 8.4.16-r0 apk
php84-sodium 8.4.14-r0 apk php84-sodium 8.4.16-r0 apk
php84-sqlite3 8.4.14-r0 apk php84-sqlite3 8.4.16-r0 apk
php84-tokenizer 8.4.14-r0 apk php84-tokenizer 8.4.16-r0 apk
php84-xml 8.4.14-r0 apk php84-xml 8.4.16-r0 apk
php84-xmlreader 8.4.14-r0 apk php84-xmlreader 8.4.16-r0 apk
php84-xmlwriter 8.4.14-r0 apk php84-xmlwriter 8.4.16-r0 apk
php84-xsl 8.4.14-r0 apk php84-xsl 8.4.16-r0 apk
php84-zip 8.4.14-r0 apk php84-zip 8.4.16-r0 apk
pinentry 1.3.1-r0 apk pinentry 1.3.1-r0 apk
pip 25.3 python pip 26.1.2 python
pkb-client 2.2.0 python pkb-client 2.3.1 python
platformdirs 4.2.2 python platformdirs 4.2.2 python
popt 1.19-r4 apk popt 1.19-r4 apk
procps-ng 4.0.4-r3 apk procps-ng 4.0.4-r3 apk
proto-plus 1.26.1 python proto-plus 1.28.1 python
protobuf 6.33.2 python protobuf 7.35.1 python
pyacmedns 0.4 python pyacmedns 0.4 python
pyasn1 0.6.1 python pyasn1 0.6.4 python
pyasn1-modules 0.4.2 python pyasn1-modules 0.4.2 python
pyc 3.12.12-r0 apk pyc 3.12.13-r0 apk
pycparser 2.23 python pycparser 2.22 python
pyjwt 2.10.1 python pydantic 2.13.4 python
pydantic-core 2.46.4 python
pyjwt 2.13.0 python
pynamecheap 0.0.3 python pynamecheap 0.0.3 python
pyopenssl 25.3.0 python pyopenssl 26.2.0 python
pyotp 2.9.0 python pyotp 2.10.0 python
pyparsing 3.2.5 python pyparsing 3.3.2 python
pyrfc3339 2.1.0 python pyrfc3339 1.1 python
python-dateutil 2.9.0.post0 python python-dateutil 2.9.0.post0 python
python-digitalocean 1.17.0 python python-digitalocean 1.17.0 python
python-transip 0.6.0 python python-transip 0.6.0 python
python3 3.12.12-r0 apk python3 3.12.13-r0 apk
python3-pyc 3.12.12-r0 apk python3-pyc 3.12.13-r0 apk
python3-pycache-pyc0 3.12.12-r0 apk python3-pycache-pyc0 3.12.13-r0 apk
pytz 2024.1 python
pyyaml 6.0.3 python pyyaml 6.0.3 python
readline 8.2.13-r1 apk readline 8.2.13-r1 apk
requests 2.32.5 python requests 2.32.3 python
requests-file 3.0.1 python requests-file 3.0.1 python
requests-mock 1.12.1 python requests-mock 1.12.1 python
rsa 4.9.1 python requests-unixsocket 0.4.1 python
s3transfer 0.16.0 python ruff 0.6.3 python
s3transfer 0.19.1 python
scanelf 1.3.8-r1 apk scanelf 1.3.8-r1 apk
setuptools 80.9.0 python setuptools 74.0.0 python
shadow 4.17.3-r0 apk shadow 4.17.3-r0 apk
six 1.17.0 python six 1.16.0 python
skalibs-libs 2.14.4.0-r0 apk skalibs-libs 2.14.4.0-r0 apk
soupsieve 2.8 python sniffio 1.3.1 python
soupsieve 2.8.4 python
sqlite-libs 3.49.2-r1 apk sqlite-libs 3.49.2-r1 apk
ssl_client 1.37.0-r20 apk ssl_client 1.37.0-r20 apk
tiff 4.7.1-r0 apk tiff 4.7.1-r0 apk
tldextract 5.3.0 python tldextract 5.3.1 python
tomli 2.0.1 python tomli 2.0.1 python
typeguard 4.3.0 python typeguard 4.3.0 python
typing-extensions 4.12.2 python typing-extensions 4.12.2 python
typing-extensions 4.15.0 python typing-extensions 4.16.0 python
tzdata 2025b-r0 apk typing-inspection 0.4.2 python
tzdata 2026b-r0 apk
unixodbc 2.3.12-r0 apk unixodbc 2.3.12-r0 apk
uritemplate 4.2.0 python uritemplate 4.2.0 python
urllib3 2.6.1 python urllib3 2.2.2 python
utmps-libs 0.1.3.1-r0 apk utmps-libs 0.1.3.1-r0 apk
wheel 0.45.1 python (+1 duplicate) wheel 0.43.0 python
wheel 0.44.0 python
whois 5.6.3-r0 apk whois 5.6.3-r0 apk
xz-libs 5.8.1-r0 apk xz-libs 5.8.3-r0 apk
zipp 3.19.2 python zipp 3.19.2 python
zlib 1.3.1-r2 apk zlib 1.3.2-r0 apk
zope-interface 8.1.1 python zope-interface 8.5 python
zstd-libs 1.5.7-r0 apk zstd-libs 1.5.7-r0 apk
+11 -4
View File
@@ -32,7 +32,8 @@ opt_param_usage_include_env: true
opt_param_env_vars: opt_param_env_vars:
- {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"} - {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"}
- {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."} - {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."}
- {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."} - {env_var: "CERT_PROFILE", env_value: "", desc: "Optionally define a cert profile to use for cert generation. This is useful if you want to use a custom cert profile instead of the default one. Currently only supported for Let's Encrypt. See https://letsencrypt.org/docs/profiles/ "}
- {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."}
- {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."} - {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."}
- {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."} - {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."}
- {env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`"} - {env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`"}
@@ -65,7 +66,7 @@ app_setup_block: |
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`) 2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`). * After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances. * Certs are checked twice daily using ACME Renewal Information (ARI) to determine the optimal renewal window. If your cert is about to expire, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing.
### Certbot Plugins ### Certbot Plugins
@@ -177,7 +178,7 @@ init_diagram: |
init-mods-end -> init-custom-files init-mods-end -> init-custom-files
init-adduser -> init-device-perms init-adduser -> init-device-perms
base -> init-envfile base -> init-envfile
init-swag-samples -> init-fail2ban-config init-require-url -> init-fail2ban-config
init-os-end -> init-folders init-os-end -> init-folders
init-php -> init-keygen init-php -> init-keygen
base -> init-migrations base -> init-migrations
@@ -198,9 +199,10 @@ init_diagram: |
init-folders -> init-samples init-folders -> init-samples
init-custom-files -> init-services init-custom-files -> init-services
init-fail2ban-config -> init-swag-config init-fail2ban-config -> init-swag-config
init-require-url -> init-swag-folders init-permissions -> init-swag-folders
init-swag-folders -> init-swag-samples init-swag-folders -> init-swag-samples
init-permissions -> init-version-checks init-permissions -> init-version-checks
init-swag-samples -> init-version-checks
init-services -> svc-cron init-services -> svc-cron
svc-cron -> legacy-services svc-cron -> legacy-services
init-services -> svc-fail2ban init-services -> svc-fail2ban
@@ -218,6 +220,11 @@ init_diagram: |
"swag:latest" <- Base Images "swag:latest" <- Base Images
# changelog # changelog
changelogs: changelogs:
- {date: "10.07.26:", desc: "Add support for Let's Encrypt cert profiles. Run certbot twice daily with a random delay."}
- {date: "19.06.26:", desc: "Add support for mijn.host dns validation."}
- {date: "01.06.26:", desc: "Remove obsolete old cert check logic."}
- {date: "23.01.26:", desc: "Reorder init to fix proxy conf version checks."}
- {date: "21.12.25:", desc: "Add support for hetzner-cloud dns validation."}
- {date: "04.11.25:", desc: "Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin."} - {date: "04.11.25:", desc: "Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin."}
- {date: "18.07.25:", desc: "Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained."} - {date: "18.07.25:", desc: "Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained."}
- {date: "05.05.25:", desc: "Disable Certbot's built in log rotation."} - {date: "05.05.25:", desc: "Disable Certbot's built in log rotation."}
+2
View File
@@ -0,0 +1,2 @@
# Hetzner Cloud API Token
dns_hetzner_cloud_api_token = your_api_token_here
+3
View File
@@ -0,0 +1,3 @@
# Instructions: https://github.com/mijnhost/certbot-dns-mijn-host
# Replace with your API key from your mijn.host account.
dns_mijn_host_api_key = yourapikeygoeshere
@@ -1,4 +1,4 @@
## Version 2025/07/18 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample ## Version 2026/03/07 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
# redirect all traffic to https # redirect all traffic to https
server { server {
@@ -36,6 +36,9 @@ server {
# enable for Authentik (requires authentik-location.conf in the location block) # enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf; #include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / { location / {
# enable for basic auth # enable for basic auth
#auth_basic "Restricted"; #auth_basic "Restricted";
@@ -50,6 +53,9 @@ server {
# enable for Authentik (requires authentik-server.conf in the server block) # enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf; #include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
} }
@@ -1,4 +1,4 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample ## Version 2025/12/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth # Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf # Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
@@ -7,3 +7,17 @@ auth_request /tinyauth;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
error_page 401 = @tinyauth_login; error_page 401 = @tinyauth_login;
## Translate the user information response headers from the auth subrequest into variables
auth_request_set $email $upstream_http_remote_email;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $user $upstream_http_remote_user;
## Inject the user information into the request made to the actual upstream
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-User $user;
## Can be extended with more custom headers https://tinyauth.app/docs/reference/headers#nginxnginx-proxy-manager
+1 -1
View File
@@ -5,4 +5,4 @@
0 3 * * 6 run-parts /etc/periodic/weekly 0 3 * * 6 run-parts /etc/periodic/weekly
0 5 1 * * run-parts /etc/periodic/monthly 0 5 1 * * run-parts /etc/periodic/monthly
8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/renewal.log 2>&1 0 */12 * * * sleep $((60 + $RANDOM % 230)); /app/le-renew.sh >> /config/log/letsencrypt/renewal.log 2>&1
@@ -12,12 +12,13 @@ EXTRA_DOMAINS=${EXTRA_DOMAINS}\\n\
ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\ ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\
VALIDATION=${VALIDATION}\\n\ VALIDATION=${VALIDATION}\\n\
CERTPROVIDER=${CERTPROVIDER}\\n\ CERTPROVIDER=${CERTPROVIDER}\\n\
CERT_PROFILE=${CERT_PROFILE}\\n\
DNSPLUGIN=${DNSPLUGIN}\\n\ DNSPLUGIN=${DNSPLUGIN}\\n\
EMAIL=${EMAIL}\\n\ EMAIL=${EMAIL}\\n\
STAGING=${STAGING}\\n" STAGING=${STAGING}\\n"
# Sanitize variables # Sanitize variables
SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER) SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER CERT_PROFILE)
for i in "${SANED_VARS[@]}"; do for i in "${SANED_VARS[@]}"; do
export echo "${i}"="${!i//\"/}" export echo "${i}"="${!i//\"/}"
export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')" export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')"
@@ -80,7 +81,7 @@ if [[ -f "/config/donoteditthisfile.conf" ]]; then
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
fi fi
if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\" ORIGCERT_PROFILE=\"${CERT_PROFILE}\"" >/config/.donoteditthisfile.conf
echo "Created .donoteditthisfile.conf" echo "Created .donoteditthisfile.conf"
fi fi
@@ -168,9 +169,9 @@ fi
rm -rf /config/keys/letsencrypt rm -rf /config/keys/letsencrypt
if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}" DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
ln -s /config/etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
else else
ln -s /config/etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
fi fi
# cleanup unused csr and keys folders # cleanup unused csr and keys folders
@@ -186,7 +187,8 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
[[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] || [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
[[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] || [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] || [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]] ||
[[ ! "${CERT_PROFILE}" = "${ORIGCERT_PROFILE}" ]]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90") REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
@@ -204,19 +206,7 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
fi fi
# saving new variables # saving new variables
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\" ORIGCERT_PROFILE=\"${CERT_PROFILE}\"" >/config/.donoteditthisfile.conf
# Check if the cert is using the old LE root cert, revoke and regen if necessary
if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --config-dir /config/etc/letsencrypt --logs-dir /config/log/letsencrypt --work-dir /tmp/letsencrypt --config /config/etc/letsencrypt/cli.ini --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
else
certbot revoke --config-dir /config/etc/letsencrypt --logs-dir /config/log/letsencrypt --work-dir /tmp/letsencrypt --config /config/etc/letsencrypt/cli.ini --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi
# if zerossl is selected or staging is set to true, use the relevant server # if zerossl is selected or staging is set to true, use the relevant server
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
@@ -239,6 +229,21 @@ fi
set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
# set certificate profile (e.g. "shortlived" for 6-day certs, "classic" for 90-day)
# Profiles are a Let's Encrypt ACME feature; ZeroSSL ignores it.
if [[ -n "${CERT_PROFILE}" ]]; then
if [[ "${CERTPROVIDER}" = "zerossl" ]]; then
echo "ZeroSSL does not support ACME profiles, ignoring CERT_PROFILE variable"
sed -i "/^preferred-profile\b/d" /config/etc/letsencrypt/cli.ini
else
echo "Requesting certificate with profile: ${CERT_PROFILE}"
set_ini_value "preferred-profile" "${CERT_PROFILE}" /config/etc/letsencrypt/cli.ini
fi
else
# remove if previously set so going back to default works
sed -i "/^preferred-profile\b/d" /config/etc/letsencrypt/cli.ini
fi
# figuring out domain only vs domain & subdomains vs subdomains only # figuring out domain only vs domain & subdomains vs subdomains only
DOMAINS_ARRAY=() DOMAINS_ARRAY=()
if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
+1 -1
View File
@@ -3,7 +3,7 @@
# Check if the cert is expired or expires within a day, if so, renew # Check if the cert is expired or expires within a day, if so, renew
if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then
echo "The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am)." echo "The cert does not expire within the next day. Letting the cron script handle the renewal attempts."
else else
echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes." echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes."
/app/le-renew.sh /app/le-renew.sh