mirror of
https://github.com/linuxserver/docker-swag.git
synced 2026-05-10 12:44:44 +09:00
Compare commits
3 Commits
5.5.0-ls45
...
deny-dotfi
| Author | SHA1 | Date | |
|---|---|---|---|
|
aa3f8bd0dd | ||
|
|
22bafef661 | ||
|
|
716b1237c5 |
26
Jenkinsfile
vendored
26
Jenkinsfile
vendored
@@ -77,7 +77,6 @@ pipeline {
|
||||
script{
|
||||
env.EXIT_STATUS = ''
|
||||
env.CI_TEST_ATTEMPTED = ''
|
||||
env.PUSH_ATTEMPTED = ''
|
||||
env.LS_RELEASE = sh(
|
||||
script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
|
||||
returnStdout: true).trim()
|
||||
@@ -926,9 +925,6 @@ pipeline {
|
||||
environment name: 'EXIT_STATUS', value: ''
|
||||
}
|
||||
steps {
|
||||
script{
|
||||
env.PUSH_ATTEMPTED = 'true'
|
||||
}
|
||||
retry_backoff(5,5) {
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
@@ -958,18 +954,11 @@ pipeline {
|
||||
environment name: 'EXIT_STATUS', value: ''
|
||||
}
|
||||
steps {
|
||||
script{
|
||||
env.PUSH_ATTEMPTED = 'true'
|
||||
}
|
||||
retry_backoff(5,5) {
|
||||
sh '''#! /bin/bash
|
||||
set -e
|
||||
for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
|
||||
if [[ "${MANIFESTIMAGE%%/*}" =~ \\. ]]; then
|
||||
MANIFESTIMAGEPLUS="${MANIFESTIMAGE}"
|
||||
else
|
||||
MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}"
|
||||
fi
|
||||
[[ ${MANIFESTIMAGE%%/*} =~ \\. ]] && MANIFESTIMAGEPLUS="${MANIFESTIMAGE}" || MANIFESTIMAGEPLUS="docker.io/${MANIFESTIMAGE}"
|
||||
IFS=',' read -ra CACHE <<< "$BUILDCACHE"
|
||||
for i in "${CACHE[@]}"; do
|
||||
if [[ "${MANIFESTIMAGEPLUS}" == "$(cut -d "/" -f1 <<< ${i})"* ]]; then
|
||||
@@ -1137,7 +1126,7 @@ EOF
|
||||
}
|
||||
script {
|
||||
if (env.GITHUBIMAGE =~ /lspipepr/){
|
||||
if (env.CI_TEST_ATTEMPTED == "true" || env.PUSH_ATTEMPTED == "true"){
|
||||
if (env.CI_TEST_ATTEMPTED == "true"){
|
||||
sh '''#! /bin/bash
|
||||
# Function to retrieve JSON data from URL
|
||||
get_json() {
|
||||
@@ -1198,21 +1187,14 @@ EOF
|
||||
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
|
||||
-H "Accept: application/vnd.github.v3+json" \
|
||||
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
|
||||
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR for commit ${COMMIT_SHA:0:7} : \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
|
||||
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
|
||||
else
|
||||
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
|
||||
-H "Accept: application/vnd.github.v3+json" \
|
||||
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
|
||||
-d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR for commit ${COMMIT_SHA:0:7} : \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
|
||||
-d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
|
||||
fi
|
||||
'''
|
||||
} else {
|
||||
sh '''#! /bin/bash
|
||||
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
|
||||
-H "Accept: application/vnd.github.v3+json" \
|
||||
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
|
||||
-d "{\\"body\\": \\"I am a bot, the build for PR commit ${COMMIT_SHA:0:7} failed and as a result no CI test was attempted and no images were pushed.\\"}"
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,9 +5,9 @@ acme 5.5.0 python
|
||||
alpine-baselayout 3.7.0-r0 apk
|
||||
alpine-baselayout-data 3.7.0-r0 apk
|
||||
alpine-keys 2.5-r0 apk
|
||||
alpine-release 3.22.4-r0 apk
|
||||
alpine-release 3.22.3-r0 apk
|
||||
aom-libs 3.12.1-r0 apk
|
||||
apache2-utils 2.4.67-r0 apk
|
||||
apache2-utils 2.4.66-r0 apk
|
||||
apk-tools 2.14.9-r3 apk
|
||||
apr 1.7.5-r0 apk
|
||||
apr-util 1.6.3-r1 apk
|
||||
@@ -15,23 +15,23 @@ argon2-libs 20190702-r5 apk
|
||||
attrs 26.1.0 python
|
||||
autocommand 2.2.2 python
|
||||
azure-common 1.1.28 python
|
||||
azure-core 1.41.0 python
|
||||
azure-core 1.40.0 python
|
||||
azure-identity 1.25.3 python
|
||||
azure-mgmt-core 1.6.0 python
|
||||
azure-mgmt-dns 9.0.0 python
|
||||
backports-tarfile 1.2.0 python
|
||||
bash 5.2.37-r0 apk
|
||||
beautifulsoup4 4.14.3 python
|
||||
boto3 1.43.6 python
|
||||
botocore 1.43.6 python
|
||||
boto3 1.43.2 python
|
||||
botocore 1.43.2 python
|
||||
brotli-libs 1.1.0-r2 apk
|
||||
bs4 0.0.2 python
|
||||
busybox 1.37.0-r20 apk
|
||||
busybox-binsh 1.37.0-r20 apk
|
||||
c-ares 1.34.6-r0 apk
|
||||
c-client 2007f-r15 apk
|
||||
ca-certificates 20260413-r0 apk
|
||||
ca-certificates-bundle 20260413-r0 apk
|
||||
ca-certificates 20250911-r0 apk
|
||||
ca-certificates-bundle 20250911-r0 apk
|
||||
catatonit 0.2.1-r0 apk
|
||||
certbot 5.5.0 python
|
||||
certbot-dns-acmedns 0.1.0 python
|
||||
@@ -93,7 +93,7 @@ coreutils 9.7-r1 apk
|
||||
coreutils-env 9.7-r1 apk
|
||||
coreutils-fmt 9.7-r1 apk
|
||||
coreutils-sha512sum 9.7-r1 apk
|
||||
cryptography 48.0.0 python
|
||||
cryptography 47.0.0 python
|
||||
curl 8.14.1-r2 apk
|
||||
distro 1.9.0 python
|
||||
dns-lexicon 3.25.1 python
|
||||
@@ -121,10 +121,10 @@ gnupg-utils 2.4.9-r0 apk
|
||||
gnupg-wks-client 2.4.9-r0 apk
|
||||
gnutls 3.8.13-r0 apk
|
||||
google-api-core 2.30.3 python
|
||||
google-api-python-client 2.196.0 python
|
||||
google-auth 2.52.0 python
|
||||
google-auth-httplib2 0.4.0 python
|
||||
googleapis-common-protos 1.75.0 python
|
||||
google-api-python-client 2.195.0 python
|
||||
google-auth 2.50.0 python
|
||||
google-auth-httplib2 0.3.1 python
|
||||
googleapis-common-protos 1.74.0 python
|
||||
gpg 2.4.9-r0 apk
|
||||
gpg-agent 2.4.9-r0 apk
|
||||
gpg-wks-server 2.4.9-r0 apk
|
||||
@@ -134,7 +134,7 @@ gui UNKNOWN binary
|
||||
gui-32 UNKNOWN binary
|
||||
gui-64 UNKNOWN binary
|
||||
gui-arm64 UNKNOWN binary
|
||||
hcloud 2.20.0 python
|
||||
hcloud 2.19.0 python
|
||||
httplib2 0.31.2 python
|
||||
icu-data-en 76.1-r1 apk
|
||||
icu-libs 76.1-r1 apk
|
||||
@@ -312,12 +312,12 @@ php84-xmlwriter 8.4.16-r0 apk
|
||||
php84-xsl 8.4.16-r0 apk
|
||||
php84-zip 8.4.16-r0 apk
|
||||
pinentry 1.3.1-r0 apk
|
||||
pip 26.1.1 python
|
||||
pip 26.1 python
|
||||
pkb-client 2.3.1 python
|
||||
platformdirs 4.4.0 python
|
||||
popt 1.19-r4 apk
|
||||
procps-ng 4.0.4-r3 apk
|
||||
proto-plus 1.28.0 python
|
||||
proto-plus 1.27.2 python
|
||||
protobuf 7.34.1 python
|
||||
pyacmedns 0.4 python
|
||||
pyasn1 0.6.3 python
|
||||
@@ -326,7 +326,7 @@ pyc 3.12.13-r0 apk
|
||||
pycparser 3.0 python
|
||||
pyjwt 2.12.1 python
|
||||
pynamecheap 0.0.3 python
|
||||
pyopenssl 26.2.0 python
|
||||
pyopenssl 26.1.0 python
|
||||
pyotp 2.9.0 python
|
||||
pyparsing 3.3.2 python
|
||||
pyrfc3339 2.1.0 python
|
||||
@@ -355,10 +355,10 @@ tiff 4.7.1-r0 apk
|
||||
tldextract 5.3.1 python
|
||||
tomli 2.4.0 python
|
||||
typing-extensions 4.15.0 python
|
||||
tzdata 2026b-r0 apk
|
||||
tzdata 2026a-r0 apk
|
||||
unixodbc 2.3.12-r0 apk
|
||||
uritemplate 4.2.0 python
|
||||
urllib3 2.7.0 python
|
||||
urllib3 2.6.3 python
|
||||
utmps-libs 0.1.3.1-r0 apk
|
||||
wheel 0.46.3 python
|
||||
wheel 0.47.0 python
|
||||
|
||||
@@ -219,6 +219,7 @@ init_diagram: |
|
||||
"swag:latest" <- Base Images
|
||||
# changelog
|
||||
changelogs:
|
||||
- {date: "08.02.26:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Deny access to all dotfiles."}
|
||||
- {date: "23.01.26:", desc: "Reorder init to fix proxy conf version checks."}
|
||||
- {date: "21.12.25:", desc: "Add support for hetzner-cloud dns validation."}
|
||||
- {date: "04.11.25:", desc: "Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin."}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
## Version 2026/03/07 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
||||
## Version 2026/05/05 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
||||
|
||||
# redirect all traffic to https
|
||||
server {
|
||||
@@ -13,9 +13,9 @@ server {
|
||||
# main server block
|
||||
server {
|
||||
listen 443 ssl default_server;
|
||||
# listen 443 quic reuseport default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
# listen [::]:443 quic reuseport default_server;
|
||||
#listen 443 quic reuseport default_server;
|
||||
#listen [::]:443 quic reuseport default_server;
|
||||
|
||||
server_name _;
|
||||
|
||||
@@ -24,6 +24,18 @@ server {
|
||||
root /config/www;
|
||||
index index.html index.htm index.php;
|
||||
|
||||
# Allow access to the ".well-known" directory
|
||||
location ^~ /.well-known {
|
||||
allow all;
|
||||
}
|
||||
|
||||
# deny access to all dotfiles
|
||||
location ~ /\. {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# enable subfolder method reverse proxy confs
|
||||
include /config/nginx/proxy-confs/*.subfolder.conf;
|
||||
|
||||
@@ -60,7 +72,7 @@ server {
|
||||
}
|
||||
|
||||
location ~ ^(.+\.php)(.*)$ {
|
||||
# enable the next two lines for http auth
|
||||
# enable for basic auth
|
||||
#auth_basic "Restricted";
|
||||
#auth_basic_user_file /config/nginx/.htpasswd;
|
||||
|
||||
@@ -73,17 +85,17 @@ server {
|
||||
# enable for Authentik (requires authentik-server.conf in the server block)
|
||||
#include /config/nginx/authentik-location.conf;
|
||||
|
||||
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
|
||||
#include /config/nginx/tinyauth-location.conf;
|
||||
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) { return 404; }
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
fastcgi_pass 127.0.0.1:9000;
|
||||
fastcgi_index index.php;
|
||||
include /etc/nginx/fastcgi_params;
|
||||
}
|
||||
|
||||
# deny access to .htaccess/.htpasswd files
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
# enable subdomain method reverse proxy confs
|
||||
|
||||
Reference in New Issue
Block a user