mirror of
https://github.com/linuxserver/docker-swag.git
synced 2026-07-18 05:40:43 +09:00
Compare commits
10 Commits
5.6.0-ls469
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 2c22ce9573 | |||
| 0a34712336 | |||
| 4e7e4f7fee | |||
| e39c6487f7 | |||
| 493982d27e | |||
| 1e2b94980c | |||
| b3185a5eff | |||
| e857f808b0 | |||
| 6b1745980a | |||
| 3ffa4aaa77 |
@@ -68,7 +68,7 @@ The architectures supported by this image are:
|
|||||||
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
|
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
|
||||||
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
|
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
|
||||||
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
|
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
|
||||||
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
|
* Certs are checked twice daily using ACME Renewal Information (ARI) to determine the optimal renewal window. If your cert is about to expire, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing.
|
||||||
|
|
||||||
### Certbot Plugins
|
### Certbot Plugins
|
||||||
|
|
||||||
@@ -190,6 +190,7 @@ services:
|
|||||||
- VALIDATION=http
|
- VALIDATION=http
|
||||||
- SUBDOMAINS=www, #optional
|
- SUBDOMAINS=www, #optional
|
||||||
- CERTPROVIDER= #optional
|
- CERTPROVIDER= #optional
|
||||||
|
- CERT_PROFILE= #optional
|
||||||
- DNSPLUGIN=cloudflare #optional
|
- DNSPLUGIN=cloudflare #optional
|
||||||
- PROPAGATION= #optional
|
- PROPAGATION= #optional
|
||||||
- EMAIL= #optional
|
- EMAIL= #optional
|
||||||
@@ -221,6 +222,7 @@ docker run -d \
|
|||||||
-e VALIDATION=http \
|
-e VALIDATION=http \
|
||||||
-e SUBDOMAINS=www, `#optional` \
|
-e SUBDOMAINS=www, `#optional` \
|
||||||
-e CERTPROVIDER= `#optional` \
|
-e CERTPROVIDER= `#optional` \
|
||||||
|
-e CERT_PROFILE= `#optional` \
|
||||||
-e DNSPLUGIN=cloudflare `#optional` \
|
-e DNSPLUGIN=cloudflare `#optional` \
|
||||||
-e PROPAGATION= `#optional` \
|
-e PROPAGATION= `#optional` \
|
||||||
-e EMAIL= `#optional` \
|
-e EMAIL= `#optional` \
|
||||||
@@ -254,6 +256,7 @@ Containers are configured using parameters passed at runtime (such as those abov
|
|||||||
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
|
| `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
|
||||||
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
|
| `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
|
||||||
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
|
| `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
|
||||||
|
| `-e CERT_PROFILE=` | Optionally define a cert profile to use for cert generation. This is useful if you want to use a custom cert profile instead of the default one. Currently only supported for Let's Encrypt. See https://letsencrypt.org/docs/profiles/ |
|
||||||
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
|
||||||
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
| `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
|
||||||
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
|
| `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
|
||||||
@@ -433,6 +436,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
|||||||
|
|
||||||
## Versions
|
## Versions
|
||||||
|
|
||||||
|
* **10.07.26:** - Add support for Let's Encrypt cert profiles. Run certbot twice daily with a random delay.
|
||||||
* **19.06.26:** - Add support for mijn.host dns validation.
|
* **19.06.26:** - Add support for mijn.host dns validation.
|
||||||
* **01.06.26:** - Remove obsolete old cert check logic.
|
* **01.06.26:** - Remove obsolete old cert check logic.
|
||||||
* **23.01.26:** - Reorder init to fix proxy conf version checks.
|
* **23.01.26:** - Reorder init to fix proxy conf version checks.
|
||||||
|
|||||||
+20
-20
@@ -1,13 +1,13 @@
|
|||||||
NAME VERSION TYPE
|
NAME VERSION TYPE
|
||||||
Simple Launcher 1.1.0.14 binary (+5 duplicates)
|
Simple Launcher 1.1.0.14 binary (+5 duplicates)
|
||||||
acl-libs 2.3.2-r1 apk
|
acl-libs 2.3.2-r1 apk
|
||||||
acme 5.6.0 python
|
acme 5.7.0 python
|
||||||
alpine-baselayout 3.7.0-r0 apk
|
alpine-baselayout 3.7.0-r0 apk
|
||||||
alpine-baselayout-data 3.7.0-r0 apk
|
alpine-baselayout-data 3.7.0-r0 apk
|
||||||
alpine-keys 2.5-r0 apk
|
alpine-keys 2.5-r0 apk
|
||||||
alpine-release 3.22.5-r0 apk
|
alpine-release 3.22.5-r0 apk
|
||||||
annotated-types 0.7.0 python
|
annotated-types 0.7.0 python
|
||||||
anyio 4.14.1 python
|
anyio 4.14.2 python
|
||||||
aom-libs 3.12.1-r0 apk
|
aom-libs 3.12.1-r0 apk
|
||||||
apache2-utils 2.4.68-r0 apk
|
apache2-utils 2.4.68-r0 apk
|
||||||
apk-tools 2.14.10-r0 apk
|
apk-tools 2.14.10-r0 apk
|
||||||
@@ -23,8 +23,8 @@ azure-mgmt-dns 9.0.0 python
|
|||||||
backports-tarfile 1.2.0 python
|
backports-tarfile 1.2.0 python
|
||||||
bash 5.2.37-r0 apk
|
bash 5.2.37-r0 apk
|
||||||
beautifulsoup4 4.15.0 python
|
beautifulsoup4 4.15.0 python
|
||||||
boto3 1.43.46 python
|
boto3 1.43.48 python
|
||||||
botocore 1.43.46 python
|
botocore 1.43.48 python
|
||||||
brotli-libs 1.1.0-r2 apk
|
brotli-libs 1.1.0-r2 apk
|
||||||
bs4 0.0.2 python
|
bs4 0.0.2 python
|
||||||
busybox 1.37.0-r20 apk
|
busybox 1.37.0-r20 apk
|
||||||
@@ -34,18 +34,18 @@ c-client 2007f-r15 apk
|
|||||||
ca-certificates 20260611-r0 apk
|
ca-certificates 20260611-r0 apk
|
||||||
ca-certificates-bundle 20260611-r0 apk
|
ca-certificates-bundle 20260611-r0 apk
|
||||||
catatonit 0.2.1-r0 apk
|
catatonit 0.2.1-r0 apk
|
||||||
certbot 5.6.0 python
|
certbot 5.7.0 python
|
||||||
certbot-dns-acmedns 0.1.0 python
|
certbot-dns-acmedns 0.1.0 python
|
||||||
certbot-dns-aliyun 2.0.0 python
|
certbot-dns-aliyun 2.0.0 python
|
||||||
certbot-dns-azure 1.5.0 python
|
certbot-dns-azure 1.5.0 python
|
||||||
certbot-dns-bunny 3.0.0 python
|
certbot-dns-bunny 3.0.0 python
|
||||||
certbot-dns-cloudflare 5.6.0 python
|
certbot-dns-cloudflare 5.7.0 python
|
||||||
certbot-dns-cpanel 0.4.0 python
|
certbot-dns-cpanel 0.4.0 python
|
||||||
certbot-dns-desec 1.3.2 python
|
certbot-dns-desec 1.3.2 python
|
||||||
certbot-dns-digitalocean 5.6.0 python
|
certbot-dns-digitalocean 5.7.0 python
|
||||||
certbot-dns-directadmin 1.0.15 python
|
certbot-dns-directadmin 1.0.15 python
|
||||||
certbot-dns-dnsimple 5.6.0 python
|
certbot-dns-dnsimple 5.7.0 python
|
||||||
certbot-dns-dnsmadeeasy 5.6.0 python
|
certbot-dns-dnsmadeeasy 5.7.0 python
|
||||||
certbot-dns-dnspod 0.1.0 python
|
certbot-dns-dnspod 0.1.0 python
|
||||||
certbot-dns-do 0.31.0 python
|
certbot-dns-do 0.31.0 python
|
||||||
certbot-dns-domeneshop 0.2.9 python
|
certbot-dns-domeneshop 0.2.9 python
|
||||||
@@ -53,29 +53,29 @@ certbot-dns-dreamhost 1.0 python
|
|||||||
certbot-dns-duckdns 1.8.0 python
|
certbot-dns-duckdns 1.8.0 python
|
||||||
certbot-dns-dynudns 0.0.6 python
|
certbot-dns-dynudns 0.0.6 python
|
||||||
certbot-dns-freedns 0.2.0 python
|
certbot-dns-freedns 0.2.0 python
|
||||||
certbot-dns-gehirn 5.6.0 python
|
certbot-dns-gehirn 5.7.0 python
|
||||||
certbot-dns-glesys 2.1.0 python
|
certbot-dns-glesys 2.1.0 python
|
||||||
certbot-dns-godaddy 2.8.0 python
|
certbot-dns-godaddy 2.8.0 python
|
||||||
certbot-dns-google 5.6.0 python
|
certbot-dns-google 5.7.0 python
|
||||||
certbot-dns-he 1.0.0 python
|
certbot-dns-he 1.0.0 python
|
||||||
certbot-dns-hetzner 4.0.0 python
|
certbot-dns-hetzner 4.0.0 python
|
||||||
certbot-dns-hetzner-cloud 1.0.5 python
|
certbot-dns-hetzner-cloud 1.0.5 python
|
||||||
certbot-dns-infomaniak 0.2.4 python
|
certbot-dns-infomaniak 0.2.4 python
|
||||||
certbot-dns-inwx 3.0.3 python
|
certbot-dns-inwx 3.0.3 python
|
||||||
certbot-dns-ionos 2024.11.9 python
|
certbot-dns-ionos 2024.11.9 python
|
||||||
certbot-dns-linode 5.6.0 python
|
certbot-dns-linode 5.7.0 python
|
||||||
certbot-dns-loopia 1.0.1 python
|
certbot-dns-loopia 1.0.1 python
|
||||||
certbot-dns-luadns 5.6.0 python
|
certbot-dns-luadns 5.7.0 python
|
||||||
certbot-dns-mijn-host 0.0.9 python
|
certbot-dns-mijn-host 0.0.9 python
|
||||||
certbot-dns-namecheap 1.0.0 python
|
certbot-dns-namecheap 1.0.0 python
|
||||||
certbot-dns-netcup 2.0.3 python
|
certbot-dns-netcup 2.0.3 python
|
||||||
certbot-dns-njalla 2.0.2 python
|
certbot-dns-njalla 2.0.2 python
|
||||||
certbot-dns-nsone 5.6.0 python
|
certbot-dns-nsone 5.7.0 python
|
||||||
certbot-dns-ovh 5.6.0 python
|
certbot-dns-ovh 5.7.0 python
|
||||||
certbot-dns-porkbun 0.11.0 python
|
certbot-dns-porkbun 0.11.0 python
|
||||||
certbot-dns-rfc2136 5.6.0 python
|
certbot-dns-rfc2136 5.7.0 python
|
||||||
certbot-dns-route53 5.6.0 python
|
certbot-dns-route53 5.7.0 python
|
||||||
certbot-dns-sakuracloud 5.6.0 python
|
certbot-dns-sakuracloud 5.7.0 python
|
||||||
certbot-dns-standalone 1.2.1 python
|
certbot-dns-standalone 1.2.1 python
|
||||||
certbot-dns-transip 0.5.2 python
|
certbot-dns-transip 0.5.2 python
|
||||||
certbot-dns-vultr 1.1.0 python
|
certbot-dns-vultr 1.1.0 python
|
||||||
@@ -87,7 +87,7 @@ cli UNKNOWN binary
|
|||||||
cli-32 UNKNOWN binary
|
cli-32 UNKNOWN binary
|
||||||
cli-64 UNKNOWN binary
|
cli-64 UNKNOWN binary
|
||||||
cli-arm64 UNKNOWN binary
|
cli-arm64 UNKNOWN binary
|
||||||
cloudflare 5.4.0 python
|
cloudflare 5.5.0 python
|
||||||
composer 2.10.2 binary
|
composer 2.10.2 binary
|
||||||
configargparse 1.7 python
|
configargparse 1.7 python
|
||||||
configobj 5.0.8 python
|
configobj 5.0.8 python
|
||||||
@@ -124,7 +124,7 @@ gnupg-wks-client 2.4.9-r0 apk
|
|||||||
gnutls 3.8.13-r0 apk
|
gnutls 3.8.13-r0 apk
|
||||||
google-api-core 2.30.3 python
|
google-api-core 2.30.3 python
|
||||||
google-api-python-client 2.198.0 python
|
google-api-python-client 2.198.0 python
|
||||||
google-auth 2.55.2 python
|
google-auth 2.56.0 python
|
||||||
google-auth-httplib2 0.4.0 python
|
google-auth-httplib2 0.4.0 python
|
||||||
googleapis-common-protos 1.75.0 python
|
googleapis-common-protos 1.75.0 python
|
||||||
gpg 2.4.9-r0 apk
|
gpg 2.4.9-r0 apk
|
||||||
|
|||||||
+3
-1
@@ -32,6 +32,7 @@ opt_param_usage_include_env: true
|
|||||||
opt_param_env_vars:
|
opt_param_env_vars:
|
||||||
- {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"}
|
- {env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)"}
|
||||||
- {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."}
|
- {env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt."}
|
||||||
|
- {env_var: "CERT_PROFILE", env_value: "", desc: "Optionally define a cert profile to use for cert generation. This is useful if you want to use a custom cert profile instead of the default one. Currently only supported for Let's Encrypt. See https://letsencrypt.org/docs/profiles/ "}
|
||||||
- {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."}
|
- {env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `mijn-host`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`."}
|
||||||
- {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."}
|
- {env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins."}
|
||||||
- {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."}
|
- {env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)."}
|
||||||
@@ -65,7 +66,7 @@ app_setup_block: |
|
|||||||
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
|
2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
|
||||||
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
|
* `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
|
||||||
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
|
* After setup, navigate to `https://example.com` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
|
||||||
* Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
|
* Certs are checked twice daily using ACME Renewal Information (ARI) to determine the optimal renewal window. If your cert is about to expire, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing.
|
||||||
|
|
||||||
### Certbot Plugins
|
### Certbot Plugins
|
||||||
|
|
||||||
@@ -219,6 +220,7 @@ init_diagram: |
|
|||||||
"swag:latest" <- Base Images
|
"swag:latest" <- Base Images
|
||||||
# changelog
|
# changelog
|
||||||
changelogs:
|
changelogs:
|
||||||
|
- {date: "10.07.26:", desc: "Add support for Let's Encrypt cert profiles. Run certbot twice daily with a random delay."}
|
||||||
- {date: "19.06.26:", desc: "Add support for mijn.host dns validation."}
|
- {date: "19.06.26:", desc: "Add support for mijn.host dns validation."}
|
||||||
- {date: "01.06.26:", desc: "Remove obsolete old cert check logic."}
|
- {date: "01.06.26:", desc: "Remove obsolete old cert check logic."}
|
||||||
- {date: "23.01.26:", desc: "Reorder init to fix proxy conf version checks."}
|
- {date: "23.01.26:", desc: "Reorder init to fix proxy conf version checks."}
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
|
## Version 2025/12/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
|
||||||
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
|
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
|
||||||
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
|
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
|
||||||
|
|
||||||
@@ -7,3 +7,17 @@ auth_request /tinyauth;
|
|||||||
|
|
||||||
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
|
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
|
||||||
error_page 401 = @tinyauth_login;
|
error_page 401 = @tinyauth_login;
|
||||||
|
|
||||||
|
## Translate the user information response headers from the auth subrequest into variables
|
||||||
|
auth_request_set $email $upstream_http_remote_email;
|
||||||
|
auth_request_set $groups $upstream_http_remote_groups;
|
||||||
|
auth_request_set $name $upstream_http_remote_name;
|
||||||
|
auth_request_set $user $upstream_http_remote_user;
|
||||||
|
|
||||||
|
## Inject the user information into the request made to the actual upstream
|
||||||
|
proxy_set_header Remote-Email $email;
|
||||||
|
proxy_set_header Remote-Groups $groups;
|
||||||
|
proxy_set_header Remote-Name $name;
|
||||||
|
proxy_set_header Remote-User $user;
|
||||||
|
|
||||||
|
## Can be extended with more custom headers https://tinyauth.app/docs/reference/headers#nginxnginx-proxy-manager
|
||||||
|
|||||||
@@ -5,4 +5,4 @@
|
|||||||
0 3 * * 6 run-parts /etc/periodic/weekly
|
0 3 * * 6 run-parts /etc/periodic/weekly
|
||||||
0 5 1 * * run-parts /etc/periodic/monthly
|
0 5 1 * * run-parts /etc/periodic/monthly
|
||||||
|
|
||||||
8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/renewal.log 2>&1
|
0 */12 * * * sleep $((60 + $RANDOM % 230)); /app/le-renew.sh >> /config/log/letsencrypt/renewal.log 2>&1
|
||||||
|
|||||||
@@ -12,12 +12,13 @@ EXTRA_DOMAINS=${EXTRA_DOMAINS}\\n\
|
|||||||
ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\
|
ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\
|
||||||
VALIDATION=${VALIDATION}\\n\
|
VALIDATION=${VALIDATION}\\n\
|
||||||
CERTPROVIDER=${CERTPROVIDER}\\n\
|
CERTPROVIDER=${CERTPROVIDER}\\n\
|
||||||
|
CERT_PROFILE=${CERT_PROFILE}\\n\
|
||||||
DNSPLUGIN=${DNSPLUGIN}\\n\
|
DNSPLUGIN=${DNSPLUGIN}\\n\
|
||||||
EMAIL=${EMAIL}\\n\
|
EMAIL=${EMAIL}\\n\
|
||||||
STAGING=${STAGING}\\n"
|
STAGING=${STAGING}\\n"
|
||||||
|
|
||||||
# Sanitize variables
|
# Sanitize variables
|
||||||
SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER)
|
SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER CERT_PROFILE)
|
||||||
for i in "${SANED_VARS[@]}"; do
|
for i in "${SANED_VARS[@]}"; do
|
||||||
export echo "${i}"="${!i//\"/}"
|
export echo "${i}"="${!i//\"/}"
|
||||||
export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')"
|
export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')"
|
||||||
@@ -80,7 +81,7 @@ if [[ -f "/config/donoteditthisfile.conf" ]]; then
|
|||||||
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
|
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
|
||||||
fi
|
fi
|
||||||
if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then
|
if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then
|
||||||
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
|
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\" ORIGCERT_PROFILE=\"${CERT_PROFILE}\"" >/config/.donoteditthisfile.conf
|
||||||
echo "Created .donoteditthisfile.conf"
|
echo "Created .donoteditthisfile.conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -186,7 +187,8 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
|
|||||||
[[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
|
[[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
|
||||||
[[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
|
[[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
|
||||||
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
|
[[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
|
||||||
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
|
[[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]] ||
|
||||||
|
[[ ! "${CERT_PROFILE}" = "${ORIGCERT_PROFILE}" ]]; then
|
||||||
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
|
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
|
||||||
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then
|
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]]; then
|
||||||
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
|
REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
|
||||||
@@ -204,7 +206,7 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# saving new variables
|
# saving new variables
|
||||||
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
|
echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\" ORIGCERT_PROFILE=\"${CERT_PROFILE}\"" >/config/.donoteditthisfile.conf
|
||||||
|
|
||||||
# if zerossl is selected or staging is set to true, use the relevant server
|
# if zerossl is selected or staging is set to true, use the relevant server
|
||||||
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
|
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
|
||||||
@@ -227,6 +229,21 @@ fi
|
|||||||
|
|
||||||
set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
|
set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
|
||||||
|
|
||||||
|
# set certificate profile (e.g. "shortlived" for 6-day certs, "classic" for 90-day)
|
||||||
|
# Profiles are a Let's Encrypt ACME feature; ZeroSSL ignores it.
|
||||||
|
if [[ -n "${CERT_PROFILE}" ]]; then
|
||||||
|
if [[ "${CERTPROVIDER}" = "zerossl" ]]; then
|
||||||
|
echo "ZeroSSL does not support ACME profiles, ignoring CERT_PROFILE variable"
|
||||||
|
sed -i "/^preferred-profile\b/d" /config/etc/letsencrypt/cli.ini
|
||||||
|
else
|
||||||
|
echo "Requesting certificate with profile: ${CERT_PROFILE}"
|
||||||
|
set_ini_value "preferred-profile" "${CERT_PROFILE}" /config/etc/letsencrypt/cli.ini
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# remove if previously set so going back to default works
|
||||||
|
sed -i "/^preferred-profile\b/d" /config/etc/letsencrypt/cli.ini
|
||||||
|
fi
|
||||||
|
|
||||||
# figuring out domain only vs domain & subdomains vs subdomains only
|
# figuring out domain only vs domain & subdomains vs subdomains only
|
||||||
DOMAINS_ARRAY=()
|
DOMAINS_ARRAY=()
|
||||||
if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
|
if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
# Check if the cert is expired or expires within a day, if so, renew
|
# Check if the cert is expired or expires within a day, if so, renew
|
||||||
if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then
|
if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then
|
||||||
echo "The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am)."
|
echo "The cert does not expire within the next day. Letting the cron script handle the renewal attempts."
|
||||||
else
|
else
|
||||||
echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes."
|
echo "The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes."
|
||||||
/app/le-renew.sh
|
/app/le-renew.sh
|
||||||
|
|||||||
Reference in New Issue
Block a user