LAB-linuxserver/templates
1
0
Fork 0
mirror of https://github.com/linuxserver/templates.git synced 2026-02-19 16:17:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
templates/unraid/swag.xml
LinuxServer-CI 4f37ca398e
Bot Updating Unraid Template
2026-01-26 00:36:05 +00:00

331 lines
18 KiB
XML
Executable File
Raw Permalink Blame History

<?xml version="1.0"?>
<!-- DO NOT CHANGE THIS FILE MANUALLY, IT IS AUTOMATICALLY GENERATED -->
<!-- GENERATED FROM https://github.com/linuxserver/docker-swag/blob/master/readme-vars.yml -->
<Container version="2">
<Name>swag</Name>
<Repository>lscr.io/linuxserver/swag</Repository>
<Registry>https://github.com/orgs/linuxserver/packages/container/package/swag</Registry>
<DonateText>Donations</DonateText>
<DonateLink>https://www.linuxserver.io/donate</DonateLink>
<DonateImg>https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/donate.png</DonateImg>
<Network>bridge</Network>
<Privileged>false</Privileged>
<Support>https://github.com/linuxserver/docker-swag/issues/new/choose</Support>
<Shell>bash</Shell>
<GitHub>https://github.com/linuxserver/docker-swag#application-setup</GitHub>
<ReadMe>https://github.com/linuxserver/docker-swag#readme</ReadMe>
<Project>https://linuxserver.io</Project>
<Overview>SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let&#39;s Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let&#39;s Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.</Overview>
<ExtraParams>--cap-add=NET_ADMIN</ExtraParams>
<TemplateURL>https://raw.githubusercontent.com/linuxserver/templates/main/unraid/swag.xml</TemplateURL>
<Icon>https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver-ls-logo.png</Icon>
<Date>2026-01-23</Date>
<Changes>
### 2026-01-23
- Reorder init to fix proxy conf version checks.
### 2025-12-21
- Add support for hetzner-cloud dns validation.
### 2025-11-04
- Switch default Gandi credentials from API Key to Token, allow DNS propagation time for Azure DNS plugin.
### 2025-07-18
- Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained.
### 2025-05-05
- Disable Certbot&#39;s built in log rotation.
### 2025-01-19
- Add Auto Reload(https://github.com/linuxserver/docker-mods/tree/swag-auto-reload) functionality to SWAG.
### 2024-12-17
- Rebase to Alpine 3.21.
### 2024-10-21
- Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns).
### 2024-08-30
- Fix zerossl cert revocation.
### 2014-07-24
- Rebase to Alpine 3.20. Remove deprecated Google Domains certbot plugin. Existing users should update their nginx confs to avoid http2 deprecation warnings.
### 2024-07-01
- Fall back to iptables-legacy if iptables doesn&#39;t work.
### 2024-03-23
- Fix perms on the generated `priv-fullchain-bundle.pem`.
### 2024-03-14
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf - Update Authelia conf samples with support for 4.38.
### 2024-03-11
- Restore support for DynuDNS using `certbot-dns-dynudns`.
### 2024-03-06
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Cleanup default site conf.
### 2024-03-04
- Remove `stream.conf` inside the container to allow users to include their own block in `nginx.conf`.
### 2024-01-23
- Rebase to Alpine 3.19 with php 8.3, add root periodic crontabs for logrotate.
### 2024-01-01
- Add GleSYS DNS plugin.
### 2023-12-11
- Deprecate certbot-dns-dynu to resolve dependency conflicts with other plugins.
### 2023-11-30
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Fix index.php being downloaded on 404.
### 2023-11-23
- Run certbot as root to allow fix http validation.
### 2023-10-01
- Fix &#34;unrecognized arguments&#34; issue in DirectAdmin DNS plugin.
### 2023-08-28
- Add Namecheap DNS plugin.
### 2023-08-12
- Add FreeDNS plugin. Detect certbot DNS authenticators using CLI.
### 2023-08-07
- Add Bunny DNS Configuration.
### 2023-07-27
- Added support for dreamhost validation.
### 2023-05-25
- Rebase to Alpine 3.18, deprecate armhf.
### 2023-04-27
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug.
### 2023-04-13
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik.
### 2023-03-25
- Fix renewal post hook.
### 2023-03-10
- Cleanup unused csr and keys folders. See certbot 2.3.0 release notes(https://github.com/certbot/certbot/releases/tag/v2.3.0).
### 2023-03-09
- Add Google Domains DNS support, `google-domains`.
### 2023-03-02
- Set permissions on crontabs during init.
### 2023-02-09
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf, authelia-location.conf and authelia-server.conf - Add Authentik configs, update Authelia configs.
### 2023-02-06
- Add porkbun support back in.
### 2023-01-21
- Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x.
### 2023-01-20
- Rebase to alpine 3.17 with php8.1.
### 2023-01-16
- Remove nchan module because it keeps causing crashes.
### 2022-12-08
- Revamp certbot init.
### 2022-12-03
- Remove defunct cloudxns plugin.
### 2022-11-22
- Pin acme to the same version as certbot.
### 2022-11-22
- Pin certbot to 1.32.0 until plugin compatibility improves.
### 2022-11-05
- Update acmedns plugin handling.
### 2022-10-06
- Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
### 2022-10-05
- Use certbot file hooks instead of command line hooks
### 2022-10-04
- Add godaddy and porkbun dns plugins.
### 2022-10-03
- Add default_server back to default site conf&#39;s https listen.
### 2022-09-22
- Added support for DO DNS validation.
### 2022-09-22
- Added certbot-dns-acmedns for DNS01 validation.
### 2022-08-20
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf - Rebasing to alpine 3.15 with php8. Restructure nginx configs (see changes announcement(https://info.linuxserver.io/issues/2022-08-20-nginx-base)).
### 2022-08-10
- Added support for Dynu DNS validation.
### 2022-05-18
- Added support for Azure DNS validation.
### 2022-04-09
- Added certbot-dns-loopia for DNS01 validation.
### 2022-04-05
- Added support for standalone DNS validation.
### 2022-03-28
- created a logfile for fail2ban nginx-unauthorized in /etc/cont-init.d/50-config
### 2022-01-09
- Added a fail2ban jail for nginx unauthorized
### 2021-12-21
- Fixed issue with iptables not working as expected
### 2021-11-30
- Move maxmind to a new mod(https://github.com/linuxserver/docker-mods/tree/swag-maxmind)
### 2021-11-22
- Added support for Infomaniak DNS for certificate generation.
### 2021-11-20
- Added support for dnspod validation.
### 2021-11-15
- Added support for deSEC DNS for wildcard certificate generation.
### 2021-10-26
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) proxy.conf - Mitigate https://httpoxy.org/ vulnerabilities. Ref: https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx#Defeating-the-Attack-using-NGINX-and-NGINX-Plus
### 2021-10-23
- Fix Hurricane Electric (HE) DNS validation.
### 2021-10-12
- Fix deprecated LE root cert check to fix failures when using `STAGING=true`, and failures in revoking.
### 2021-10-06
- Added support for Hurricane Electric (HE) DNS validation. Added lxml build deps.
### 2021-10-01
- Check if the cert uses the old LE root cert, revoke and regenerate if necessary. Here&#39;s more info(https://twitter.com/letsencrypt/status/1443621997288767491) on LE root cert expiration
### 2021-09-19
- Add an optional header to opt out of Google FLoC in `ssl.conf`.
### 2021-09-17
- Mark `SUBDOMAINS` var as optional.
### 2021-08-01
- Add support for ionos dns validation.
### 2021-07-15
- Fix libmaxminddb issue due to upstream change.
### 2021-07-07
- Rebase to alpine 3.14.
### 2021-06-24
- Update default nginx conf folder.
### 2021-05-28
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf - Use `resolver.conf` and patch for `CVE-2021-32637`.
### 2021-05-20
- Modify resolver.conf generation to detect and ignore ipv6.
### 2021-05-14
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, ssl.conf, proxy.conf, and the default site-conf - Rework nginx.conf to be inline with alpine upstream and relocate lines from other files. Use linuxserver.io wheel index for pip packages. Switch to using ffdhe4096(https://ssl-config.mozilla.org/ffdhe4096.txt) for `dhparams.pem` per RFC7919(https://datatracker.ietf.org/doc/html/rfc7919). Added `worker_processes.conf`, which sets the number of nginx workers, and `resolver.conf`, which sets the dns resolver. Both conf files are auto-generated only on first start and can be user modified later.
### 2021-04-21
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method.
### 2021-04-12
- Add php7-gmp and php7-pecl-mailparse.
### 2021-04-12
- Add support for vultr dns validation.
### 2021-03-14
- Add support for directadmin dns validation.
### 2021-02-12
- Clean up rust/cargo cache, which ballooned the image size in the last couple of builds.
### 2021-02-10
- Fix aliyun, domeneshop, inwx and transip dns confs for existing users.
### 2021-02-09
- Rebasing to alpine 3.13. Add nginx mods brotli and dav-ext. Remove nginx mods lua and lua-upstream (due to regression over the last couple of years).
### 2021-01-26
- Add support for hetzner dns validation.
### 2021-01-20
- Add check for ZeroSSL EAB retrieval.
### 2021-01-08
- Add support for getting certs from ZeroSSL(https://zerossl.com/) via optional `CERTPROVIDER` env var. Update aliyun, domeneshop, inwx and transip dns plugins with the new plugin names. Hide `donoteditthisfile.conf` because users were editing it despite its name. Suppress harmless error when no proxy confs are enabled.
### 2021-01-03
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) /config/nginx/site-confs/default.conf - Add helper pages to aid troubleshooting
### 2020-12-10
- Add support for njalla dns validation
### 2020-12-09
- Check for template/conf updates and notify in the log. Add support for gehirn and sakuracloud dns validation.
### 2020-11-01
- Add support for netcup dns validation
### 2020-10-29
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy.
### 2020-10-04
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering.
### 2020-09-20
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf - Added geoip2 configs. Added MAXMINDDB_LICENSE_KEY variable to readme.
### 2020-09-08
- Add php7-xsl.
### 2020-09-01
- Existing users should update:(https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and various proxy samples - Global websockets across all configs.
### 2020-08-03
- Initial release.
</Changes>
<Config Name="WebUI" Target="443" Default="443" Mode="tcp" Description="HTTPS port" Type="Port" Display="always" Required="true" Mask="false"/>
<Config Name="Port: 80" Target="80" Default="80" Mode="tcp" Description="HTTP port (required for HTTP validation and HTTP - HTTPS redirect)" Type="Port" Display="always" Required="false" Mask="false"/>
<Config Name="Port: 443" Target="443" Default="443" Mode="udp" Description="QUIC (HTTP/3) port. Must be enabled in the default and proxy confs." Type="Port" Display="always" Required="false" Mask="false"/>
<Config Name="Appdata" Target="/config" Default="" Mode="rw" Description="Persistent config files" Type="Path" Display="advanced" Required="true" Mask="false"/>
<Config Name="URL" Target="URL" Default="example.com" Description="Top url you have control over (e.g. `example.com` if you own it, or `customsubdomain.example.com` if dynamic dns)." Type="Variable" Display="always" Required="true" Mask="false"/>
<Config Name="VALIDATION" Target="VALIDATION" Default="http|dns" Description="Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set)." Type="Variable" Display="always" Required="true" Mask="false"/>
<Config Name="SUBDOMAINS" Target="SUBDOMAINS" Default="www," Description="Subdomains you&#39;d like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="CERTPROVIDER" Target="CERTPROVIDER" Default="" Description="Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing ZeroSSL account(https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let&#39;s Encrypt." Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="DNSPLUGIN" Target="DNSPLUGIN" Default="cloudflare" Description="Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `he`, `hetzner`, `hetzner-cloud`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="PROPAGATION" Target="PROPAGATION" Default="" Description="Optionally override (in seconds) the default propagation time for the dns plugins." Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="EMAIL" Target="EMAIL" Default="" Description="Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="ONLY_SUBDOMAINS" Target="ONLY_SUBDOMAINS" Default="false" Description="If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="EXTRA_DOMAINS" Target="EXTRA_DOMAINS" Default="" Description="Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org`" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="STAGING" Target="STAGING" Default="false" Description="Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser&#39;s security test. Only to be used for testing purposes." Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="DISABLE_F2B" Target="DISABLE_F2B" Default="" Description="Set to `true` to disable the Fail2ban service in the container, if you&#39;re already running it elsewhere or using a different IPS." Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="SWAG_AUTORELOAD" Target="SWAG_AUTORELOAD" Default="" Description="Set to `true` to enable automatic reloading of confs on change without stopping/restarting nginx. Your filesystem must support inotify. This functionality was previously offered via mod(https://github.com/linuxserver/docker-mods/tree/swag-auto-reload)." Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="SWAG_AUTORELOAD_WATCHLIST" Target="SWAG_AUTORELOAD_WATCHLIST" Default="" Description="A pipe(https://en.wikipedia.org/wiki/Vertical_bar)-separated list of additional folders for auto reload to watch in addition to `/config/nginx`" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="PUID" Target="PUID" Default="99" Description="Container Variable: PUID" Type="Variable" Display="advanced" Required="true" Mask="false"/>
<Config Name="PGID" Target="PGID" Default="100" Description="Container Variable: PGID" Type="Variable" Display="advanced" Required="true" Mask="false"/>
<Config Name="UMASK" Target="UMASK" Default="022" Description="Container Variable: UMASK" Type="Variable" Display="advanced" Required="false" Mask="false"/>
</Container>
Reference in New Issue View Git Blame Copy Permalink