From 9a0383bc730b85e365e737deef8a8e2bed981cec Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Wed, 9 Jul 2025 16:30:45 +1000
Subject: [PATCH 1/6] Move SKIP_CERTBOT_OWNERSHIP check around the entire
 certbot code

---
 .../rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
index 1ec117e1..05cbddea 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@@ -26,12 +26,10 @@ chown -R "$PUID:$PGID" /etc/nginx/conf.d
 # Certbot directories - optimized approach
 CERT_INIT_FLAG="/opt/certbot/.ownership_initialized"
 
-if [ ! -f "$CERT_INIT_FLAG" ]; then
+if [ ! -f "$CERT_INIT_FLAG" ] || [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
 	# Prevents errors when installing python certbot plugins when non-root
-	if [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
-		log_info 'Changing ownership of /opt/certbot directories ...'
-		chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
-	fi
+	log_info 'Changing ownership of /opt/certbot directories ...'
+	chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
 
 	# Handle all site-packages directories efficiently
 	find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do

From ddbafb62a608fcc53293ee1920dc9e3db06ea565 Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Wed, 9 Jul 2025 16:33:50 +1000
Subject: [PATCH 2/6] bump version

---
 .version  | 2 +-
 README.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.version b/.version
index dcb27a75..e4643748 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.12.5
+2.12.6
diff --git a/README.md b/README.md
index 3f7c2178..2116a55a 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.12.5-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.6-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>

From 304b38e82ba64234ec1953d048c7fc429e06f0ba Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Wed, 9 Jul 2025 18:19:07 +1000
Subject: [PATCH 3/6] Fix ownership if statement

---
 docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
index 05cbddea..4ecd11da 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@@ -26,7 +26,7 @@ chown -R "$PUID:$PGID" /etc/nginx/conf.d
 # Certbot directories - optimized approach
 CERT_INIT_FLAG="/opt/certbot/.ownership_initialized"
 
-if [ ! -f "$CERT_INIT_FLAG" ] || [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
+if [ ! -f "$CERT_INIT_FLAG" ] && [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
 	# Prevents errors when installing python certbot plugins when non-root
 	log_info 'Changing ownership of /opt/certbot directories ...'
 	chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin

From 4f9df893c80b59d07d2602bb55314e7eefa7bbc1 Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Wed, 9 Jul 2025 20:30:27 +1000
Subject: [PATCH 4/6] Ownership script shakeup

- Don't touch a file to determine if we need to run
- Instead, check ownership of each location and skip it if we are happy
- Keeping SKIP_CERTBOT_OWNERSHIP flag
- More vebose logging of outcomes
---
 .../s6-rc.d/prepare/30-ownership.sh           | 66 ++++++++++++-------
 1 file changed, 42 insertions(+), 24 deletions(-)

diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
index 4ecd11da..ee6b7dbe 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@@ -8,35 +8,53 @@ log_info 'Setting ownership ...'
 # root
 chown root /tmp/nginx
 
-# npm user and group
-chown -R "$PUID:$PGID" /data
-chown -R "$PUID:$PGID" /etc/letsencrypt
-chown -R "$PUID:$PGID" /run/nginx
-chown -R "$PUID:$PGID" /tmp/nginx
-chown -R "$PUID:$PGID" /var/cache/nginx
-chown -R "$PUID:$PGID" /var/lib/logrotate
-chown -R "$PUID:$PGID" /var/lib/nginx
-chown -R "$PUID:$PGID" /var/log/nginx
+locations=(
+	"/data"
+	"/etc/letsencrypt"
+	"/run/nginx"
+	"/tmp/nginx"
+	"/var/cache/nginx"
+	"/var/lib/logrotate"
+	"/var/lib/nginx"
+	"/var/log/nginx"
+	"/etc/nginx/nginx"
+	"/etc/nginx/nginx.conf"
+	"/etc/nginx/conf.d"
+)
 
-# Don't chown entire /etc/nginx folder as this causes crashes on some systems
-chown -R "$PUID:$PGID" /etc/nginx/nginx
-chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
-chown -R "$PUID:$PGID" /etc/nginx/conf.d
+chownit() {
+	local dir="$1"
+	local recursive="${2:-true}"
 
-# Certbot directories - optimized approach
-CERT_INIT_FLAG="/opt/certbot/.ownership_initialized"
+	local have
+	have="$(stat -c '%u:%g' "$dir")"
+	echo -n "  $dir ... "
 
-if [ ! -f "$CERT_INIT_FLAG" ] && [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
-	# Prevents errors when installing python certbot plugins when non-root
-	log_info 'Changing ownership of /opt/certbot directories ...'
-	chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+	if [ "$have" != "$PUID:$PGID" ]; then
+		if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then
+			chown -R "$PUID:$PGID" "$dir"
+		else
+			chown "$PUID:$PGID" "$dir"
+		fi
+		echo "DONE"
+	else
+		echo "SKIPPED"
+	fi
+}
+
+for loc in "${locations[@]}"; do
+	chownit "$loc"
+done
+
+if [ "${SKIP_CERTBOT_OWNERSHIP:-}" != "true" ]; then
+	log_info 'Changing ownership of certbot directories, this may take some time ...'
+	chownit "/opt/certbot" false
+	chownit "/opt/certbot/bin" false
 
 	# Handle all site-packages directories efficiently
 	find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
-		chown -R "$PUID:$PGID" "$SITE_PACKAGES_DIR"
+		chownit "$SITE_PACKAGES_DIR"
 	done
-
-	# Create a flag file to skip this step on subsequent runs
-	touch "$CERT_INIT_FLAG"
-	chown "$PUID:$PGID" "$CERT_INIT_FLAG"
+else
+	log_info 'Skipping ownership change of certbot directories'
 fi

From a23dc2402150a045b2e1be2ceb37cceb4b802d11 Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Wed, 9 Jul 2025 21:01:21 +1000
Subject: [PATCH 5/6] Tweak ownership output

---
 docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
index ee6b7dbe..24906e43 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@@ -28,7 +28,7 @@ chownit() {
 
 	local have
 	have="$(stat -c '%u:%g' "$dir")"
-	echo -n "  $dir ... "
+	echo -n "- $dir ... "
 
 	if [ "$have" != "$PUID:$PGID" ]; then
 		if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then

From 54d463ac3656f85f63451b229f8e6a25601f7dcc Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Wed, 9 Jul 2025 21:27:50 +1000
Subject: [PATCH 6/6] Safer and flexible boolean env vars

---
 .../etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh   | 12 ++++++------
 .../etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh     |  5 +----
 .../rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh |  5 +----
 docker/rootfs/usr/bin/common.sh                      | 10 ++++++++++
 4 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
index 24906e43..fa946518 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@@ -28,7 +28,7 @@ chownit() {
 
 	local have
 	have="$(stat -c '%u:%g' "$dir")"
-	echo -n "- $dir ... "
+	echo "- $dir ... "
 
 	if [ "$have" != "$PUID:$PGID" ]; then
 		if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then
@@ -36,9 +36,9 @@ chownit() {
 		else
 			chown "$PUID:$PGID" "$dir"
 		fi
-		echo "DONE"
+		echo "    DONE"
 	else
-		echo "SKIPPED"
+		echo "    SKIPPED"
 	fi
 }
 
@@ -46,7 +46,9 @@ for loc in "${locations[@]}"; do
 	chownit "$loc"
 done
 
-if [ "${SKIP_CERTBOT_OWNERSHIP:-}" != "true" ]; then
+if [ "$(is_true "${SKIP_CERTBOT_OWNERSHIP:-}")" = '1' ]; then
+	log_info 'Skipping ownership change of certbot directories'
+else
 	log_info 'Changing ownership of certbot directories, this may take some time ...'
 	chownit "/opt/certbot" false
 	chownit "/opt/certbot/bin" false
@@ -55,6 +57,4 @@ if [ "${SKIP_CERTBOT_OWNERSHIP:-}" != "true" ]; then
 	find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
 		chownit "$SITE_PACKAGES_DIR"
 	done
-else
-	log_info 'Skipping ownership change of certbot directories'
 fi
diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
index 0cb9f126..e02f41ca 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
@@ -5,12 +5,9 @@ set -e
 
 log_info 'Dynamic resolvers ...'
 
-DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
-
 # Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
 # thanks @tfmm
-if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ];
-then
+if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
 else
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
index 0c4d261c..2ae61ae5 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
@@ -8,14 +8,11 @@ set -e
 
 log_info 'IPv6 ...'
 
-# Lowercase
-DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
-
 process_folder () {
 	FILES=$(find "$1" -type f -name "*.conf")
 	SED_REGEX=
 
-	if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ]; then
+	if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
 		# IPV6 is disabled
 		echo "Disabling IPV6 in hosts in: $1"
 		SED_REGEX='s/^([^#]*)listen \[::\]/\1#listen [::]/g'
diff --git a/docker/rootfs/usr/bin/common.sh b/docker/rootfs/usr/bin/common.sh
index 13cf06ac..46529870 100644
--- a/docker/rootfs/usr/bin/common.sh
+++ b/docker/rootfs/usr/bin/common.sh
@@ -56,3 +56,13 @@ get_group_id () {
 		getent group "$1" | cut -d: -f3
 	fi
 }
+
+# param $1: value
+is_true () {
+	VAL=$(echo "${1:-}" | tr '[:upper:]' '[:lower:]')
+	if [ "$VAL" == 'true' ] || [ "$VAL" == 'on' ] || [ "$VAL" == '1' ] || [ "$VAL" == 'yes' ]; then
+		echo '1'
+	else
+		echo '0'
+	fi
+}