ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 16:03:38 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

merge upstream and small changes

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey
2024-01-21 12:56:35 +01:00
parent 0620ced474
commit 4bfb9b799a
14 changed files with 120 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Dockerfile
View File

@@ -54,12 +54,17 @@ SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG CRS_VER=v4.0/dev ARG CRS_VER=v4.0/dev
COPY rootfs / COPY rootfs /
COPY --from=zoeyvid/certbot-docker:19 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:364 /usr/local/bin/curl /usr/local/bin/curl
RUN apk add --no-cache ca-certificates tzdata tini \ RUN apk add --no-cache ca-certificates tzdata tini \
patch bash nano \
lua5.1-lzlib \ lua5.1-lzlib \
nodejs-current \ nodejs-current \
openssl apache2-utils \ openssl apache2-utils \
coreutils grep jq curl shadow sudo \ coreutils grep jq shadow sudo \
luarocks5.1 wget lua5.1-dev build-base git yarn && \ luarocks5.1 wget lua5.1-dev build-base git yarn && \
curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/bin/acmesh --nocron && \
git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \ git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \
mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \ mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \
mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \ mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \
@@ -71,8 +76,7 @@ RUN apk add --no-cache ca-certificates tzdata tini \
apk del --no-cache luarocks5.1 wget lua5.1-dev build-base git yarn apk del --no-cache luarocks5.1 wget lua5.1-dev build-base git yarn
COPY --from=backend /build/backend /app COPY --from=backend /build/backend /app
COPY --from=frontend /build/frontend/dist /app/frontend COPY --from=frontend /build/frontend/dist /html/frontend
COPY --from=zoeyvid/certbot-docker:18 /usr/local/certbot /usr/local/certbot
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins /usr/local/nginx/lib/lua/plugins
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua /usr/local/nginx/lib/lua/crowdsec.lua
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html /usr/local/nginx/conf/conf.d/include/ban.html
@@ -80,7 +84,8 @@ COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templ
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf /usr/local/nginx/conf/conf.d/include/crowdsec.conf
COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
RUN ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \ RUN ln -s /usr/local/bin/acmesh/acme.sh /usr/local/bin/acme.sh && \
ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \ ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
ln -s /app/index.js /usr/local/bin/index.js ln -s /app/index.js /usr/local/bin/index.js
@@ -121,5 +126,5 @@ ENV PUID=0 \
PHP83=false PHP83=false
WORKDIR /app WORKDIR /app
ENTRYPOINT ["tini", "--", "start.sh"] ENTRYPOINT ["tini", "--", "entrypoint.sh"]
HEALTHCHECK CMD healthcheck.sh HEALTHCHECK CMD healthcheck.sh

7
README.md
View File

@@ -185,6 +185,13 @@ Password: iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX
Immediately after logging in with this default user you will be asked to modify your details and change your password. Immediately after logging in with this default user you will be asked to modify your details and change your password.
### prerun patches/scripts (EXPERT option) - if you donÄt know what this is, ignore it
run order: entrypoint.sh (patches => scripts) => start.sh => launch.sh <br>
if you need to apply patches before NPMplus launches put them under: `/opt/npm/etc/prerun/patches/*.patch` (applied using `patch -p1`) <br>
if you need to run scripts before NPMplus launches put them under: `/opt/npm/etc/prerun/scripts/*.sh` (please add `#!/bin/sh` / `#!/bin/bash` to the top of the script) <br>
you need to create this folders yourself, they will be launches from the `/` folder - **NOTE:** I won't help you creating thoose patches/scripts if you need them you also need to know how to create them
## Contributing ## Contributing
All are welcome to create pull requests for this project, against the `develop` branch. All are welcome to create pull requests for this project, against the `develop` branch.

2
backend/internal/certificate.js
View File

@@ -815,7 +815,7 @@ const internalCertificate = {
* @param {Object} certificate the certificate row * @param {Object} certificate the certificate row
* @param {String} dns_provider the dns provider name (key used in `certbot-dns-plugins.json`) * @param {String} dns_provider the dns provider name (key used in `certbot-dns-plugins.json`)
* @param {String | null} credentials the content of this providers credentials file * @param {String | null} credentials the content of this providers credentials file
* @param {String} propagation_seconds * @param {String} propagation_seconds the time to wait until the dns record should be changed
* @returns {Promise} * @returns {Promise}
*/ */
requestLetsEncryptSslWithDnsChallenge: async (certificate) => { requestLetsEncryptSslWithDnsChallenge: async (certificate) => {

8
backend/lib/utils.js
View File

@@ -3,8 +3,8 @@ const exec = require('child_process').exec;
const spawn = require('child_process').spawn; const spawn = require('child_process').spawn;
const execFile = require('child_process').execFile; const execFile = require('child_process').execFile;
const { Liquid } = require('liquidjs'); const { Liquid } = require('liquidjs');
const logger = require('../logger').global;
const error = require('./error'); const error = require('./error');
//const logger = require('../logger').global;
module.exports = { module.exports = {
@@ -13,7 +13,7 @@ module.exports = {
* @param {String} cmd * @param {String} cmd
*/ */
exec: async function(cmd, options = {}) { exec: async function(cmd, options = {}) {
logger.debug('CMD:', cmd); //logger.debug('CMD:', cmd);
const { stdout, stderr } = await new Promise((resolve, reject) => { const { stdout, stderr } = await new Promise((resolve, reject) => {
const child = exec(cmd, options, (isError, stdout, stderr) => { const child = exec(cmd, options, (isError, stdout, stderr) => {
@@ -36,7 +36,7 @@ module.exports = {
* @param {Array} args * @param {Array} args
*/ */
execFile: async function (cmd, args, options = {}) { execFile: async function (cmd, args, options = {}) {
logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : '')); //logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
const { stdout, stderr } = await new Promise((resolve, reject) => { const { stdout, stderr } = await new Promise((resolve, reject) => {
const child = execFile(cmd, args, options, (isError, stdout, stderr) => { const child = execFile(cmd, args, options, (isError, stdout, stderr) => {
@@ -62,7 +62,7 @@ module.exports = {
const childProcess = spawn(cmd, { const childProcess = spawn(cmd, {
shell: true, shell: true,
detached: true, detached: true,
stdio: 'inherit' // Use the same stdio as the current process stdio: 'inherit'
}); });
childProcess.on('error', (err) => { childProcess.on('error', (err) => {

7
backend/models/token.js
View File

@@ -73,13 +73,6 @@ module.exports = function () {
} else { } else {
token_data = result; token_data = result;
// Hack: some tokens out in the wild have a scope of 'all' instead of 'user'.
// For 30 days at least, we need to replace 'all' with user.
if ((typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'all') !== -1)) {
token_data.scope = ['user'];
}
resolve(token_data); resolve(token_data);
} }
}); });

2
frontend/js/app/nginx/dead/form.ejs
View File

@@ -60,7 +60,7 @@
<label class="custom-switch"> <label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>> <input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span> <span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span> <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label> </label>
</div> </div>
</div> </div>

2
frontend/js/app/nginx/proxy/form.ejs
View File

@@ -128,7 +128,7 @@
<label class="custom-switch"> <label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>> <input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span> <span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span> <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label> </label>
</div> </div>
</div> </div>

2
frontend/js/app/nginx/redirection/form.ejs
View File

@@ -109,7 +109,7 @@
<label class="custom-switch"> <label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>> <input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
<span class="custom-switch-indicator"></span> <span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span> <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label> </label>
</div> </div>
</div> </div>

2
frontend/js/i18n/messages.json
View File

@@ -52,7 +52,7 @@
"roles": { "roles": {
"title": "Roles", "title": "Roles",
"admin": "Administrator", "admin": "Administrator",
"user": "Apache Helicopter" "user": "User"
}, },
"menu": { "menu": {
"dashboard": "Dashboard", "dashboard": "Dashboard",

4
global/README.md
View File

@@ -9,10 +9,10 @@ File Structure:
```json ```json
{ {
"cloudflare": { "cloudflare": {
"display_name": "Name displayed to the user", "name": "Name displayed to the user",
"package_name": "Package name in PyPi repo", "package_name": "Package name in PyPi repo",
"credentials": "Template of the credentials file", "credentials": "Template of the credentials file",
"full_plugin_name": "The full plugin name as used in the commandline with certbot, e.g. 'dns-njalla'" "full_plugin_name": "The full plugin name as used in the commandline with certbot, e.g. 'dns-cloudflare'"
}, },
... ...
} }

106
global/certbot-dns-plugins.json
View File

@@ -1,318 +1,318 @@
{ {
"acmedns": { "acmedns": {
"display_name": "ACME-DNS", "name": "ACME-DNS",
"package_name": "certbot-dns-acmedns", "package_name": "certbot-dns-acmedns",
"credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/tls/certbot/acme-registration.json", "credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/tls/certbot/acme-registration.json",
"full_plugin_name": "dns-acmedns" "full_plugin_name": "dns-acmedns"
}, },
"aliyun": { "aliyun": {
"display_name": "Aliyun", "name": "Aliyun",
"package_name": "certbot-dns-aliyun", "package_name": "certbot-dns-aliyun",
"credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef", "credentials": "dns_aliyun_access_key = 12345678\ndns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef",
"full_plugin_name": "dns-aliyun" "full_plugin_name": "dns-aliyun"
}, },
"azure": { "azure": {
"display_name": "Azure", "name": "Azure",
"package_name": "certbot-dns-azure", "package_name": "certbot-dns-azure",
"credentials": "# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.\n# Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.\n# As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.\n\n# Using a service principal (option 1)\ndns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\ndns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9\ndns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7\n\n# Using used assigned MSI (option 2)\n# dns_azure_msi_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\n\n# Using system assigned MSI (option 3)\n# dns_azure_msi_system_assigned = true\n\n# Zones (at least one always required)\ndns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1\ndns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf2744622/resourceGroups/dns2", "credentials": "# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.\n# Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.\n# As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.\n\n# Using a service principal (option 1)\ndns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\ndns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9\ndns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7\n\n# Using used assigned MSI (option 2)\n# dns_azure_msi_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5\n\n# Using system assigned MSI (option 3)\n# dns_azure_msi_system_assigned = true\n\n# Zones (at least one always required)\ndns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1\ndns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf2744622/resourceGroups/dns2",
"full_plugin_name": "dns-azure" "full_plugin_name": "dns-azure"
}, },
"bunny": { "bunny": {
"display_name": "bunny.net", "name": "bunny.net",
"package_name": "certbot-dns-bunny", "package_name": "certbot-dns-bunny",
"credentials": "# Bunny API token used by Certbot (see https://dash.bunny.net/account/settings)\ndns_bunny_api_key = xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx", "credentials": "# Bunny API token used by Certbot (see https://dash.bunny.net/account/settings)\ndns_bunny_api_key = xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
"full_plugin_name": "dns-bunny" "full_plugin_name": "dns-bunny"
}, },
"cloudflare": { "cloudflare": {
"display_name": "Cloudflare", "name": "Cloudflare",
"package_name": "certbot-dns-cloudflare", "package_name": "certbot-dns-cloudflare",
"credentials": "# Cloudflare API token\ndns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567\n# OR Cloudflare API credentials\n#dns_cloudflare_email = cloudflare@example.com\n#dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234", "credentials": "# Cloudflare API token\ndns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567\n# OR Cloudflare API credentials\n#dns_cloudflare_email = cloudflare@example.com\n#dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234",
"full_plugin_name": "dns-cloudflare" "full_plugin_name": "dns-cloudflare"
}, },
"cloudns": { "cloudns": {
"display_name": "ClouDNS", "name": "ClouDNS",
"package_name": "certbot-dns-cloudns", "package_name": "certbot-dns-cloudns",
"credentials": "# Target user ID (see https://www.cloudns.net/api-settings/)\n\tdns_cloudns_auth_id=1234\n\t# Alternatively, one of the following two options can be set:\n\t# dns_cloudns_sub_auth_id=1234\n\t# dns_cloudns_sub_auth_user=foobar\n\n\t# API password\n\tdns_cloudns_auth_password=password1", "credentials": "# Target user ID (see https://www.cloudns.net/api-settings/)\n\tdns_cloudns_auth_id=1234\n\t# Alternatively, one of the following two options can be set:\n\t# dns_cloudns_sub_auth_id=1234\n\t# dns_cloudns_sub_auth_user=foobar\n\n\t# API password\n\tdns_cloudns_auth_password=password1",
"full_plugin_name": "dns-cloudns" "full_plugin_name": "dns-cloudns"
}, },
"cloudxns": { "cloudxns": {
"display_name": "CloudXNS", "name": "CloudXNS",
"package_name": "certbot-dns-cloudxns", "package_name": "certbot-dns-cloudxns",
"credentials": "dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef\ndns_cloudxns_secret_key = 1122334455667788", "credentials": "dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef\ndns_cloudxns_secret_key = 1122334455667788",
"full_plugin_name": "dns-cloudxns" "full_plugin_name": "dns-cloudxns"
}, },
"constellix": { "constellix": {
"display_name": "Constellix", "name": "Constellix",
"package_name": "certbot-dns-constellix", "package_name": "certbot-dns-constellix",
"credentials": "dns_constellix_apikey = 5fb4e76f-ac91-43e5-f982458bc595\ndns_constellix_secretkey = 47d99fd0-32e7-4e07-85b46d08e70b\ndns_constellix_endpoint = https://api.dns.constellix.com/v1", "credentials": "dns_constellix_apikey = 5fb4e76f-ac91-43e5-f982458bc595\ndns_constellix_secretkey = 47d99fd0-32e7-4e07-85b46d08e70b\ndns_constellix_endpoint = https://api.dns.constellix.com/v1",
"full_plugin_name": "dns-constellix" "full_plugin_name": "dns-constellix"
}, },
"corenetworks": { "corenetworks": {
"display_name": "Core Networks", "name": "Core Networks",
"package_name": "certbot-dns-corenetworks", "package_name": "certbot-dns-corenetworks",
"credentials": "dns_corenetworks_username = asaHB12r\ndns_corenetworks_password = secure_password", "credentials": "dns_corenetworks_username = asaHB12r\ndns_corenetworks_password = secure_password",
"full_plugin_name": "dns-corenetworks" "full_plugin_name": "dns-corenetworks"
}, },
"cpanel": { "cpanel": {
"display_name": "cPanel", "name": "cPanel",
"package_name": "certbot-dns-cpanel", "package_name": "certbot-dns-cpanel",
"credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = user\ncpanel_password = hunter2", "credentials": "cpanel_url = https://cpanel.example.com:2083\ncpanel_username = user\ncpanel_password = hunter2",
"full_plugin_name": "cpanel" "full_plugin_name": "cpanel"
}, },
"desec": { "desec": {
"display_name": "deSEC", "name": "deSEC",
"package_name": "certbot-dns-desec", "package_name": "certbot-dns-desec",
"credentials": "dns_desec_token = YOUR_DESEC_API_TOKEN\ndns_desec_endpoint = https://desec.io/api/v1/", "credentials": "dns_desec_token = YOUR_DESEC_API_TOKEN\ndns_desec_endpoint = https://desec.io/api/v1/",
"full_plugin_name": "dns-desec" "full_plugin_name": "dns-desec"
}, },
"duckdns": { "duckdns": {
"display_name": "DuckDNS", "name": "DuckDNS",
"package_name": "certbot-dns-duckdns", "package_name": "certbot-dns-duckdns",
"credentials": "dns_duckdns_token=your-duckdns-token", "credentials": "dns_duckdns_token=your-duckdns-token",
"full_plugin_name": "dns-duckdns" "full_plugin_name": "dns-duckdns"
}, },
"digitalocean": { "digitalocean": {
"display_name": "DigitalOcean", "name": "DigitalOcean",
"package_name": "certbot-dns-digitalocean", "package_name": "certbot-dns-digitalocean",
"credentials": "dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff", "credentials": "dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff",
"full_plugin_name": "dns-digitalocean" "full_plugin_name": "dns-digitalocean"
}, },
"directadmin": { "directadmin": {
"display_name": "DirectAdmin", "name": "DirectAdmin",
"package_name": "certbot-dns-directadmin", "package_name": "certbot-dns-directadmin",
"credentials": "directadmin_url = https://my.directadminserver.com:2222\ndirectadmin_username = username\ndirectadmin_password = aSuperStrongPassword", "credentials": "directadmin_url = https://my.directadminserver.com:2222\ndirectadmin_username = username\ndirectadmin_password = aSuperStrongPassword",
"full_plugin_name": "directadmin" "full_plugin_name": "directadmin"
}, },
"dnsimple": { "dnsimple": {
"display_name": "DNSimple", "name": "DNSimple",
"package_name": "certbot-dns-dnsimple", "package_name": "certbot-dns-dnsimple",
"credentials": "dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw", "credentials": "dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw",
"full_plugin_name": "dns-dnsimple" "full_plugin_name": "dns-dnsimple"
}, },
"dnsmadeeasy": { "dnsmadeeasy": {
"display_name": "DNS Made Easy", "name": "DNS Made Easy",
"package_name": "certbot-dns-dnsmadeeasy", "package_name": "certbot-dns-dnsmadeeasy",
"credentials": "dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a\ndns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55", "credentials": "dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a\ndns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55",
"full_plugin_name": "dns-dnsmadeeasy" "full_plugin_name": "dns-dnsmadeeasy"
}, },
"dnspod": { "dnspod": {
"display_name": "DNSPod", "name": "DNSPod",
"package_name": "certbot-dnspod", "package_name": "certbot-dnspod",
"credentials": "certbot_dnspod_token = <your token>\ncertbot_dnspod_token_id = <your token id>", "credentials": "certbot_dnspod_token = <your token>\ncertbot_dnspod_token_id = <your token id>",
"full_plugin_name": "certbot-dnspod" "full_plugin_name": "certbot-dnspod"
}, },
"domainoffensive": { "domainoffensive": {
"display_name": "DomainOffensive (do.de)", "name": "DomainOffensive (do.de)",
"package_name": "certbot-dns-do", "package_name": "certbot-dns-do",
"credentials": "dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN", "credentials": "dns_do_api_token = YOUR_DO_DE_AUTH_TOKEN",
"full_plugin_name": "dns-do" "full_plugin_name": "dns-do"
}, },
"domeneshop": { "domeneshop": {
"display_name": "Domeneshop", "name": "Domeneshop",
"package_name": "certbot-dns-domeneshop", "package_name": "certbot-dns-domeneshop",
"credentials": "dns_domeneshop_client_token=YOUR_DOMENESHOP_CLIENT_TOKEN\ndns_domeneshop_client_secret=YOUR_DOMENESHOP_CLIENT_SECRET", "credentials": "dns_domeneshop_client_token=YOUR_DOMENESHOP_CLIENT_TOKEN\ndns_domeneshop_client_secret=YOUR_DOMENESHOP_CLIENT_SECRET",
"full_plugin_name": "dns-domeneshop" "full_plugin_name": "dns-domeneshop"
}, },
"dynu": { "dynu": {
"display_name": "Dynu", "name": "Dynu",
"package_name": "certbot-dns-dynu", "package_name": "certbot-dns-dynu",
"credentials": "dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN", "credentials": "dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN",
"full_plugin_name": "dns-dynu" "full_plugin_name": "dns-dynu"
}, },
"eurodns": { "eurodns": {
"display_name": "EuroDNS", "name": "EuroDNS",
"package_name": "certbot-dns-eurodns", "package_name": "certbot-dns-eurodns",
"credentials": "dns_eurodns_applicationId = myuser\ndns_eurodns_apiKey = mysecretpassword\ndns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy", "credentials": "dns_eurodns_applicationId = myuser\ndns_eurodns_apiKey = mysecretpassword\ndns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy",
"full_plugin_name": "dns-eurodns" "full_plugin_name": "dns-eurodns"
}, },
"gandi": { "gandi": {
"display_name": "Gandi Live DNS", "name": "Gandi Live DNS",
"package_name": "certbot_plugin_gandi", "package_name": "certbot_plugin_gandi",
"credentials": "# Gandi personal access token\ndns_gandi_token=PERSONAL_ACCESS_TOKEN", "credentials": "# Gandi personal access token\ndns_gandi_token=PERSONAL_ACCESS_TOKEN",
"full_plugin_name": "dns-gandi" "full_plugin_name": "dns-gandi"
}, },
"godaddy": { "godaddy": {
"display_name": "GoDaddy", "name": "GoDaddy",
"package_name": "certbot-dns-godaddy", "package_name": "certbot-dns-godaddy",
"credentials": "dns_godaddy_secret = 0123456789abcdef0123456789abcdef01234567\ndns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123", "credentials": "dns_godaddy_secret = 0123456789abcdef0123456789abcdef01234567\ndns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123",
"full_plugin_name": "dns-godaddy" "full_plugin_name": "dns-godaddy"
}, },
"google": { "google": {
"display_name": "Google", "name": "Google",
"package_name": "certbot-dns-google", "package_name": "certbot-dns-google",
"credentials": "{\n\"type\": \"service_account\",\n...\n}", "credentials": "{\n\"type\": \"service_account\",\n...\n}",
"full_plugin_name": "dns-google" "full_plugin_name": "dns-google"
}, },
"googledomains": { "googledomains": {
"display_name": "GoogleDomainsDNS", "name": "GoogleDomainsDNS",
"package_name": "certbot-dns-google-domains", "package_name": "certbot-dns-google-domains",
"credentials": "dns_google_domains_access_token = 0123456789abcdef0123456789abcdef01234567\ndns_google_domains_zone = \"example.com\"", "credentials": "dns_google_domains_access_token = 0123456789abcdef0123456789abcdef01234567\ndns_google_domains_zone = \"example.com\"",
"full_plugin_name": "dns-google-domains" "full_plugin_name": "dns-google-domains"
}, },
"he": { "he": {
"display_name": "Hurricane Electric", "name": "Hurricane Electric",
"package_name": "certbot-dns-he", "package_name": "certbot-dns-he",
"credentials": "dns_he_user = Me\ndns_he_pass = my HE password", "credentials": "dns_he_user = Me\ndns_he_pass = my HE password",
"full_plugin_name": "dns-he" "full_plugin_name": "dns-he"
}, },
"hetzner": { "hetzner": {
"display_name": "Hetzner", "name": "Hetzner",
"package_name": "certbot-dns-hetzner", "package_name": "certbot-dns-hetzner",
"credentials": "dns_hetzner_api_token = 0123456789abcdef0123456789abcdef", "credentials": "dns_hetzner_api_token = 0123456789abcdef0123456789abcdef",
"full_plugin_name": "dns-hetzner" "full_plugin_name": "dns-hetzner"
}, },
"infomaniak": { "infomaniak": {
"display_name": "Infomaniak", "name": "Infomaniak",
"package_name": "certbot-dns-infomaniak", "package_name": "certbot-dns-infomaniak",
"credentials": "dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "credentials": "dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"full_plugin_name": "dns-infomaniak" "full_plugin_name": "dns-infomaniak"
}, },
"inwx": { "inwx": {
"display_name": "INWX", "name": "INWX",
"package_name": "certbot-dns-inwx", "package_name": "certbot-dns-inwx",
"credentials": "dns_inwx_url = https://api.domrobot.com/xmlrpc/\ndns_inwx_username = your_username\ndns_inwx_password = your_password\ndns_inwx_shared_secret = your_shared_secret optional", "credentials": "dns_inwx_url = https://api.domrobot.com/xmlrpc/\ndns_inwx_username = your_username\ndns_inwx_password = your_password\ndns_inwx_shared_secret = your_shared_secret optional",
"full_plugin_name": "dns-inwx" "full_plugin_name": "dns-inwx"
}, },
"ionos": { "ionos": {
"display_name": "IONOS", "name": "IONOS",
"package_name": "certbot-dns-ionos", "package_name": "certbot-dns-ionos",
"credentials": "dns_ionos_prefix = myapikeyprefix\ndns_ionos_secret = verysecureapikeysecret\ndns_ionos_endpoint = https://api.hosting.ionos.com", "credentials": "dns_ionos_prefix = myapikeyprefix\ndns_ionos_secret = verysecureapikeysecret\ndns_ionos_endpoint = https://api.hosting.ionos.com",
"full_plugin_name": "dns-ionos" "full_plugin_name": "dns-ionos"
}, },
"ispconfig": { "ispconfig": {
"display_name": "ISPConfig", "name": "ISPConfig",
"package_name": "certbot-dns-ispconfig", "package_name": "certbot-dns-ispconfig",
"credentials": "dns_ispconfig_username = myremoteuser\ndns_ispconfig_password = verysecureremoteuserpassword\ndns_ispconfig_endpoint = https://localhost:8080", "credentials": "dns_ispconfig_username = myremoteuser\ndns_ispconfig_password = verysecureremoteuserpassword\ndns_ispconfig_endpoint = https://localhost:8080",
"full_plugin_name": "dns-ispconfig" "full_plugin_name": "dns-ispconfig"
}, },
"isset": { "isset": {
"display_name": "Isset", "name": "Isset",
"package_name": "certbot-dns-isset", "package_name": "certbot-dns-isset",
"credentials": "dns_isset_endpoint=\"https://customer.isset.net/api\"\ndns_isset_token=\"<token>\"", "credentials": "dns_isset_endpoint=\"https://customer.isset.net/api\"\ndns_isset_token=\"<token>\"",
"full_plugin_name": "dns-isset" "full_plugin_name": "dns-isset"
}, },
"joker": { "joker": {
"display_name": "Joker", "name": "Joker",
"package_name": "certbot-dns-joker", "package_name": "certbot-dns-joker",
"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>", "credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
"full_plugin_name": "dns-joker" "full_plugin_name": "dns-joker"
}, },
"linode": { "linode": {
"display_name": "Linode", "name": "Linode",
"package_name": "certbot-dns-linode", "package_name": "certbot-dns-linode",
"credentials": "dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64\ndns_linode_version = [<blank>|3|4]", "credentials": "dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64\ndns_linode_version = [<blank>|3|4]",
"full_plugin_name": "dns-linode" "full_plugin_name": "dns-linode"
}, },
"loopia": { "loopia": {
"display_name": "Loopia", "name": "Loopia",
"package_name": "certbot-dns-loopia", "package_name": "certbot-dns-loopia",
"credentials": "dns_loopia_user = user@loopiaapi\ndns_loopia_password = abcdef0123456789abcdef01234567abcdef0123", "credentials": "dns_loopia_user = user@loopiaapi\ndns_loopia_password = abcdef0123456789abcdef01234567abcdef0123",
"full_plugin_name": "dns-loopia" "full_plugin_name": "dns-loopia"
}, },
"luadns": { "luadns": {
"display_name": "LuaDNS", "name": "LuaDNS",
"package_name": "certbot-dns-luadns", "package_name": "certbot-dns-luadns",
"credentials": "dns_luadns_email = user@example.com\ndns_luadns_token = 0123456789abcdef0123456789abcdef", "credentials": "dns_luadns_email = user@example.com\ndns_luadns_token = 0123456789abcdef0123456789abcdef",
"full_plugin_name": "dns-luadns" "full_plugin_name": "dns-luadns"
}, },
"namecheap": { "namecheap": {
"display_name": "Namecheap", "name": "Namecheap",
"package_name": "certbot-dns-namecheap", "package_name": "certbot-dns-namecheap",
"credentials": "dns_namecheap_username = 123456\ndns_namecheap_api_key = 0123456789abcdef0123456789abcdef01234567", "credentials": "dns_namecheap_username = 123456\ndns_namecheap_api_key = 0123456789abcdef0123456789abcdef01234567",
"full_plugin_name": "dns-namecheap" "full_plugin_name": "dns-namecheap"
}, },
"netcup": { "netcup": {
"display_name": "netcup", "name": "netcup",
"package_name": "certbot-dns-netcup", "package_name": "certbot-dns-netcup",
"credentials": "dns_netcup_customer_id = 123456\ndns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567\ndns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123", "credentials": "dns_netcup_customer_id = 123456\ndns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567\ndns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123",
"full_plugin_name": "dns-netcup" "full_plugin_name": "dns-netcup"
}, },
"njalla": { "njalla": {
"display_name": "Njalla", "name": "Njalla",
"package_name": "certbot-dns-njalla", "package_name": "certbot-dns-njalla",
"credentials": "dns_njalla_token = 0123456789abcdef0123456789abcdef01234567", "credentials": "dns_njalla_token = 0123456789abcdef0123456789abcdef01234567",
"full_plugin_name": "dns-njalla" "full_plugin_name": "dns-njalla"
}, },
"nsone": { "nsone": {
"display_name": "NS1", "name": "NS1",
"package_name": "certbot-dns-nsone", "package_name": "certbot-dns-nsone",
"credentials": "dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw", "credentials": "dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw",
"full_plugin_name": "dns-nsone" "full_plugin_name": "dns-nsone"
}, },
"oci": { "oci": {
"display_name": "Oracle Cloud Infrastructure DNS", "name": "Oracle Cloud Infrastructure DNS",
"package_name": "certbot-dns-oci", "package_name": "certbot-dns-oci",
"credentials": "[DEFAULT]\nuser = ocid1.user.oc1...\nfingerprint = xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx\ntenancy = ocid1.tenancy.oc1...\nregion = us-ashburn-1\nkey_file = ~/.oci/oci_api_key.pem", "credentials": "[DEFAULT]\nuser = ocid1.user.oc1...\nfingerprint = xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx\ntenancy = ocid1.tenancy.oc1...\nregion = us-ashburn-1\nkey_file = ~/.oci/oci_api_key.pem",
"full_plugin_name": "dns-oci" "full_plugin_name": "dns-oci"
}, },
"online": { "online": {
"display_name": "Online", "name": "Online",
"package_name": "certbot-dns-online", "package_name": "certbot-dns-online",
"credentials": "dns_online_token=0123456789abcdef0123456789abcdef01234567", "credentials": "dns_online_token=0123456789abcdef0123456789abcdef01234567",
"full_plugin_name": "dns-online" "full_plugin_name": "dns-online"
}, },
"ovh": { "ovh": {
"display_name": "OVH", "name": "OVH",
"package_name": "certbot-dns-ovh", "package_name": "certbot-dns-ovh",
"credentials": "dns_ovh_endpoint = ovh-eu\ndns_ovh_application_key = MDAwMDAwMDAwMDAw\ndns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw\ndns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw", "credentials": "dns_ovh_endpoint = ovh-eu\ndns_ovh_application_key = MDAwMDAwMDAwMDAw\ndns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw\ndns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw",
"full_plugin_name": "dns-ovh" "full_plugin_name": "dns-ovh"
}, },
"plesk": { "plesk": {
"display_name": "Plesk", "name": "Plesk",
"package_name": "certbot-dns-plesk", "package_name": "certbot-dns-plesk",
"credentials": "dns_plesk_username = your-username\ndns_plesk_password = secret\ndns_plesk_api_url = https://plesk-api-host:8443", "credentials": "dns_plesk_username = your-username\ndns_plesk_password = secret\ndns_plesk_api_url = https://plesk-api-host:8443",
"full_plugin_name": "dns-plesk" "full_plugin_name": "dns-plesk"
}, },
"porkbun": { "porkbun": {
"display_name": "Porkbun", "name": "Porkbun",
"package_name": "certbot-dns-porkbun", "package_name": "certbot-dns-porkbun",
"credentials": "dns_porkbun_key=your-porkbun-api-key\ndns_porkbun_secret=your-porkbun-api-secret", "credentials": "dns_porkbun_key=your-porkbun-api-key\ndns_porkbun_secret=your-porkbun-api-secret",
"full_plugin_name": "dns-porkbun" "full_plugin_name": "dns-porkbun"
}, },
"powerdns": { "powerdns": {
"display_name": "PowerDNS", "name": "PowerDNS",
"package_name": "certbot-dns-powerdns", "package_name": "certbot-dns-powerdns",
"credentials": "dns_powerdns_api_url = https://api.mypowerdns.example.org\ndns_powerdns_api_key = AbCbASsd!@34", "credentials": "dns_powerdns_api_url = https://api.mypowerdns.example.org\ndns_powerdns_api_key = AbCbASsd!@34",
"full_plugin_name": "dns-powerdns" "full_plugin_name": "dns-powerdns"
}, },
"regru": { "regru": {
"display_name": "reg.ru", "name": "reg.ru",
"package_name": "certbot-regru", "package_name": "certbot-regru",
"credentials": "dns_username=username\ndns_password=password", "credentials": "dns_username=username\ndns_password=password",
"full_plugin_name": "dns" "full_plugin_name": "dns"
}, },
"rfc2136": { "rfc2136": {
"display_name": "RFC 2136", "name": "RFC 2136",
"package_name": "certbot-dns-rfc2136", "package_name": "certbot-dns-rfc2136",
"credentials": "# Target DNS server\ndns_rfc2136_server = 192.0.2.1\n# Target DNS port\ndns_rfc2136_port = 53\n# TSIG key name\ndns_rfc2136_name = keyname.\n# TSIG key secret\ndns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg==\n# TSIG key algorithm\ndns_rfc2136_algorithm = HMAC-SHA512", "credentials": "# Target DNS server\ndns_rfc2136_server = 192.0.2.1\n# Target DNS port\ndns_rfc2136_port = 53\n# TSIG key name\ndns_rfc2136_name = keyname.\n# TSIG key secret\ndns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg==\n# TSIG key algorithm\ndns_rfc2136_algorithm = HMAC-SHA512",
"full_plugin_name": "dns-rfc2136" "full_plugin_name": "dns-rfc2136"
}, },
"strato": { "strato": {
"display_name": "Strato", "name": "Strato",
"package_name": "certbot-dns-strato", "package_name": "certbot-dns-strato",
"credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if you are using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if you are not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"", "credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if you are using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if you are not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"",
"full_plugin_name": "dns-strato" "full_plugin_name": "dns-strato"
}, },
"transip": { "transip": {
"display_name": "TransIP", "name": "TransIP",
"package_name": "certbot-dns-transip", "package_name": "certbot-dns-transip",
"credentials": "dns_transip_username = my_username\ndns_transip_key_file = /data/tls/certbot/transip-rsa.key", "credentials": "dns_transip_username = my_username\ndns_transip_key_file = /data/tls/certbot/transip-rsa.key",
"full_plugin_name": "dns-transip" "full_plugin_name": "dns-transip"
}, },
"tencentcloud": { "tencentcloud": {
"display_name": "Tencent Cloud", "name": "Tencent Cloud",
"package_name": "certbot-dns-tencentcloud", "package_name": "certbot-dns-tencentcloud",
"credentials": "dns_tencentcloud_secret_id = TENCENT_CLOUD_SECRET_ID\ndns_tencentcloud_secret_key = TENCENT_CLOUD_SECRET_KEY", "credentials": "dns_tencentcloud_secret_id = TENCENT_CLOUD_SECRET_ID\ndns_tencentcloud_secret_key = TENCENT_CLOUD_SECRET_KEY",
"full_plugin_name": "dns-tencentcloud" "full_plugin_name": "dns-tencentcloud"
}, },
"vultr": { "vultr": {
"display_name": "Vultr", "name": "Vultr",
"package_name": "certbot-dns-vultr", "package_name": "certbot-dns-vultr",
"credentials": "dns_vultr_key = YOUR_VULTR_API_KEY", "credentials": "dns_vultr_key = YOUR_VULTR_API_KEY",
"full_plugin_name": "dns-vultr" "full_plugin_name": "dns-vultr"
}, },
"websupportsk": { "websupportsk": {
"display_name": "Websupport.sk", "name": "Websupport.sk",
"package_name": "certbot-dns-websupportsk", "package_name": "certbot-dns-websupportsk",
"credentials": "dns_websupportsk_api_key = <api_key>\ndns_websupportsk_secret = <secret>\ndns_websupportsk_domain = example.com", "credentials": "dns_websupportsk_api_key = <api_key>\ndns_websupportsk_secret = <secret>\ndns_websupportsk_domain = example.com",
"full_plugin_name": "dns-websupportsk" "full_plugin_name": "dns-websupportsk"

20
rootfs/usr/local/bin/entrypoint.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
cd / || exit
for patch in /data/etc/prerun/patches/*.patch; do
[ -e "$patch" ] || break
echo "Applying prerun patch using patch -p1: $patch"
patch -p1 <"$patch"
done
for script in /data/etc/prerun/scripts/*.sh; do
[ -e "$patch" ] || break
echo "Exexcuting prerun script: $script"
chmod +x "$script"
"$script"
done
cd /app || exit
start.sh

38
rootfs/usr/local/bin/start.sh
View File

@@ -31,8 +31,8 @@ if [ -n "$NPM_CERT_ID" ] && [ -z "$DEFAULT_CERT_ID" ]; then
fi fi
if [ -z "$TZ" ] || ! echo "$TZ" | grep -q "^[A-Za-z/]\+$"; then if [ -z "$TZ" ] || ! echo "$TZ" | grep -q "^[A-Za-z0-9/_+-]\+$"; then
echo "TZ is unset or invalid." echo "TZ is unset or invalid, it can consist of lower and upper letters a-z A-Z, numbers 0-9, slashes, underscores, plus and minus signs."
sleep inf sleep inf
fi fi
@@ -67,32 +67,32 @@ if ! echo "$GOA_PORT" | grep -q "^[0-9]\+$"; then
fi fi
if ! echo "$IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then if ! echo "$IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
echo "IPV4_BINDING needs to be a IPv4-Address." echo "IPV4_BINDING needs to be a IPv4-Address: four blocks of numbers separated by dots."
sleep inf sleep inf
fi fi
if ! echo "$NPM_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then if ! echo "$NPM_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
echo "NPM_IPV4_BINDING needs to be a IPv4-Address." echo "NPM_IPV4_BINDING needs to be a IPv4-Address: four blocks of numbers separated by dots."
sleep inf sleep inf
fi fi
if ! echo "$GOA_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then if ! echo "$GOA_IPV4_BINDING" | grep -q "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$"; then
echo "GOA_IPV4_BINDING needs to be a IPv4-Address." echo "GOA_IPV4_BINDING needs to be a IPv4-Address: four blocks of numbers separated by dots."
sleep inf sleep inf
fi fi
if ! echo "$IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then if ! echo "$IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then
echo "IPV6_BINDING needs to be a IPv6-Address inside []." echo "IPV6_BINDING needs to be a IPv6-Address inside []: lower letters a-f, numbers 0-9 and colons."
sleep inf sleep inf
fi fi
if ! echo "$NPM_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then if ! echo "$NPM_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then
echo "NPM_IPV6_BINDING needs to be a IPv6-Address inside []." echo "NPM_IPV6_BINDING needs to be a IPv6-Address inside []: lower letters a-f, numbers 0-9 and colons."
sleep inf sleep inf
fi fi
if ! echo "$GOA_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then if ! echo "$GOA_IPV6_BINDING" | grep -q "^\[[0-9a-f:]\+\]$"; then
echo "GOA_IPV6_BINDING needs to be a IPv6-Address inside []." echo "GOA_IPV6_BINDING needs to be a IPv6-Address inside []: lower letters a-f, numbers 0-9 and colons."
sleep inf sleep inf
fi fi
@@ -543,14 +543,14 @@ cp /usr/local/nginx/conf/conf.d/include/coreruleset/rules/RESPONSE-999-EXCLUSION
if [ "$DEFAULT_CERT_ID" = "0" ]; then if [ "$DEFAULT_CERT_ID" = "0" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem export DEFAULT_KEY=/data/tls/dummykey.pem
echo "no DEFAULT_CERT_ID set, using dummycerts for npm and default hosts." echo "no DEFAULT_CERT_ID set, using dummycerts."
else else
if [ -d "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID" ]; then if [ -d "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID" ]; then
if [ ! -s /data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem ]; then if [ ! -s /data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem ]; then
echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist" echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts." echo "using dummycerts."
else else
export DEFAULT_CERT=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem export DEFAULT_CERT=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/fullchain.pem
echo "DEFAULT_CERT set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem" echo "DEFAULT_CERT set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/fullchain.pem"
@@ -559,7 +559,7 @@ else
echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem does not exist" echo "/data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts." echo "using dummycerts."
else else
export DEFAULT_KEY=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/privkey.pem export DEFAULT_KEY=/data/tls/certbot/live/npm-"$DEFAULT_CERT_ID"/privkey.pem
echo "DEFAULT_KEY set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem" echo "DEFAULT_KEY set to /data/tls/certbot/live/npm-$DEFAULT_CERT_ID/privkey.pem"
@@ -578,7 +578,7 @@ else
echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist" echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts." echo "using dummycerts."
else else
export DEFAULT_CERT=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/fullchain.pem export DEFAULT_CERT=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/fullchain.pem
echo "DEFAULT_CERT set to /data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem" echo "DEFAULT_CERT set to /data/tls/custom/npm-$DEFAULT_CERT_ID/fullchain.pem"
@@ -587,7 +587,7 @@ else
echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem does not exist" echo "/data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem does not exist"
export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem export DEFAULT_KEY=/data/tls/dummykey.pem
echo "using dummycerts for npm and default hosts." echo "using dummycerts."
else else
export DEFAULT_KEY=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/privkey.pem export DEFAULT_KEY=/data/tls/custom/npm-"$DEFAULT_CERT_ID"/privkey.pem
echo "DEFAULT_KEY set to /data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem" echo "DEFAULT_KEY set to /data/tls/custom/npm-$DEFAULT_CERT_ID/privkey.pem"
@@ -604,19 +604,19 @@ else
else else
export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem export DEFAULT_KEY=/data/tls/dummykey.pem
echo "cert with ID $DEFAULT_CERT_ID does not exist, using dummycerts for npm and default hosts." echo "cert with ID $DEFAULT_CERT_ID does not exist, using dummycerts."
fi fi
fi fi
if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" != "/data/tls/dummykey.pem" ]; then if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" != "/data/tls/dummykey.pem" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem export DEFAULT_KEY=/data/tls/dummykey.pem
echo "something went wrong, using dummycerts for npm and default hosts." echo "something went wrong, using dummycerts."
fi fi
if [ "$DEFAULT_CERT" != "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then if [ "$DEFAULT_CERT" != "/data/tls/dummycert.pem" ] && [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then
export DEFAULT_CERT=/data/tls/dummycert.pem export DEFAULT_CERT=/data/tls/dummycert.pem
export DEFAULT_KEY=/data/tls/dummykey.pem export DEFAULT_KEY=/data/tls/dummykey.pem
echo "something went wrong, using dummycerts for npm and default hosts." echo "something went wrong, using dummycerts."
fi fi
if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] || [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then if [ "$DEFAULT_CERT" = "/data/tls/dummycert.pem" ] || [ "$DEFAULT_KEY" = "/data/tls/dummykey.pem" ]; then
@@ -817,8 +817,7 @@ if [ "$PUID" != "0" ]; then
echo "ERROR: Unable to set group against the user properly" echo "ERROR: Unable to set group against the user properly"
sleep inf sleep inf
fi fi
chown -R "$PUID:$PGID" /usr/local/certbot \ chown -R "$PUID:$PGID" /usr/local \
/usr/local/nginx \
/data \ /data \
/run \ /run \
/tmp /tmp
@@ -837,8 +836,7 @@ if [ "$PUID" != "0" ]; then
sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
sudo -Eu npm launch.sh sudo -Eu npm launch.sh
else else
chown -R 0:0 /usr/local/certbot \ chown -R 0:0 /usr/local \
/usr/local/nginx \
/data \ /data \
/run \ /run \
/tmp /tmp

2
rootfs/usr/local/nginx/conf/conf.d/npm.conf
View File

@@ -27,7 +27,7 @@ server {
} }
location / { location / {
root /app/frontend; root /html/frontend;
if ($request_uri ~ ^/(.*)\.html$) { if ($request_uri ~ ^/(.*)\.html$) {
return 302 /$1; return 302 /$1;
} }