Safer and flexible boolean env vars

Tweak ownership output
Ownership script shakeup
2025-07-12 04:39:37 +00:00 · 2025-07-09 21:27:50 +10:00 · 2025-07-09 21:01:21 +10:00 · 2025-07-09 20:30:27 +10:00 · 2025-07-09 18:19:50 +10:00 · 2025-07-09 16:36:26 +10:00
6 changed files with 55 additions and 35 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.12.5
+2.12.6
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.12.5-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.6-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@ -8,37 +8,53 @@ log_info 'Setting ownership ...'
 # root
 chown root /tmp/nginx
-# npm user and group
+locations=(
-chown -R "$PUID:$PGID" /data
+	"/data"
-chown -R "$PUID:$PGID" /etc/letsencrypt
+	"/etc/letsencrypt"
-chown -R "$PUID:$PGID" /run/nginx
+	"/run/nginx"
-chown -R "$PUID:$PGID" /tmp/nginx
+	"/tmp/nginx"
-chown -R "$PUID:$PGID" /var/cache/nginx
+	"/var/cache/nginx"
-chown -R "$PUID:$PGID" /var/lib/logrotate
+	"/var/lib/logrotate"
-chown -R "$PUID:$PGID" /var/lib/nginx
+	"/var/lib/nginx"
-chown -R "$PUID:$PGID" /var/log/nginx
+	"/var/log/nginx"
 	"/etc/nginx/nginx"
 	"/etc/nginx/nginx.conf"
 	"/etc/nginx/conf.d"
 )
-# Don't chown entire /etc/nginx folder as this causes crashes on some systems
+chownit() {
-chown -R "$PUID:$PGID" /etc/nginx/nginx
+	local dir="$1"
-chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+	local recursive="${2:-true}"
 chown -R "$PUID:$PGID" /etc/nginx/conf.d
-# Certbot directories - optimized approach
+	local have
-CERT_INIT_FLAG="/opt/certbot/.ownership_initialized"
+	have="$(stat -c '%u:%g' "$dir")"
 	echo "- $dir ... "
-if [ ! -f "$CERT_INIT_FLAG" ]; then
+	if [ "$have" != "$PUID:$PGID" ]; then
-	# Prevents errors when installing python certbot plugins when non-root
+		if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then
-	if [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
+			chown -R "$PUID:$PGID" "$dir"
-		log_info 'Changing ownership of /opt/certbot directories ...'
+		else
-		chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+			chown "$PUID:$PGID" "$dir"
 		fi
 		echo "    DONE"
 	else
 		echo "    SKIPPED"
 	fi
 }
 for loc in "${locations[@]}"; do
 	chownit "$loc"
 done
 if [ "$(is_true "${SKIP_CERTBOT_OWNERSHIP:-}")" = '1' ]; then
 	log_info 'Skipping ownership change of certbot directories'
 else
 	log_info 'Changing ownership of certbot directories, this may take some time ...'
 	chownit "/opt/certbot" false
 	chownit "/opt/certbot/bin" false
 	# Handle all site-packages directories efficiently
 	find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
-		chown -R "$PUID:$PGID" "$SITE_PACKAGES_DIR"
+		chownit "$SITE_PACKAGES_DIR"
 	done
 	# Create a flag file to skip this step on subsequent runs
 	touch "$CERT_INIT_FLAG"
 	chown "$PUID:$PGID" "$CERT_INIT_FLAG"
 fi
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
@ -5,12 +5,9 @@ set -e
 log_info 'Dynamic resolvers ...'
 DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
 # Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
 # thanks @tfmm
-if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ];
+if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
 then
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
 else
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
@ -8,14 +8,11 @@ set -e
 log_info 'IPv6 ...'
 # Lowercase
 DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
 process_folder () {
 	FILES=$(find "$1" -type f -name "*.conf")
 	SED_REGEX=
-	if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ]; then
+	if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
 		# IPV6 is disabled
 		echo "Disabling IPV6 in hosts in: $1"
 		SED_REGEX='s/^([^#]*)listen \[::\]/\1#listen [::]/g'
--- a/docker/rootfs/usr/bin/common.sh
+++ b/docker/rootfs/usr/bin/common.sh
@ -56,3 +56,13 @@ get_group_id () {
 		getent group "$1" | cut -d: -f3
 	fi
 }
 # param $1: value
 is_true () {
 	VAL=$(echo "${1:-}" | tr '[:upper:]' '[:lower:]')
 	if [ "$VAL" == 'true' ] || [ "$VAL" == 'on' ] || [ "$VAL" == '1' ] || [ "$VAL" == 'yes' ]; then
 		echo '1'
 	else
 		echo '0'
 	fi
 }
Author	SHA1	Message	Date
Jamie Curnow	54d463ac36	Safer and flexible boolean env vars	2025-07-09 21:27:50 +10:00
Jamie Curnow	a23dc24021	Tweak ownership output	2025-07-09 21:01:21 +10:00
Jamie Curnow	4f9df893c8	Ownership script shakeup - Don't touch a file to determine if we need to run - Instead, check ownership of each location and skip it if we are happy - Keeping SKIP_CERTBOT_OWNERSHIP flag - More vebose logging of outcomes	2025-07-09 20:30:27 +10:00
Jamie Curnow	304b38e82b	Fix ownership if statement	2025-07-09 18:19:50 +10:00
jc21	1b0929ade6	Merge branch 'master' into develop	2025-07-09 16:36:26 +10:00
Jamie Curnow	ddbafb62a6	bump version	2025-07-09 16:33:50 +10:00
Jamie Curnow	9a0383bc73	Move SKIP_CERTBOT_OWNERSHIP check around the entire certbot code	2025-07-09 16:30:45 +10:00