docker-letsencrypt-nginx-proxy-companion

mirror/docker-letsencrypt-nginx-proxy-companion

mirror of https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion synced 2024-11-23 09:12:15 +01:00

Author	SHA1	Message	Date
Nicolas Duchon	a16a97fe11	fix: restrict private key permissions (#1016 ) * fix: restrict private file permissions by default * fix: check perms of /etc/acme.sh private keys * fix: typo	2023-03-27 19:03:21 +02:00
Nicolas Duchon	87c27d22a6	feat: use EAB if available no matter the ACME CI (#981 ) * ci: setup Pebble with docker-compose + .env file * refactor: move acme.sh hooks further down the file * feat: user EAB with other CAs than Zero SSL * tests: ACME External Account Binding (EAB) * ci: add local Pebble EAB testing	2022-12-06 12:28:48 +01:00
Nicolas Duchon	67d4194fb6	feat: use pre generated RFC7919 DH groups Co-authored-by: polarathene <5098581+polarathene@users.noreply.github.com>	2021-12-14 23:32:39 +01:00
Nicolas Duchon	dddd7a5a82	fix: prevent endless loop of wildcard enumeration	2021-12-08 15:37:15 +01:00
Logan Kennelly	ffffdc86bd	Fix unintentional file globbing during wildcard lookup Matching globs are common because the script runs in the certs directory. The test uses a suffix match as the test domains don't include subdomains, although such cases should probably be considered. Fix the le3.wtf test. The existing add_location_configuration modifies "default"; a second add is not necessary. Fixes #763	2021-03-15 18:14:22 -07:00
Nicolas Duchon	c821d809f6	Change ACME client to acme.sh	2020-11-27 14:44:01 +01:00
Remo Gloor	6ede7a7663	Search in all config files for standalone config Search in all .conf files for the server configuration when a standalone configuration exists.	2020-11-12 18:04:53 +01:00
Nicolas Duchon	09518fec98	Grep more than just the domain for standalone conf	2020-07-17 14:24:39 +02:00
Nicolas Duchon	728a893505	Set auth_request off #570	2020-05-11 15:47:00 +02:00
Nicolas Duchon	45df81962e	Shell linting	2020-05-11 15:43:07 +02:00
Nicolas Duchon	8a936cc4fe	Add standalone certificate feature Standalone certificates are generated from a static user provided configuration file rather than from the dynamicaly generated (from running containers environment variables) letsencrypt_service_data file.	2020-05-10 19:35:59 +02:00
Nicolas Duchon	e49c2d5213	Shellcheck linting (#641 )	2020-03-23 08:20:46 +01:00
Nicolas Duchon	30c51154e4	Clearer debug and comments on set_ownership_and_permissions()	2019-10-10 11:50:18 +02:00
Nicolas Duchon	90e6fbcb49	Use wildcard location configurations fix #561	2019-08-02 19:55:12 +02:00
Nicolas Duchon	36ef610f0e	Use cp/rm instead of mv on location configuration mv does not work with file bind mounted inside a container with --volume as their inode can't be changed from within the container	2019-06-09 14:18:05 +02:00
Nicolas Duchon	522d396b0d	Fix unbound variable issue in get_self_cid fix #542	2019-05-17 18:01:59 +02:00
Max Zhao	af4784d444	Fixing get cid to retry alternative sources. Also use regex to exactly match 64 char CID	2019-02-28 10:47:14 +01:00
Nicolas Duchon	fb2d0b2371	Use multiple methods to obtain self cid (#499 ) fix #498	2019-01-16 11:29:24 +01:00
Nicolas Duchon	70405ffde9	Simplify the self cid discovery mechanism Also remove the hard requirement that the container get its self cid during entrypoint as it is only used to produce a warning and to get the nginx-proxy container id through --volumes-from, which is only one of the three methods. The fact that the LE container could get an nginx-proxy container id is independently verified by the entrypoint script anyway and this hard requirement on getting its self cid has been known to cause troubles with containers running under orchestrators such as Amazon ECS or Kubernetes.	2019-01-09 20:49:11 +01:00
Grieche	fbab2c2913	* New environmental variable LETSENCRYPT_RESTART_CONTAINER Containers with this variable set to true will be restarted when their respective certificates are updated/modified.	2018-12-19 20:29:49 +01:00
Nicolas Duchon	feefd2d646	Manage ownership of symlinks too Fix #471	2018-12-15 00:14:42 +01:00
Nicolas Duchon	5ac2ba963e	Make the DEBUG env var case insensitive (#480 ) bug spotted by @desimaniac	2018-12-14 09:49:51 +01:00
Nicolas Duchon	5e10577638	Change ownership of public files too	2018-10-29 13:32:37 +01:00
Nicolas Duchon	d277e66089	Check perms only on simp_le non error exit	2018-10-29 10:32:17 +01:00
Nicolas Duchon	7fe8dd27f1	Check if path exist before perm check	2018-10-29 10:32:17 +01:00
Nicolas Duchon	a8f906b9ca	Default perms 755 (folders) - 644 (files)	2018-10-29 10:32:12 +01:00
Nicolas Duchon	c5d59e0c45	Ownership and permissions configuration	2018-10-29 00:43:45 +01:00
Nicolas Duchon	cd5729ce02	Check & enforce perms on sensitive files fix #412	2018-09-16 09:20:58 +02:00
Nicolas Duchon	7ac961b092	Create default cert and key if absent	2018-08-02 22:56:59 +02:00
Nicolas Duchon	d33a403d09	Silence docker_exec noisy output after #401 (#402 ) Going through /app/docker-entrypoint.sh in the nginx-proxy container generate some unwanted noise to std out.	2018-07-08 14:10:10 +02:00
Thom Seddon	060365a672	invoke /app/docker-entrypoint.sh when reloading nginx-proxy	2018-06-14 13:19:47 +01:00
Nicolas Duchon	e88a5a72d4	Error message enhancement to #321 (#393 ) Output a different message when the check_nginx_proxy_container_run function can't get a container ID.	2018-06-05 09:44:16 +02:00
Nicolas Duchon	aca144c6ef	Move the self ID retrieval to /app/functions.sh (#382 ) Fix #375 This enable the /app/force_renew script to get the LE companion container ID, which is required to check if the nginx container is running (#321) when using the --volumes-from method.	2018-05-20 18:15:10 +02:00
Nicolas Duchon	16f0222532	Additional check for docker-gen	2018-03-16 18:34:26 +01:00
Nicolas Duchon	866dda12b9	Rework nginx-proxy and docker-gen cid acquisition Make #321 work with three containers setups too.	2018-03-16 18:34:26 +01:00
Nicolas Duchon	3b212f2bf3	Minor edits for coding style consistency	2018-03-16 18:34:26 +01:00
Nicolas Duchon	3af5ae8b16	Change ambiguous variable and function names	2018-02-19 12:43:34 +01:00
Lilit	4c51c2d51c	Log error if nginx-proxy is not running	2018-02-01 14:23:54 +03:00
Nicolas Duchon	83174ed375	Shell linting https://github.com/koalaman/shellcheck/wiki start.sh: Fix SC2173 on line 14. letsencrypt_service: Ignore SC2120 and SC1090. Fix SC1087 on line 54, SC2068 on lines 54 and 124. Fix SC2034 on lines 12, 13, 19 and 20. + use pushd / popd to change the CWD back to /etc/nginx/certs after simp_le execution. functions.sh: Ignore SC2155. Add the missing shebang. entrypoint.sh: Ignore SC2155.	2017-11-22 18:27:39 +01:00
Ali	d42c846d8e	Removed -only-exposed from from docker-gen calls (#281 ) Remove the last remaining -only-exposed on /app/function.sh after #230	2017-11-20 19:59:51 +01:00
Helder Correia	27d433cb63	Complete support for dynamic container names (#231 ) * Allow setting NGINX_DOCKER_GEN_CONTAINER from a label * Find labeled cid in runtime instead of startup time	2017-07-13 12:44:02 +02:00
PauRE	a1a6732812	Fix renewals on separate containers (#165 ) * Added support to reload nginx containter in case only certificates renewal happend. Reusing the autodetection from --volumes-from.	2017-05-28 17:30:10 +02:00
Bjoern Busch	783ae214cf	Update docker API call Based on the docker issue (https://github.com/docker/docker/issues/26099) the docker api needs to be called with `localhost` in the URL.	2017-01-19 21:14:10 +01:00
Yves Blusseau	9295c1d151	Don't remove created configuration files in vhost.d Close #69	2016-07-28 13:11:57 +02:00
ryneeverett	7c16aaa2a1	functions.lib -> functions.sh This way any editor can figure out the file type automatically.	2016-06-25 18:31:15 -04:00

45 Commits