From add2e0819e28f4581ff6dceac14e9db122423cb8 Mon Sep 17 00:00:00 2001 From: "Andrew M. Zhang" Date: Tue, 16 May 2023 00:19:32 -0500 Subject: [PATCH 1/3] Implements custom ACME servers Code mostly taken from: https://github.com/tashian/docker-swag/commit/564e0d8175624dd8f5e4c648f0ff36ecb93de7d1 Co-authored-by: Carl Tashian --- readme-vars.yml | 7 +++++++ root/app/le-renew.sh | 4 ++++ .../s6-rc.d/init-certbot-config/run | 20 ++++++++++++++++--- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/readme-vars.yml b/readme-vars.yml index 64f8b715..d634f072 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -50,7 +50,13 @@ opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" } - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } +<<<<<<< HEAD - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } +======= + - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } + - { env_var: "ACMESERVER", env_value: "", desc: "The URL of a custom ACME server to use." } + - { env_var: "ACMECABUNDLE", env_value: "", desc: "A base64-encoded PEM file containing a CA bundle to trust, for use with an internal ACME CA. Required for a custom ACME CA." } +>>>>>>> 2314a03 (Implements custom ACME servers) - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" } @@ -184,6 +190,7 @@ changelogs: - { date: "07.08.23:", desc: "Add Bunny DNS Configuration." } - { date: "27.07.23:", desc: "Added support for dreamhost validation." } - { date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf." } + - { date: "21.05.23:", desc: "Allow custom ACME servers. Supply URL and CA bundle" } - { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." } - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." } - { date: "25.03.23:", desc: "Fix renewal post hook." } diff --git a/root/app/le-renew.sh b/root/app/le-renew.sh index 7f2137a2..fa9aef0f 100644 --- a/root/app/le-renew.sh +++ b/root/app/le-renew.sh @@ -1,6 +1,10 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash +if [[ -f "/config/cabundle.pem" ]]; then + export REQUESTS_CA_BUNDLE="/config/cabundle.pem" +fi + echo "<------------------------------------------------->" echo echo "<------------------------------------------------->" diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index f3ad0aaf..16b437cb 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -12,6 +12,8 @@ EXTRA_DOMAINS=${EXTRA_DOMAINS}\\n\ ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\ VALIDATION=${VALIDATION}\\n\ CERTPROVIDER=${CERTPROVIDER}\\n\ +ACMESERVER=${ACMESERVER}\\n\ +ACMECABUNDLE=${ACMECABUNDLE}\\n\ DNSPLUGIN=${DNSPLUGIN}\\n\ EMAIL=${EMAIL}\\n\ STAGING=${STAGING}\\n" @@ -81,7 +83,7 @@ if [[ -f "/config/donoteditthisfile.conf" ]]; then mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf fi if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then - echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf + echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGACMESERVER=\"$ACMESERVER\" ORIGACMECABUNDLE=\"$ACMECABUNDLE\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf echo "Created .donoteditthisfile.conf" fi @@ -214,10 +216,10 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] || fi # saving new variables -echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf +echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGACMESERVER=\"$ACMESERVER\" ORIGACMECABUNDLE=\"$ACMECABUNDLE\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf # Check if the cert is using the old LE root cert, revoke and regen if necessary -if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then +if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || ([[ "${CERTPROVIDER}" == "" ]] && [[ -z "$ACMECABUNDLE" ]]); } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then @@ -232,12 +234,24 @@ fi if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then echo "ZeroSSL does not support staging mode, ignoring STAGING variable" fi +if [[ "${CERTPROVIDER}" = "custom" ]] && [[ "${STAGING}" = "true" ]]; then + echo "Custom ACME does not support staging mode, ignoring STAGING variable" +fi if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then echo "ZeroSSL is selected as the cert provider, registering cert with ${EMAIL}" ACMESERVER="https://acme.zerossl.com/v2/DV90" elif [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -z "${EMAIL}" ]]; then echo "ZeroSSL is selected as the cert provider, but the e-mail address has not been entered. Please visit https://zerossl.com, register a new account and set the account e-mail address in the EMAIL environment variable" sleep infinity +elif [[ "${CERTPROVIDER}" = "custom" ]] && [[ -n "${EMAIL}" ]]; then + echo "Using $ACMESERVER as the cert provider; registering cert with $EMAIL" + if [ -n "$ACMECABUNDLE" ]; then + echo "$ACMECABUNDLE" | base64 -d - > /config/cabundle.pem + export REQUESTS_CA_BUNDLE="/config/cabundle.pem" + fi +elif [[ "${CERTPROVIDER}" = "custom" ]] && [[ -z "${EMAIL}" ]]; then + echo "A custom ACME server is selected as the cert provider, but the e-email address has not been entered." + sleep infinity elif [[ "${STAGING}" = "true" ]]; then echo "NOTICE: Staging is active" echo "Using Let's Encrypt as the cert provider" From 7ad93e90d2231c8a0783eb333a092a1e67ae5256 Mon Sep 17 00:00:00 2001 From: "Andrew M. Zhang" Date: Tue, 16 May 2023 00:19:32 -0500 Subject: [PATCH 2/3] Implements custom ACME servers Code mostly taken from: https://github.com/tashian/docker-swag/commit/564e0d8175624dd8f5e4c648f0ff36ecb93de7d1 Co-authored-by: Carl Tashian --- readme-vars.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/readme-vars.yml b/readme-vars.yml index d634f072..6b4129e5 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -50,13 +50,9 @@ opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" } - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } -<<<<<<< HEAD - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynudns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } -======= - - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "ACMESERVER", env_value: "", desc: "The URL of a custom ACME server to use." } - { env_var: "ACMECABUNDLE", env_value: "", desc: "A base64-encoded PEM file containing a CA bundle to trust, for use with an internal ACME CA. Required for a custom ACME CA." } ->>>>>>> 2314a03 (Implements custom ACME servers) - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" } From fd35067a1653302b6e4d1868ce46535f334381db Mon Sep 17 00:00:00 2001 From: Denis Govorkov Date: Wed, 31 Jan 2024 19:15:30 +0300 Subject: [PATCH 3/3] Removed php --- Dockerfile | 119 ++++-------------- Dockerfile.aarch64 | 31 ----- .../nginx/site-confs/default.conf.sample | 25 +--- 3 files changed, 27 insertions(+), 148 deletions(-) diff --git a/Dockerfile b/Dockerfile index b1cb94f1..9975084c 100755 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,6 @@ RUN \ echo "**** install build packages ****" && \ apk add --no-cache --virtual=build-dependencies \ build-base \ - cargo \ libffi-dev \ libxml2-dev \ libxslt-dev \ @@ -27,57 +26,10 @@ RUN \ apk add --no-cache \ fail2ban \ gnupg \ - memcached \ nginx-mod-http-brotli \ - nginx-mod-http-dav-ext \ - nginx-mod-http-echo \ - nginx-mod-http-fancyindex \ - nginx-mod-http-geoip2 \ - nginx-mod-http-headers-more \ - nginx-mod-http-image-filter \ - nginx-mod-http-perl \ - nginx-mod-http-redis2 \ - nginx-mod-http-set-misc \ - nginx-mod-http-upload-progress \ - nginx-mod-http-xslt-filter \ - nginx-mod-mail \ - nginx-mod-rtmp \ - nginx-mod-stream \ - nginx-mod-stream-geoip2 \ - nginx-vim \ - php83-bcmath \ - php83-bz2 \ - php83-dom \ - php83-exif \ - php83-ftp \ - php83-gd \ - php83-gmp \ - php83-imap \ - php83-intl \ - php83-ldap \ - php83-mysqli \ - php83-mysqlnd \ - php83-opcache \ - php83-pdo_mysql \ - php83-pdo_odbc \ - php83-pdo_pgsql \ - php83-pdo_sqlite \ - php83-pear \ - php83-pecl-apcu \ - php83-pecl-memcached \ - php83-pecl-redis \ - php83-pgsql \ - php83-posix \ - php83-soap \ - php83-sockets \ - php83-sodium \ - php83-sqlite3 \ - php83-tokenizer \ - php83-xmlreader \ - php83-xsl \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \ - php83-pecl-mcrypt && \ + && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ @@ -88,50 +40,6 @@ RUN \ wheel && \ pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.19/ \ certbot==${CERTBOT_VERSION} \ - certbot-dns-acmedns \ - certbot-dns-aliyun \ - certbot-dns-azure \ - certbot-dns-bunny \ - certbot-dns-cloudflare \ - certbot-dns-cpanel \ - certbot-dns-desec \ - certbot-dns-digitalocean \ - certbot-dns-directadmin \ - certbot-dns-dnsimple \ - certbot-dns-dnsmadeeasy \ - certbot-dns-dnspod \ - certbot-dns-do \ - certbot-dns-domeneshop \ - certbot-dns-dreamhost \ - certbot-dns-duckdns \ - certbot-dns-dynudns \ - certbot-dns-freedns \ - certbot-dns-gehirn \ - certbot-dns-glesys \ - certbot-dns-godaddy \ - certbot-dns-google \ - certbot-dns-google-domains \ - certbot-dns-he \ - certbot-dns-hetzner \ - certbot-dns-infomaniak \ - certbot-dns-inwx \ - certbot-dns-ionos \ - certbot-dns-linode \ - certbot-dns-loopia \ - certbot-dns-luadns \ - certbot-dns-namecheap \ - certbot-dns-netcup \ - certbot-dns-njalla \ - certbot-dns-nsone \ - certbot-dns-ovh \ - certbot-dns-porkbun \ - certbot-dns-rfc2136 \ - certbot-dns-route53 \ - certbot-dns-sakuracloud \ - certbot-dns-standalone \ - certbot-dns-transip \ - certbot-dns-vultr \ - certbot-plugin-gandi \ cryptography \ future \ requests && \ @@ -172,8 +80,31 @@ RUN \ /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \ echo "**** cleanup ****" && \ apk del --purge \ - build-dependencies && \ + build-dependencies \ + php83 \ + php83-ctype \ + php83-curl \ + php83-fileinfo \ + php83-fpm \ + php83-iconv \ + php83-json \ + php83-mbstring \ + php83-openssl \ + php83-phar \ + php83-session \ + php83-simplexml \ + php83-xml \ + php83-xmlwriter \ + php83-zip \ + php83-zlib && \ rm -rf \ + /etc/s6-overlay/s6-rc.d/init-php/ \ + /etc/s6-overlay/s6-rc.d/svc-php-fpm/ \ + /etc/s6-overlay/s6-rc.d/user/contents.d/svc-php-fpm \ + /etc/s6-overlay/s6-rc.d/user/contents.d/init-php \ + /etc/s6-overlay/s6-rc.d/init-keygen/dependencies.d/init-php \ + /etc/logrotate.d/php-fpm \ + ./config/php \ /tmp/* \ $HOME/.cache \ $HOME/.cargo diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 3f90ba45..fc568544 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -45,39 +45,8 @@ RUN \ nginx-mod-stream \ nginx-mod-stream-geoip2 \ nginx-vim \ - php83-bcmath \ - php83-bz2 \ - php83-dom \ - php83-exif \ - php83-ftp \ - php83-gd \ - php83-gmp \ - php83-imap \ - php83-intl \ - php83-ldap \ - php83-mysqli \ - php83-mysqlnd \ - php83-opcache \ - php83-pdo_mysql \ - php83-pdo_odbc \ - php83-pdo_pgsql \ - php83-pdo_sqlite \ - php83-pear \ - php83-pecl-apcu \ - php83-pecl-memcached \ - php83-pecl-redis \ - php83-pgsql \ - php83-posix \ - php83-soap \ - php83-sockets \ - php83-sodium \ - php83-sqlite3 \ - php83-tokenizer \ - php83-xmlreader \ - php83-xsl \ whois && \ apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \ - php83-pecl-mcrypt && \ echo "**** install certbot plugins ****" && \ if [ -z ${CERTBOT_VERSION+x} ]; then \ CERTBOT_VERSION=$(curl -sL https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \ diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index f90e633a..b32e0d8f 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -20,7 +20,7 @@ server { include /config/nginx/ssl.conf; root /config/www; - index index.html index.htm index.php; + index index.html index.htm; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; @@ -48,28 +48,7 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; - try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; - } - - location ~ ^(.+\.php)(.*)$ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - fastcgi_split_path_info ^(.+\.php)(.*)$; - if (!-f $document_root$fastcgi_script_name) { return 404; } - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; + try_files $uri $uri/ /index.html; } # deny access to .htaccess/.htpasswd files