diff --git a/images/docker-swag.md b/images/docker-swag.md index 5abf45b4f..f0993a340 100755 --- a/images/docker-swag.md +++ b/images/docker-swag.md @@ -1,6 +1,9 @@ --- title: swag --- + + + # [linuxserver/swag](https://github.com/linuxserver/docker-swag) [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-swag.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-swag) @@ -29,148 +32,6 @@ The architectures supported by this image are: | arm64 | arm64v8-latest | | armhf | arm32v7-latest | - -## Usage - -Here are some example snippets to help you get started creating a container from this image. - -### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose)) - -Compatible with docker-compose v2 schemas. - -```yaml ---- -version: "2.1" -services: - swag: - image: ghcr.io/linuxserver/swag - container_name: swag - cap_add: - - NET_ADMIN - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/London - - URL=yourdomain.url - - SUBDOMAINS=www, - - VALIDATION=http - - CERTPROVIDER= #optional - - DNSPLUGIN=cloudflare #optional - - PROPAGATION= #optional - - DUCKDNSTOKEN= #optional - - EMAIL= #optional - - ONLY_SUBDOMAINS=false #optional - - EXTRA_DOMAINS= #optional - - STAGING=false #optional - - MAXMINDDB_LICENSE_KEY= #optional - volumes: - - /path/to/appdata/config:/config - ports: - - 443:443 - - 80:80 #optional - restart: unless-stopped -``` - -### docker cli - -``` -docker run -d \ - --name=swag \ - --cap-add=NET_ADMIN \ - -e PUID=1000 \ - -e PGID=1000 \ - -e TZ=Europe/London \ - -e URL=yourdomain.url \ - -e SUBDOMAINS=www, \ - -e VALIDATION=http \ - -e CERTPROVIDER= `#optional` \ - -e DNSPLUGIN=cloudflare `#optional` \ - -e PROPAGATION= `#optional` \ - -e DUCKDNSTOKEN= `#optional` \ - -e EMAIL= `#optional` \ - -e ONLY_SUBDOMAINS=false `#optional` \ - -e EXTRA_DOMAINS= `#optional` \ - -e STAGING=false `#optional` \ - -e MAXMINDDB_LICENSE_KEY= `#optional` \ - -p 443:443 \ - -p 80:80 `#optional` \ - -v /path/to/appdata/config:/config \ - --restart unless-stopped \ - ghcr.io/linuxserver/swag -``` - - -## Parameters - -Docker images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. - -### Ports (`-p`) - -| Parameter | Function | -| :----: | --- | -| `443` | Https port | -| `80` | Http port (required for http validation and http -> https redirect) | - - -### Environment Variables (`-e`) - -| Env | Function | -| :----: | --- | -| `PUID=1000` | for UserID - see below for explanation | -| `PGID=1000` | for GroupID - see below for explanation | -| `TZ=Europe/London` | Specify a timezone to use EG Europe/London. | -| `URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). | -| `SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) | -| `VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). | -| `CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | -| `DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | -| `PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | -| `DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org | -| `EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | -| `ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | -| `EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` | -| `STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. | -| `MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. | - -### Volume Mappings (`-v`) - -| Volume | Function | -| :----: | --- | -| `/config` | All the config files including the webroot reside here. | - - - -## Environment variables from files (Docker secrets) - -You can set any environment variable from a file by using a special prepend `FILE__`. - -As an example: - -``` --e FILE__PASSWORD=/run/secrets/mysecretpassword -``` - -Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file. - -## Umask for running applications - -For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting. -Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support. - - -## User / Group Identifiers - -When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. - -Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. - -In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: - -``` - $ id username - uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) -``` - ## Application Setup > ### Migrating from the old `linuxserver/letsencrypt` image @@ -241,13 +102,148 @@ This will *ask* Google et al not to index and list your site. Be careful with th * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not. * You can check the new sample and adjust your active config as needed. +## Usage + +Here are some example snippets to help you get started creating a container from this image. + +### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose)) + +Compatible with docker-compose v2 schemas. + +```yaml +--- +version: "2.1" +services: + swag: + image: ghcr.io/linuxserver/swag + container_name: swag + cap_add: + - NET_ADMIN + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/London + - URL=yourdomain.url + - SUBDOMAINS=www, + - VALIDATION=http + - CERTPROVIDER= #optional + - DNSPLUGIN=cloudflare #optional + - PROPAGATION= #optional + - DUCKDNSTOKEN= #optional + - EMAIL= #optional + - ONLY_SUBDOMAINS=false #optional + - EXTRA_DOMAINS= #optional + - STAGING=false #optional + - MAXMINDDB_LICENSE_KEY= #optional + volumes: + - /path/to/appdata/config:/config + ports: + - 443:443 + - 80:80 #optional + restart: unless-stopped +``` + +### docker cli + +```bash +docker run -d \ + --name=swag \ + --cap-add=NET_ADMIN \ + -e PUID=1000 \ + -e PGID=1000 \ + -e TZ=Europe/London \ + -e URL=yourdomain.url \ + -e SUBDOMAINS=www, \ + -e VALIDATION=http \ + -e CERTPROVIDER= `#optional` \ + -e DNSPLUGIN=cloudflare `#optional` \ + -e PROPAGATION= `#optional` \ + -e DUCKDNSTOKEN= `#optional` \ + -e EMAIL= `#optional` \ + -e ONLY_SUBDOMAINS=false `#optional` \ + -e EXTRA_DOMAINS= `#optional` \ + -e STAGING=false `#optional` \ + -e MAXMINDDB_LICENSE_KEY= `#optional` \ + -p 443:443 \ + -p 80:80 `#optional` \ + -v /path/to/appdata/config:/config \ + --restart unless-stopped \ + ghcr.io/linuxserver/swag +``` + +## Parameters + +Docker images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. + +### Ports (`-p`) + +| Parameter | Function | +| :----: | --- | +| `443` | Https port | +| `80` | Http port (required for http validation and http -> https redirect) | + +### Environment Variables (`-e`) + +| Env | Function | +| :----: | --- | +| `PUID=1000` | for UserID - see below for explanation | +| `PGID=1000` | for GroupID - see below for explanation | +| `TZ=Europe/London` | Specify a timezone to use EG Europe/London. | +| `URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). | +| `SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) | +| `VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). | +| `CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. | +| `DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. | +| `PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. | +| `DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org | +| `EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). | +| `ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` | +| `EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org` | +| `STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. | +| `MAXMINDDB_LICENSE_KEY=` | Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly. | + +### Volume Mappings (`-v`) + +| Volume | Function | +| :----: | --- | +| `/config` | All the config files including the webroot reside here. | + +## Environment variables from files (Docker secrets) + +You can set any environment variable from a file by using a special prepend `FILE__`. + +As an example: + +```bash +-e FILE__PASSWORD=/run/secrets/mysecretpassword +``` + +Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file. + +## Umask for running applications + +For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting. +Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support. + +## User / Group Identifiers + +When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. + +Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. + +In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: + +```bash + $ id username + uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) +``` ## Docker Mods + [![Docker Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=swag&query=%24.mods%5B%27swag%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=swag "view available mods for this container.") [![Docker Universal Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=universal&query=%24.mods%5B%27universal%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=universal "view available universal mods.") We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above. - ## Support Info * Shell access whilst the container is running: