Merge branch 'jlesage:master' into crowdsec_rework

Author: LePresidente

.github/workflows/build-image.yml

@@ -19,7 +19,7 @@ on:
 jobs:
   build:
     name: Build image
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Free disk space
@@ -62,6 +62,7 @@ jobs:
           if [[ $GITHUB_REF =~ refs/tags/* ]]; then
             TAGS="$TAGS,${{ env.DOCKER_IMAGE_NAME }}:latest"
           fi
+          TAGS="$TAGS,$(echo $TAGS | tr ',' '\n' | sed 's|^|ghcr.io/|' | tr '\n' ',')"
           # Determine the release type.
           if [[ $GITHUB_REF =~ refs/tags/* ]]; then
               IS_RELEASE=yes
@@ -106,6 +107,14 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
+      - name: Login to GitHub Container Registry
+        if: ${{ steps.prep.outputs.is_release == 'yes' }}
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
@@ -139,7 +148,7 @@ jobs:
   notification:
     name: Notification
     needs: [ build ]
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     if: ${{ always() && github.event_name != 'pull_request' }}
 
     steps:

DOCKERHUB.md

@@ -24,8 +24,8 @@ Nginx or Letsencrypt.
 ## Quick Start
 
 **NOTE**:
-    The Docker command provided in this quick start is given as an example
-    and parameters should be adjusted to your need.
+    The Docker command provided in this quick start is an example, and parameters
+    should be adjusted to suit your needs.
 
 Launch the Nginx Proxy Manager docker container with the following command:
 ```shell
@@ -40,19 +40,17 @@ docker run -d \
 
 Where:
 
-  - `/docker/appdata/nginx-proxy-manager`: This is where the application stores its configuration, states, log and any files needing persistency.
+  - `/docker/appdata/nginx-proxy-manager`: Stores the application's configuration, state, logs, and any files requiring persistency.
 
-Browse to `http://your-host-ip:8181` to access the Nginx Proxy Manager web interface.
+Access the Nginx Proxy Manager GUI by browsing to `http://your-host-ip:8181`.
 
 ## Documentation
 
 Full documentation is available at https://github.com/jlesage/docker-nginx-proxy-manager.
 
 ## Support or Contact
 
-Having troubles with the container or have questions?  Please
-[create a new issue].
+Having troubles with the container or have questions? Please
+[create a new issue](https://github.com/jlesage/docker-nginx-proxy-manager/issues).
 
-For other great Dockerized applications, see https://jlesage.github.io/docker-apps.
-
-[create a new issue]: https://github.com/jlesage/docker-nginx-proxy-manager/issues
+For other Dockerized applications, visit https://jlesage.github.io/docker-apps.

Dockerfile

@@ -9,7 +9,7 @@ ARG DOCKER_IMAGE_VERSION=
 
 # Define software versions.
 ARG OPENRESTY_VERSION=1.27.1.1
-ARG NGINX_PROXY_MANAGER_VERSION=2.12.1
+ARG NGINX_PROXY_MANAGER_VERSION=2.12.3
 ARG NGINX_HTTP_GEOIP2_MODULE_VERSION=3.3
 ARG LIBMAXMINDDB_VERSION=1.5.0
 ARG BCRYPT_TOOL_VERSION=1.1.2
@@ -25,19 +25,21 @@ ARG LIBMAXMINDDB_URL=https://github.com/maxmind/libmaxminddb/releases/download/$
 # Get Dockerfile cross-compilation helpers.
 FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx
 
-# Get Python cryptography wheel.  It is needed for certbot.
-FROM moonbuggy2000/python-musl-wheels:cryptography41.0.3-py3.10-${TARGETARCH}${TARGETVARIANT} AS mod_cryptography
+# Get Python cryptography wheel. It is needed for certbot.
+FROM moonbuggy2000/python-musl-wheels:cryptography43.0.0-py3.11-${TARGETARCH}${TARGETVARIANT} AS mod_cryptography
 
-# Build UPX.
-FROM --platform=$BUILDPLATFORM alpine:3.16 AS upx
-RUN apk --no-cache add build-base curl make cmake git && \
+# Get UPX (statically linked).
+# NOTE: UPX 5.x is not compatible with old kernels, e.g. 3.10 used by some
+#       Synology NASes. See https://github.com/upx/upx/issues/902
+FROM --platform=$BUILDPLATFORM alpine:3.20 AS upx
+ARG UPX_VERSION=4.2.4
+RUN apk --no-cache add curl && \
     mkdir /tmp/upx && \
-    curl -# -L https://github.com/upx/upx/releases/download/v4.0.1/upx-4.0.1-src.tar.xz | tar xJ --strip 1 -C /tmp/upx && \
-    make -C /tmp/upx build/release-gcc -j$(nproc) && \
-    cp -v /tmp/upx/build/release-gcc/upx /usr/bin/upx
+    curl -# -L https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz | tar xJ --strip 1 -C /tmp/upx && \
+    cp -v /tmp/upx/upx /usr/bin/upx
 
 # Build Nginx Proxy Manager.
-FROM --platform=$BUILDPLATFORM alpine:3.16 AS npm
+FROM --platform=$BUILDPLATFORM alpine:3.18 AS npm
 ARG TARGETPLATFORM
 ARG NGINX_PROXY_MANAGER_VERSION
 ARG NGINX_PROXY_MANAGER_URL
@@ -46,7 +48,7 @@ COPY src/nginx-proxy-manager /build
 RUN /build/build.sh "$NGINX_PROXY_MANAGER_VERSION" "$NGINX_PROXY_MANAGER_URL"
 
 # Build OpenResty (nginx).
-FROM --platform=$BUILDPLATFORM alpine:3.16 AS nginx
+FROM --platform=$BUILDPLATFORM alpine:3.18 AS nginx
 ARG TARGETPLATFORM
 ARG OPENRESTY_URL
 ARG NGINX_HTTP_GEOIP2_MODULE_URL
@@ -57,7 +59,7 @@ RUN /build/build.sh "$OPENRESTY_URL" "$NGINX_HTTP_GEOIP2_MODULE_URL" "$LIBMAXMIN
 RUN xx-verify /tmp/openresty-install/usr/sbin/nginx
 
 # Build bcrypt-tool.
-FROM --platform=$BUILDPLATFORM alpine:3.16 AS bcrypt-tool
+FROM --platform=$BUILDPLATFORM alpine:3.18 AS bcrypt-tool
 ARG TARGETPLATFORM
 ARG BCRYPT_TOOL_VERSION
 COPY --from=xx / /
@@ -68,17 +70,17 @@ COPY --from=upx /usr/bin/upx /usr/bin/upx
 RUN upx /tmp/go/bin/bcrypt-tool
 
 # Build certbot.
-FROM alpine:3.16 AS certbot
+FROM alpine:3.18 AS certbot
 COPY --from=mod_cryptography / /wheels
 RUN \
     apk --no-cache add build-base curl python3 && \
     curl -# -L "https://bootstrap.pypa.io/get-pip.py" | python3 && \
     pip install --no-cache-dir --root=/tmp/certbot-install --prefix=/usr --find-links /wheels/ --prefer-binary --only-binary=:all: certbot && \
-    find /tmp/certbot-install/usr/lib/python3.10/site-packages -type f -name "*.so" -exec strip {} ';' && \
-    find /tmp/certbot-install/usr/lib/python3.10/site-packages -type f -name "*.h" -delete && \
-    find /tmp/certbot-install/usr/lib/python3.10/site-packages -type f -name "*.c" -delete && \
-    find /tmp/certbot-install/usr/lib/python3.10/site-packages -type f -name "*.exe" -delete && \
-    find /tmp/certbot-install/usr/lib/python3.10/site-packages -type d -name tests -print0 | xargs -0 rm -r
+    find /tmp/certbot-install/usr/lib/python3.11/site-packages -type f -name "*.so" -exec strip {} ';' && \
+    find /tmp/certbot-install/usr/lib/python3.11/site-packages -type f -name "*.h" -delete && \
+    find /tmp/certbot-install/usr/lib/python3.11/site-packages -type f -name "*.c" -delete && \
+    find /tmp/certbot-install/usr/lib/python3.11/site-packages -type f -name "*.exe" -delete && \
+    find /tmp/certbot-install/usr/lib/python3.11/site-packages -type d -name tests -print0 | xargs -0 rm -r
 
 # Build cs-openresty-boucner.
 FROM alpine:3.16 AS cs-openresty-bouncer
@@ -89,7 +91,7 @@ COPY src/cs-openresty-bouncer /build
 RUN /build/build.sh "$CROWDSEC_OPENRESTY_BOUNCER_URL"
 
 # Pull base image.
-FROM jlesage/baseimage:alpine-3.16-v3.6.4
+FROM jlesage/baseimage:alpine-3.18-v3.7.1
 
 ARG NGINX_PROXY_MANAGER_VERSION
 ARG DOCKER_IMAGE_VERSION
@@ -105,7 +107,6 @@ RUN \
         python3 \
         sqlite \
         openssl \
-        apache2-utils \
         # For /opt/nginx-proxy-manager/bin/handle-ipv6-setting.
         bash \
         # For openresty.
@@ -114,10 +115,10 @@ RUN \
         && \
     # Install pip.
     # NOTE: pip from the Alpine package repository is debundled, meaning that
-    #       its dependencies are part of the system-wide ones.  This save a lot
+    #       its dependencies are part of the system-wide ones. This save a lot
     #       of space, but these dependencies conflict with the ones required by
     #       Certbot plugins. Thus, we need to manually install pip (with its
-    #       built-in dependencies).  See:
+    #       built-in dependencies). See:
     #       https://pip.pypa.io/en/stable/development/vendoring-policy/
     curl -# -L "https://bootstrap.pypa.io/get-pip.py" | python3
 

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Jocelyn Le Sage
+Copyright (c) 2025 Jocelyn Le Sage
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal