diff --git a/Dockerfile b/Dockerfile
index 1a61b50b..5385587c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,7 +13,7 @@ RUN apk upgrade --no-cache -a && \
yarn --no-lockfile build && \
yarn cache clean --all && \
clean-modules --yes && \
- find /app/dist -name "*.node" -exec file {} \;
+ find /app/dist -name "*.node" -type f -exec file {} \;
COPY darkmode.css /app/dist/css/darkmode.css
COPY security.txt /app/dist/.well-known/security.txt
@@ -30,10 +30,10 @@ RUN apk upgrade --no-cache -a && \
yarn global add clean-modules && \
if [ "$TARGETARCH" = "amd64" ]; then \
npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile && \
- for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "x86-64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \
+ for file in $(find /app/node_modules -name "*.node" -type f -exec file {} \; | grep -v "x86-64\|x86_64" | grep "aarch64\|arm64" | sed "s|\([^:]\):.*|\1|g"); do rm -v "$file"; done; \
elif [ "$TARGETARCH" = "arm64" ]; then \
npm_config_target_platform=linux npm_config_target_arch=arm64 yarn install --no-lockfile && \
- for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "aarch64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \
+ for file in $(find /app/node_modules -name "*.node" -type f -exec file {} \; | grep -v "aarch64\|arm64" | grep "x86-64\|x86_64" | sed "s|\([^:]\):.*|\1|g"); do rm -v "$file"; done; \
fi && \
yarn cache clean --all && \
clean-modules --yes
@@ -41,8 +41,8 @@ FROM alpine:3.20.1 AS strip-backend
COPY --from=build-backend /app /app
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates binutils file && \
- find /app/node_modules -name "*.node" -exec strip -s {} \; && \
- find /app/node_modules -name "*.node" -exec file {} \;
+ find /app/node_modules -name "*.node" -type f -exec strip -s {} \; && \
+ find /app/node_modules -name "*.node" -type f -exec file {} \;
FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS crowdsec
@@ -67,13 +67,13 @@ RUN apk upgrade --no-cache -a && \
sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
-FROM zoeyvid/nginx-quic:294-python
+FROM zoeyvid/nginx-quic:296-python
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
COPY rootfs /
COPY --from=zoeyvid/certbot-docker:42 /usr/local /usr/local
COPY --from=zoeyvid/curl-quic:397 /usr/local/bin/curl /usr/local/bin/curl
-ARG CRS_VER=v4.3.0
+ARG CRS_VER=v4.4.0
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates tzdata tini \
nodejs \
diff --git a/README.md b/README.md
index 2fbeb424..043f92cf 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,6 @@ running at home or otherwise, including free TLS, without having to know too muc
**Note: If you don't use network mode host, which I don't recommend, don't forget to enable IPv6 in Docker, see [here](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md), you only need to edit the daemon.json and restart docker, if you use the bridge network, otherwise please enable IPv6 in your custom docker network!**
**Note: Don't forget to open Port 80 (tcp) and 443 (tcp AND udp, http3/quic needs udp) in your firewall (because of network mode host, you also need to open this ports in ufw, if you use ufw).**
**Note: ModSecurity overblocking (403 Error)? Please see `/opt/npm/etc/modsecurity`, if you also use CRS please see [here](https://coreruleset.org/docs/concepts/false_positives_tuning).**
-**Note: Internal/LAN Instance? Please disable `must-staple` in `/opt/npm/tls/certbot/config.ini` before creating your certificates.**
**Note: Other Databases like MariaDB may work, but are unsupported.**
**Note: access.log/stream.log, logrotate and goaccess are NOT enabled by default bceuase of GDPR, you can enable them in the compose.yaml.**
diff --git a/rootfs/etc/tls/certbot.ini b/rootfs/etc/tls/certbot.ini
index a9a0f909..300c8343 100644
--- a/rootfs/etc/tls/certbot.ini
+++ b/rootfs/etc/tls/certbot.ini
@@ -4,7 +4,7 @@ webroot-path = /tmp/acme-challenge
new-key= true
key-type = ecdsa
-must-staple = true
+must-staple = false
no-reuse-key = true
rsa-key-size = 4096
elliptic-curve = secp384r1