disable must staple for new instances/dep updates

Signed-off-by: Zoey <[email protected]>

Dockerfile

@@ -13,7 +13,7 @@ RUN apk upgrade --no-cache -a && \
     yarn --no-lockfile build && \
     yarn cache clean --all && \
     clean-modules --yes && \
-    find /app/dist -name "*.node" -exec file {} \;
+    find /app/dist -name "*.node" -type f -exec file {} \;
 COPY darkmode.css /app/dist/css/darkmode.css
 COPY security.txt /app/dist/.well-known/security.txt
 
@@ -30,19 +30,19 @@ RUN apk upgrade --no-cache -a && \
     yarn global add clean-modules && \
     if [ "$TARGETARCH" = "amd64" ]; then \
       npm_config_target_platform=linux npm_config_target_arch=x64 yarn install --no-lockfile && \
-      for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "x86-64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \
+      for file in $(find /app/node_modules -name "*.node" -type f -exec file {} \; | grep -v "x86-64\|x86_64" | grep "aarch64\|arm64" | sed "s|\([^:]\):.*|\1|g"); do rm -v "$file"; done; \
     elif [ "$TARGETARCH" = "arm64" ]; then \
       npm_config_target_platform=linux npm_config_target_arch=arm64 yarn install --no-lockfile && \
-      for file in $(find /app/node_modules -name "*.node" -exec file {} \; | grep -v "aarch64" | sed "s|\(.*\):.*|\1|g"); do rm -v "$file"; done; \
+      for file in $(find /app/node_modules -name "*.node" -type f -exec file {} \; | grep -v "aarch64\|arm64" | grep "x86-64\|x86_64" | sed "s|\([^:]\):.*|\1|g"); do rm -v "$file"; done; \
     fi && \
     yarn cache clean --all && \
     clean-modules --yes
 FROM alpine:3.20.1 AS strip-backend
 COPY --from=build-backend /app /app
 RUN apk upgrade --no-cache -a && \
     apk add --no-cache ca-certificates binutils file && \
-    find /app/node_modules -name "*.node" -exec strip -s {} \; && \
-    find /app/node_modules -name "*.node" -exec file {} \;
+    find /app/node_modules -name "*.node" -type f -exec strip -s {} \; && \
+    find /app/node_modules -name "*.node" -type f -exec file {} \;
 
 
 FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS crowdsec
@@ -67,13 +67,13 @@ RUN apk upgrade --no-cache -a && \
     sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
 
 
-FROM zoeyvid/nginx-quic:294-python
+FROM zoeyvid/nginx-quic:296-python
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 COPY rootfs /
 COPY --from=zoeyvid/certbot-docker:42 /usr/local          /usr/local
 COPY --from=zoeyvid/curl-quic:397     /usr/local/bin/curl /usr/local/bin/curl
 
-ARG CRS_VER=v4.3.0
+ARG CRS_VER=v4.4.0
 RUN apk upgrade --no-cache -a && \
     apk add --no-cache ca-certificates tzdata tini \
     nodejs \

README.md

@@ -18,7 +18,6 @@ running at home or otherwise, including free TLS, without having to know too muc
 **Note: If you don't use network mode host, which I don't recommend, don't forget to enable IPv6 in Docker, see [here](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md), you only need to edit the daemon.json and restart docker, if you use the bridge network, otherwise please enable IPv6 in your custom docker network!** <br>
 **Note: Don't forget to open Port 80 (tcp) and 443 (tcp AND udp, http3/quic needs udp) in your firewall (because of network mode host, you also need to open this ports in ufw, if you use ufw).** <br>
 **Note: ModSecurity overblocking (403 Error)? Please see `/opt/npm/etc/modsecurity`, if you also use CRS please see [here](https://coreruleset.org/docs/concepts/false_positives_tuning).** <br>
-**Note: Internal/LAN Instance? Please disable `must-staple` in `/opt/npm/tls/certbot/config.ini` before creating your certificates.** <br>
 **Note: Other Databases like MariaDB may work, but are unsupported.** <br>
 **Note: access.log/stream.log, logrotate and goaccess are NOT enabled by default bceuase of GDPR, you can enable them in the compose.yaml.** <br>
 

rootfs/etc/tls/certbot.ini

@@ -4,7 +4,7 @@ webroot-path = /tmp/acme-challenge
 
 new-key= true
 key-type = ecdsa
-must-staple = true
+must-staple = false
 no-reuse-key = true
 rsa-key-size = 4096
 elliptic-curve = secp384r1