Having issues with custom scripts in custom-cont-init.d

LSIO Discussion Container Support
1

Hey folks,

Im trying to run a SWAG container via docker compose, while running a custom script following Customizing LinuxServer Containers - LinuxServer.io. I mounted the scripts, made them executable and owned by root, however they are not getting executed at all.

This is all the output I get from SWAG before the “splash” message

swag  | [custom-init] No custom services found, skipping...
swag  | [mod-init] Running Docker Modification Logic
swag  | [mod-init] Adding linuxserver/mods:universal-cloudflared to container
swag  | [mod-init] Downloading linuxserver/mods:universal-cloudflared from lscr.io
swag  | [mod-init] Installing linuxserver/mods:universal-cloudflared
swag  | [mod-init] linuxserver/mods:universal-cloudflared applied to container
swag  | [migrations] started
swag  | [migrations] 01-nginx-site-confs-default: skipped
swag  | [migrations] 02-swag-old-certbot-paths: skipped
swag  | [migrations] done

And this is a reduced version of my compose file

services:
    swag:
      image: lscr.io/linuxserver/swag:latest
      container_name: swag
      volumes:
        - ./config:/config
        - ./custom-cont-init.d:/custom-cont-init.d:ro
      secrets:
        - cloudflare_ini
      ports:
        - 443:443
        - 80:80
      restart: unless-stopped

Is there any way I could debug or try to understand what is going on here? The script in question is just supposed to echo something, and copy a docker secret into config dns conf folder.

Thanks in advance for any help!

2

Since you’re not using absolute paths in your compose, I’d recommend making sure the scripts are indeed mounted inside the container
docker exec -it swag ls -al /custom-cont-init.d

3

Yup, they are there

ramarivera@bazzite:~/Containers/proxy$ docker exec -it swag ls -al /custom-cont-init.d
total 4
drwxr-xr-x 1 abc  users  26 Jun 15 16:45 .
drwxr-xr-x 1 root root  202 Jun 15 16:50 ..
-rwxr-xr-x 1 root root  251 Jun 15 16:27 cloudflare.sh
4

Please post a full log as the custom scripts are executed at the end of init

5

Sure

Logs

swag  | [custom-init] No custom services found, skipping...
swag  | [mod-init] Running Docker Modification Logic
swag  | [mod-init] Adding linuxserver/mods:universal-cloudflared to container
swag  | [mod-init] linuxserver/mods:universal-cloudflared at sha256:ac79daec7a6f626cb1fa724a86296a755e1f652dba46ea9e7f2b3e6ffe8a40c8 has been previously applied skipping
swag  | [migrations] started
swag  | [migrations] 01-nginx-site-confs-default: skipped
swag  | [migrations] 02-swag-old-certbot-paths: skipped
swag  | [migrations] done
swag  | usermod: no changes
swag  | ───────────────────────────────────────
swag  | 
swag  |       ██╗     ███████╗██╗ ██████╗
swag  |       ██║     ██╔════╝██║██╔═══██╗
swag  |       ██║     ███████╗██║██║   ██║
swag  |       ██║     ╚════██║██║██║   ██║
swag  |       ███████╗███████║██║╚██████╔╝
swag  |       ╚══════╝╚══════╝╚═╝ ╚═════╝
swag  | 
swag  |    Brought to you by linuxserver.io
swag  | ───────────────────────────────────────
swag  | 
swag  | To support the app dev(s) visit:
swag  | Certbot: https://supporters.eff.org/donate/support-work-on-certbot
swag  | 
swag  | To support LSIO projects visit:
swag  | https://www.linuxserver.io/donate/
swag  | 
swag  | ───────────────────────────────────────
swag  | GID/UID
swag  | ───────────────────────────────────────
swag  | 
swag  | User UID:    1000
swag  | User GID:    1000
swag  | ───────────────────────────────────────
swag  | Linuxserver.io version: 4.1.1-ls389
swag  | Build-date: 2025-06-14T03:47:55+00:00
swag  | ───────────────────────────────────────
swag  |     
swag  | using keys found in /config/keys
swag  | Variables set:
swag  | PUID=1000
swag  | PGID=1000
swag  | TZ=Europe/Berlin
swag  | URL=roxasroot.net
swag  | SUBDOMAINS=wildcard
swag  | EXTRA_DOMAINS=*.local.roxasroot.net
swag  | ONLY_SUBDOMAINS=false
swag  | VALIDATION=dns
swag  | CERTPROVIDER=
swag  | DNSPLUGIN=cloudflare
swag  | EMAIL=ramarivera@gmail.com
swag  | STAGING=
swag  | 
swag  | Using Let's Encrypt as the cert provider
swag  | SUBDOMAINS entered, processing
swag  | Wildcard cert for roxasroot.net will be requested
swag  | EXTRA_DOMAINS entered, processing
swag  | Extra domains processed are: *.local.roxasroot.net
swag  | E-mail address entered: ramarivera@gmail.com
swag  | dns validation via cloudflare plugin is selected
swag  | Generating new certificate
swag  | Saving debug log to /config/log/letsencrypt/letsencrypt.log
swag  | Requesting a certificate for roxasroot.net and 2 more domains
swag  | Unsafe permissions on credentials configuration file: /config/dns-conf/cloudflare.ini
swag  | Unable to determine zone_id for local.roxasroot.net using zone names: ['local.roxasroot.net', 'roxasroot.net', 'net']. The error from Cloudflare was: 0 confused info - both key and token defined.
swag  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /config/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
swag  | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
Gracefully stopping... (press Ctrl+C again to force)

Script

#!/bin/bash
# Copy or symlink the secret so certbot can see it
set -eu

echo "HELLO WORLD"

mkdir -p /config/dns-conf
ln -sf /run/secrets/cloudflare_ini /config/dns-conf/cloudflare.ini
chmod 400 /config/dns-conf/cloudflare.ini # keep it tight
6

That’s not gonna work. The custom scripts run last, after the validation steps and other container init are done.

7

So then there is no built in way of copying the docker secret to the cloudflare file location before the container actually needs it, correct?

8

Precreate the symlink in the config folder that you’re mapping?