Having issues with custom scripts in custom-cont-init.d

Hey folks,

Im trying to run a SWAG container via docker compose, while running a custom script following Customizing LinuxServer Containers - LinuxServer.io. I mounted the scripts, made them executable and owned by root, however they are not getting executed at all.

This is all the output I get from SWAG before the “splash” message

swag  | [custom-init] No custom services found, skipping...
swag  | [mod-init] Running Docker Modification Logic
swag  | [mod-init] Adding linuxserver/mods:universal-cloudflared to container
swag  | [mod-init] Downloading linuxserver/mods:universal-cloudflared from lscr.io
swag  | [mod-init] Installing linuxserver/mods:universal-cloudflared
swag  | [mod-init] linuxserver/mods:universal-cloudflared applied to container
swag  | [migrations] started
swag  | [migrations] 01-nginx-site-confs-default: skipped
swag  | [migrations] 02-swag-old-certbot-paths: skipped
swag  | [migrations] done

And this is a reduced version of my compose file

services:
    swag:
      image: lscr.io/linuxserver/swag:latest
      container_name: swag
      volumes:
        - ./config:/config
        - ./custom-cont-init.d:/custom-cont-init.d:ro
      secrets:
        - cloudflare_ini
      ports:
        - 443:443
        - 80:80
      restart: unless-stopped

Is there any way I could debug or try to understand what is going on here? The script in question is just supposed to echo something, and copy a docker secret into config dns conf folder.

Thanks in advance for any help!

Since you’re not using absolute paths in your compose, I’d recommend making sure the scripts are indeed mounted inside the container
docker exec -it swag ls -al /custom-cont-init.d

Yup, they are there

ramarivera@bazzite:~/Containers/proxy$ docker exec -it swag ls -al /custom-cont-init.d
total 4
drwxr-xr-x 1 abc  users  26 Jun 15 16:45 .
drwxr-xr-x 1 root root  202 Jun 15 16:50 ..
-rwxr-xr-x 1 root root  251 Jun 15 16:27 cloudflare.sh

Please post a full log as the custom scripts are executed at the end of init

Sure

Logs

swag  | [custom-init] No custom services found, skipping...
swag  | [mod-init] Running Docker Modification Logic
swag  | [mod-init] Adding linuxserver/mods:universal-cloudflared to container
swag  | [mod-init] linuxserver/mods:universal-cloudflared at sha256:ac79daec7a6f626cb1fa724a86296a755e1f652dba46ea9e7f2b3e6ffe8a40c8 has been previously applied skipping
swag  | [migrations] started
swag  | [migrations] 01-nginx-site-confs-default: skipped
swag  | [migrations] 02-swag-old-certbot-paths: skipped
swag  | [migrations] done
swag  | usermod: no changes
swag  | ───────────────────────────────────────
swag  | 
swag  |       ██╗     ███████╗██╗ ██████╗
swag  |       ██║     ██╔════╝██║██╔═══██╗
swag  |       ██║     ███████╗██║██║   ██║
swag  |       ██║     ╚════██║██║██║   ██║
swag  |       ███████╗███████║██║╚██████╔╝
swag  |       ╚══════╝╚══════╝╚═╝ ╚═════╝
swag  | 
swag  |    Brought to you by linuxserver.io
swag  | ───────────────────────────────────────
swag  | 
swag  | To support the app dev(s) visit:
swag  | Certbot: https://supporters.eff.org/donate/support-work-on-certbot
swag  | 
swag  | To support LSIO projects visit:
swag  | https://www.linuxserver.io/donate/
swag  | 
swag  | ───────────────────────────────────────
swag  | GID/UID
swag  | ───────────────────────────────────────
swag  | 
swag  | User UID:    1000
swag  | User GID:    1000
swag  | ───────────────────────────────────────
swag  | Linuxserver.io version: 4.1.1-ls389
swag  | Build-date: 2025-06-14T03:47:55+00:00
swag  | ───────────────────────────────────────
swag  |     
swag  | using keys found in /config/keys
swag  | Variables set:
swag  | PUID=1000
swag  | PGID=1000
swag  | TZ=Europe/Berlin
swag  | URL=roxasroot.net
swag  | SUBDOMAINS=wildcard
swag  | EXTRA_DOMAINS=*.local.roxasroot.net
swag  | ONLY_SUBDOMAINS=false
swag  | VALIDATION=dns
swag  | CERTPROVIDER=
swag  | DNSPLUGIN=cloudflare
swag  | EMAIL=ramarivera@gmail.com
swag  | STAGING=
swag  | 
swag  | Using Let's Encrypt as the cert provider
swag  | SUBDOMAINS entered, processing
swag  | Wildcard cert for roxasroot.net will be requested
swag  | EXTRA_DOMAINS entered, processing
swag  | Extra domains processed are: *.local.roxasroot.net
swag  | E-mail address entered: ramarivera@gmail.com
swag  | dns validation via cloudflare plugin is selected
swag  | Generating new certificate
swag  | Saving debug log to /config/log/letsencrypt/letsencrypt.log
swag  | Requesting a certificate for roxasroot.net and 2 more domains
swag  | Unsafe permissions on credentials configuration file: /config/dns-conf/cloudflare.ini
swag  | Unable to determine zone_id for local.roxasroot.net using zone names: ['local.roxasroot.net', 'roxasroot.net', 'net']. The error from Cloudflare was: 0 confused info - both key and token defined.
swag  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /config/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
swag  | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
Gracefully stopping... (press Ctrl+C again to force)

Script

#!/bin/bash
# Copy or symlink the secret so certbot can see it
set -eu

echo "HELLO WORLD"

mkdir -p /config/dns-conf
ln -sf /run/secrets/cloudflare_ini /config/dns-conf/cloudflare.ini
chmod 400 /config/dns-conf/cloudflare.ini # keep it tight

That’s not gonna work. The custom scripts run last, after the validation steps and other container init are done.

So then there is no built in way of copying the docker secret to the cloudflare file location before the container actually needs it, correct?

Precreate the symlink in the config folder that you’re mapping?

Yeah that could be too a solution, I usually don’t stop to think about easier solutions. Thanks!

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.