librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

templating - fixing bugs with autoconf

This commit is contained in:
bunkerity 2021-05-27 14:41:21 +02:00
parent f950abdc24
commit 0f8e56a668
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
6 changed files with 28 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
autoconf/AutoConf.py
View File

@ -1,5 +1,4 @@
# TODO : hard tests, jobs, check state when generating env, ...
# TODO : hard tests, jobs if swarm mode, check state when generating env, ...
from Config import Config
import utils
import os
@ -23,17 +22,28 @@ class AutoConf :
def __gen_env(self) :
self.__env.clear()
# TODO : check actual state (e.g. : running ?)
for instance in self.__instances :
(id, name, labels) = self.__get_infos(self.__instances[instance])
for label in labels :
if label.startswith("bunkerized-nginx.") :
self.__env[label.replace("bunkerized-nginx.", "", 1)] = labels[label]
for id, instance in self.__instances.items() :
env = []
if self.__swarm :
env = instance.attrs["Spec"]["TaskTemplate"]["ContainerSpec"]["Env"]
else :
env = instance.attrs["Config"]["Env"]
for entry in env :
self.__env[entry.split("=")[0]] = entry.replace(entry.split("=")[0] + "=", "", 1)
if not "SERVER_NAME" in self.__env or self.__env["SERVER_NAME"] == "" :
self.__env["SERVER_NAME"] = []
else :
self.__env["SERVER_NAME"] = self.__env["SERVER_NAME"].split(" ")
for server in self.__servers :
(id, name, labels) = self.__get_infos(self.__servers[server])
first_server = labels["bunkerized-nginx.SERVER_NAME"].split(" ")[0]
for label in labels :
if label.startswith("bunkerized-nginx.") :
self.__env[first_server + "_" + label.replace("bunkerized-nginx.", "", 1)] = labels[label]
for server_name in labels["bunkerized-nginx.SERVER_NAME"].split(" ") :
if not server_name in self.__env["SERVER_NAME"] :
self.__env["SERVER_NAME"].append(server_name)
self.__env["SERVER_NAME"] = " ".join(self.__env["SERVER_NAME"])
def pre_process(self, objs) :
for instance in objs :

55
autoconf/Config.py
View File

@ -60,7 +60,7 @@ class Config :
def generate(self, env) :
try :
# Write environment variables to fs
# Write environment variables to a file
with open("/tmp/variables.env", "w") as f :
for k, v in env.items() :
f.write(k + "=" + v + "\n")
@ -68,8 +68,13 @@ class Config :
# Call the generator
proc = subprocess.run(["/bin/su", "-c", "/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables /tmp/variables.env", "nginx"], capture_output=True)
# Print stdout/stderr just in case
# TODO
# Print stdout/stderr
stdout = proc.stdout.decode("ascii")
stderr = proc.stderr.decode("ascii")
if proc.stdout != "":
utils.log("[*] Generator output : " + stdout)
if proc.stderr != "" :
utils.log("[*] Generator error : " + stderr)
# We're done
if proc.returncode == 0 :
@ -80,50 +85,6 @@ class Config :
utils.log("[!] Exception while generating site config : " + str(e))
return False
def activate(self, instances, vars, reload=True) :
try :
# Get first server name
first_server_name = vars["SERVER_NAME"].split(" ")[0]
# Check if file exists
if not os.path.isfile("/etc/nginx/" + first_server_name + "/server.conf") :
utils.log("[!] /etc/nginx/" + first_server_name + "/server.conf doesn't exist")
return False
# Include the server conf
utils.replace_in_file("/etc/nginx/nginx.conf", "}", "include /etc/nginx/" + first_server_name + "/server.conf;\n}")
# Reload
if not reload or self.reload(instances) :
return True
except Exception as e :
utils.log("[!] Exception while activating config : " + str(e))
return False
def deactivate(self, instances, vars) :
try :
# Get first server name
first_server_name = vars["SERVER_NAME"].split(" ")[0]
# Check if file exists
if not os.path.isfile("/etc/nginx/" + first_server_name + "/server.conf") :
utils.log("[!] /etc/nginx/" + first_server_name + "/server.conf doesn't exist")
return False
# Remove the include
utils.replace_in_file("/etc/nginx/nginx.conf", "include /etc/nginx/" + first_server_name + "/server.conf;\n", "")
# Reload
if self.reload(instances) :
return True
except Exception as e :
utils.log("[!] Exception while deactivating config : " + str(e))
return False
def reload(self, instances) :
return self.__api_call(instances, "/reload")

2
confs/global/nginx.conf
View File

@ -120,7 +120,7 @@ http {
{% set map_servers = {} %}
{% for server_name in SERVER_NAME.split(" ") %}
{% if server_name + "_SERVER_NAME" in all %}
{% set x = map_servers.update({server_name : [all[server_name] + "_SERVER_NAME"].split(" ")}) %}
{% set x = map_servers.update({server_name : all[server_name + "_SERVER_NAME"].split(" ")}) %}
{% endif %}
{% endfor %}
{% for server_name in SERVER_NAME.split(" ") %}

2
confs/site/fastcgi.conf
View File

@ -1,4 +1,4 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME {{ REMOTE_PHP_PATH }}/$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;

2
gen/main.py
View File

@ -56,7 +56,7 @@ if __name__ == "__main__" :
templator.render_global()
if config["MULTISITE"] == "no" :
templator.render_site()
else :
elif config["SERVER_NAME"] != "" :
# Compute a dict of first_server: [list of server_name]
map_servers = {}
for server_name in config["SERVER_NAME"].split(" ") :

86
settings.json
View File

@ -1118,92 +1118,6 @@
}
]
},
"CRON": {
"id": "cron",
"params": [
{
"context": "global",
"default": "15 0 * * *",
"env": "AUTO_LETS_ENCRYPT_CRON",
"id": "auto-lets-encrypt-cron",
"label": "Cron for certbot",
"regex": "^\\S+$",
"type": "text"
},
{
"context": "global",
"default": "30 0 * * *",
"env": "BLOCK_USER_AGENT_CRON",
"id": "block-user-agent-cron",
"label": "Cron for User-Agent",
"regex": "^\\S+$",
"type": "text"
},
{
"context": "global",
"default": "0 */1 * * *",
"env": "BLOCK_TOR_EXIT_NODE_CRON",
"id": "block-tor-exit-node-cron",
"label": "Cron for TOR exit nodes",
"regex": "^\\S+$",
"type": "text"
},
{
"context": "global",
"default": "0 3 * * *",
"env": "BLOCK_PROXIES_CRON",
"id": "block-proxies-cron",
"label": "Cron for proxies",
"regex": "^\\S+$",
"type": "text"
},
{
"context": "global",
"default": "0 2 * * *",
"env": "BLOCK_ABUSERS_CRON",
"id": "block-abusers-cron",
"label": "Cron for abusers",
"regex": "^\\S+$",
"type": "text"
},
{
"context": "global",
"default": "45 0 * * *",
"env": "BLOCK_REFERRER_CRON",
"id": "block-referrer-cron",
"label": "Cron for referrer",
"regex": "^\\S+$",
"type": "text"
},
{
"context": "global",
"default": "0 4 2 * *",
"env": "GEOIP_CRON",
"id": "block-geoip-cron",
"label": "Cron for GeoIP",
"regex": "^\\S+$",
"type": "text"
},
{
"context": "global",
"default": "30 1 * * *",
"env": "USE_CLAMAV_SCAN_CRON",
"id": "use-clamav-scan-cron",
"label": "Cron for ClamAV scan",
"regex": "^\\S+$",
"type": "text"
},
{
"context": "global",
"default": "0 1 * * *",
"env": "CLAMAV_UPDATE_CRON",
"id": "clamav-update-cron",
"label": "Cron for ClamAV update",
"regex": "^\\S+$",
"type": "text"
}
]
},
"nginx": {
"id": "nginx",
"params": [