diff --git a/Dockerfile b/Dockerfile index 1c12a8b8..c2abcf2b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,9 +18,11 @@ COPY fail2ban/ /opt/fail2ban COPY logs/ /opt/logs COPY lua/ /opt/lua COPY crowdsec/ /opt/crowdsec +COPY autoconf/ /opt/autoconf -RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \ - chmod +x /opt/entrypoint/* /opt/scripts/* && \ +RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli py3-pip && \ + pip3 install docker && \ + chmod +x /opt/entrypoint/* /opt/scripts/* /opt/autoconf/autoconf.py && \ mkdir /opt/entrypoint.d && \ rm -f /var/log/nginx/* && \ chown root:nginx /var/log/nginx && \ diff --git a/Dockerfile-amd64 b/Dockerfile-amd64 index 0eb65c0d..71ef455c 100644 --- a/Dockerfile-amd64 +++ b/Dockerfile-amd64 @@ -18,9 +18,11 @@ COPY fail2ban/ /opt/fail2ban COPY logs/ /opt/logs COPY lua/ /opt/lua COPY crowdsec/ /opt/crowdsec +COPY autoconf/ /opt/autoconf -RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \ - chmod +x /opt/entrypoint/* /opt/scripts/* && \ +RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli py3-pip && \ + pip3 install docker && \ + chmod +x /opt/entrypoint/* /opt/scripts/* /opt/autoconf/autoconf.py && \ mkdir /opt/entrypoint.d && \ rm -f /var/log/nginx/* && \ chown root:nginx /var/log/nginx && \ diff --git a/Dockerfile-arm32v7 b/Dockerfile-arm32v7 index 29049514..3535af7a 100644 --- a/Dockerfile-arm32v7 +++ b/Dockerfile-arm32v7 @@ -25,9 +25,11 @@ COPY fail2ban/ /opt/fail2ban COPY logs/ /opt/logs COPY lua/ /opt/lua COPY crowdsec/ /opt/crowdsec +COPY autoconf/ /opt/autoconf -RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \ - chmod +x /opt/entrypoint/* /opt/scripts/* && \ +RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli py3-pip && \ + pip3 install docker && \ + chmod +x /opt/entrypoint/* /opt/scripts/* /opt/autoconf/autoconf.py && \ mkdir /opt/entrypoint.d && \ rm -f /var/log/nginx/* && \ chown root:nginx /var/log/nginx && \ diff --git a/Dockerfile-arm64v8 b/Dockerfile-arm64v8 index ad10b9d8..3a7652e4 100644 --- a/Dockerfile-arm64v8 +++ b/Dockerfile-arm64v8 @@ -25,9 +25,11 @@ COPY fail2ban/ /opt/fail2ban COPY logs/ /opt/logs COPY lua/ /opt/lua COPY crowdsec/ /opt/crowdsec +COPY autoconf/ /opt/autoconf -RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \ - chmod +x /opt/entrypoint/* /opt/scripts/* && \ +RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli py3-pip && \ + pip3 install docker && \ + chmod +x /opt/entrypoint/* /opt/scripts/* /opt/autoconf/autoconf.py && \ mkdir /opt/entrypoint.d && \ rm -f /var/log/nginx/* && \ chown root:nginx /var/log/nginx && \ diff --git a/Dockerfile-i386 b/Dockerfile-i386 index dfe3e9e2..e8a5a431 100644 --- a/Dockerfile-i386 +++ b/Dockerfile-i386 @@ -18,9 +18,11 @@ COPY fail2ban/ /opt/fail2ban COPY logs/ /opt/logs COPY lua/ /opt/lua COPY crowdsec/ /opt/crowdsec +COPY autoconf/ /opt/autoconf -RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \ - chmod +x /opt/entrypoint/* /opt/scripts/* && \ +RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli py3-pip && \ + pip3 install docker && \ + chmod +x /opt/entrypoint/* /opt/scripts/* /opt/autoconf/autoconf.py && \ mkdir /opt/entrypoint.d && \ rm -f /var/log/nginx/* && \ chown root:nginx /var/log/nginx && \ diff --git a/autoconf/autoconf.py b/autoconf/autoconf.py new file mode 100644 index 00000000..b49286dc --- /dev/null +++ b/autoconf/autoconf.py @@ -0,0 +1,98 @@ +#!/usr/bin/python3 + +import docker, datetime, subprocess, shutil + +def log(event) : + print("[" + datetime.datetime.now().replace(microsecond=0) + "] AUTOCONF - " + event) + +def replace_in_file(file, old_str, new_str) : + with open(file) as f : + data = f.read() + data = data[::-1].replace(old_str[::-1], new_str[::-1], 1)[::-1] + with open(file, "w") as f : + f.write(data) + +def generate(vars) : + subprocess.run(["/opt/entrypoint/site-config.sh", vars["SERVER_NAME"]], env=vars) + log("Generated config for " + vars["SERVER_NAME"]) + +def activate(vars) : + replace_in_file("/etc/nginx/nginx.conf", "}", "include /etc/nginx/" + vars["SERVER_NAME"] + "/server.conf;") + subprocess.run(["/usr/sbin/nginx", "-s", "reload"]) + log("Activated config for " + vars["SERVER_NAME"]) + +def deactivate(vars) : + replace_in_file("/etc/nginx/nginx.conf", "include /etc/nginx/" + vars["SERVER_NAME"] + "/server.conf;", "") + subprocess.run(["/usr/sbin/nginx", "-s", "reload"]) + log("Deactivated config for " + vars["SERVER_NAME"]) + +def remove(vars) : + shutil.rmtree("/etc/nginx/" + vars["SERVER_NAME"]) + log("Removed config for " + vars["SERVER_NAME"]) + +def process(id, event, vars) : + global containers + if event == "create" : + generate(labels) + containers.append(id) + elif event == "start" : + activate(vars) + elif event == "die" : + deactivate(vars) + elif event == "destroy" : + remove(vars) + containers.remove(id) + +containers = [] + +client = docker.DockerClient(base_url='unix:///var/run/docker.sock') + +# Process containers created before +for container in client.containers.list(all=True, filters={"label" : "bunkerized-nginx.SERVER_NAME"}) : + + # Extract bunkerized-nginx.* labels + labels = container.labels.copy() + for label in labels : + if not label.startswith("bunkerized-nginx.") : + del labels[label] + # Remove bunkerized-nginx. on labels + vars = { k.replace("bunkerized-nginx.", "", 1) : v for k, v in labels.items()} + + # Container is restarting or running + if container.status == "restarting" or container.status == "running" : + process(container.id, "create", vars) + process(container.id, "activate", vars) + + # Container is created or exited + if container.status == "created" or container.status == "exited" : + process(container.id, "create", vars) + +for event in client.events(decode=True) : + + # Process only container events + if event["Type"] != "container" : + continue + + # Check if a bunkerized-nginx.* label is present + present = False + for label in event["Actor"]["Attributes"] : + if label.startswith("bunkerized-nginx.") : + present = True + break + if not present : + continue + + # Only process if we generated a config + if not event["id"] in containers and event["Action"] != "create" : + continue + + # Extract bunkerized-nginx.* labels + labels = event["Actor"]["Attributes"].copy() + for label in labels : + if not label.startswith("bunkerized-nginx.") : + del labels[label] + # Remove bunkerized-nginx. on labels + vars = { k.replace("bunkerized-nginx.", "", 1) : v for k, v in labels.items()} + + # Process the event + process(event["id"], event["Action"], vars diff --git a/entrypoint/entrypoint.sh b/entrypoint/entrypoint.sh index 1e0ac210..41b9a090 100644 --- a/entrypoint/entrypoint.sh +++ b/entrypoint/entrypoint.sh @@ -90,6 +90,11 @@ if [ "$1" == "test" ] ; then exit 1 fi +# start the autoconf manager +if [ -f "/var/run/docker.sock" ] ; then + /opt/autoconf/autoconf.py & +fi + # display logs LOGS="/var/log/access.log /var/log/error.log" if [ "$USE_FAIL2BAN" = "yes" ] ; then