add slack to official plugins and init work on EXTERNAL_PLUGIN_URLS setting
This commit is contained in:
parent
6478512e48
commit
40007b0866
|
@ -8,10 +8,11 @@
|
||||||
- Fix permissions check when filename has a space
|
- Fix permissions check when filename has a space
|
||||||
- Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
|
- Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
|
||||||
- Fix config files overwrite when using Docker autoconf
|
- Fix config files overwrite when using Docker autoconf
|
||||||
|
- Add EXTERNAL_PLUGIN_URLS setting to automatically download and install external plugins
|
||||||
- Add log_default() plugin hook
|
- Add log_default() plugin hook
|
||||||
- Add various certbot-dns examples
|
- Add various certbot-dns examples
|
||||||
- Force NGINX version dependencies in Linux packages DEB/RPM
|
- Force NGINX version dependencies in Linux packages DEB/RPM
|
||||||
- Add Discord to supported official plugins
|
- Add Discord and Slack to list of official plugins
|
||||||
|
|
||||||
## v1.4.1 - 2022/16/06
|
## v1.4.1 - 2022/16/06
|
||||||
|
|
||||||
|
|
|
@ -247,6 +247,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
|
||||||
| **ClamAV** | 0.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
|
| **ClamAV** | 0.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
|
||||||
| **CrowdSec** | 0.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
|
| **CrowdSec** | 0.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
|
||||||
| **Discord** | 0.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
|
| **Discord** | 0.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
|
||||||
|
| **Slack** | 0.1 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
|
||||||
| **VirusTotal** | 0.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
|
| **VirusTotal** | 0.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
|
||||||
|
|
||||||
You will find more information in the [plugins section](https://docs.bunkerweb.io/latest/plugins) of the documentation.
|
You will find more information in the [plugins section](https://docs.bunkerweb.io/latest/plugins) of the documentation.
|
||||||
|
|
|
@ -0,0 +1,88 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
|
||||||
|
import sys
|
||||||
|
sys.path.append("/opt/bunkerweb/deps/python")
|
||||||
|
sys.path.append("/opt/bunkerweb/utils")
|
||||||
|
|
||||||
|
from requests import get
|
||||||
|
from zipfile import ZipFile
|
||||||
|
from io import BytesIO
|
||||||
|
from os import getenv, makedirs, chmod, stat
|
||||||
|
from os.path import isfile, dirname
|
||||||
|
from stat import S_IEXEC
|
||||||
|
from uuid import uuid4
|
||||||
|
from glob import glob
|
||||||
|
from json import loads
|
||||||
|
from shutil import copytree, rmtree
|
||||||
|
from traceback import format_exc
|
||||||
|
|
||||||
|
from logger import log
|
||||||
|
|
||||||
|
status = 0
|
||||||
|
|
||||||
|
def install_plugin(plugin_dir) :
|
||||||
|
# Load plugin.json
|
||||||
|
metadata = {}
|
||||||
|
with open(plugin_dir + "plugin.json", "r") as f :
|
||||||
|
metadata = loads(f.read())
|
||||||
|
# Don't go further if plugin is already installed
|
||||||
|
if isfile("/data/plugins/" + metadata["id"] + "/plugin.json") :
|
||||||
|
log("JOBS", "ℹ️", "Skipping installation of plugin " + metadata["id"] + " (already installed)")
|
||||||
|
return
|
||||||
|
# Copy the plugin
|
||||||
|
copytree(plugin_dir, "/data/plugins/" + metadata["id"])
|
||||||
|
# Add u+x permissions to jobs files
|
||||||
|
for job_file in glob(plugin_dir + "jobs/*") :
|
||||||
|
st = stat(job_file)
|
||||||
|
chmod(job_file, st.st_mode | S_IEXEC)
|
||||||
|
|
||||||
|
try :
|
||||||
|
|
||||||
|
# Check if we have plugins to download
|
||||||
|
plugin_urls = getenv("EXTERNAL_PLUGIN_URLS", "")
|
||||||
|
if plugin_urls == "" :
|
||||||
|
log("JOBS", "ℹ️", "No external plugins to download")
|
||||||
|
|
||||||
|
# Loop on URLs
|
||||||
|
for plugin_url in plugin_urls.split(" ") :
|
||||||
|
|
||||||
|
# Download ZIP file
|
||||||
|
try :
|
||||||
|
req = get(plugin_url)
|
||||||
|
except :
|
||||||
|
log("JOBS", "❌", "Exception while downloading plugin(s) from " + plugin_url + " :")
|
||||||
|
print(format_exc())
|
||||||
|
status = 2
|
||||||
|
continue
|
||||||
|
|
||||||
|
# Extract it to tmp folder
|
||||||
|
temp_dir = "/opt/bunkerweb/tmp/plugins-" + str(uuid4()) + "/"
|
||||||
|
try :
|
||||||
|
makedirs(temp_dir, exist_ok=True)
|
||||||
|
with ZipFile(BytesIO(req.content)) as zf :
|
||||||
|
zf.extractall(path=temp_dir)
|
||||||
|
except :
|
||||||
|
log("JOBS", "❌", "Exception while decompressing plugin(s) from " + plugin_url + " :")
|
||||||
|
print(format_exc())
|
||||||
|
status = 2
|
||||||
|
continue
|
||||||
|
|
||||||
|
# Install plugins
|
||||||
|
try :
|
||||||
|
for plugin_dir in glob(temp_dir + "**/plugin.json", recursive=True) :
|
||||||
|
install_plugin(dirname(plugin_dir) + "/")
|
||||||
|
except :
|
||||||
|
log("JOBS", "❌", "Exception while installing plugin(s) from " + plugin_url + " :")
|
||||||
|
print(format_exc())
|
||||||
|
status = 2
|
||||||
|
continue
|
||||||
|
|
||||||
|
except :
|
||||||
|
status = 2
|
||||||
|
log("JOBS", "❌", "Exception while running download-plugins.py :")
|
||||||
|
print(format_exc())
|
||||||
|
|
||||||
|
for plugin_tmp in glob("/opt/bunkerweb/tmp/plugins-*/") :
|
||||||
|
rmtree(plugin_tmp)
|
||||||
|
|
||||||
|
sys.exit(status)
|
|
@ -18,6 +18,12 @@
|
||||||
"file": "mmdb-asn.py",
|
"file": "mmdb-asn.py",
|
||||||
"every": "week",
|
"every": "week",
|
||||||
"reload": true
|
"reload": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "download-plugins",
|
||||||
|
"file": "download-plugins.py",
|
||||||
|
"every": "once",
|
||||||
|
"reload": false
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -139,6 +139,15 @@
|
||||||
"label": "Open file cache valid time",
|
"label": "Open file cache valid time",
|
||||||
"regex": "^\\d+(ms|s|m|h|d|w|M|y)$",
|
"regex": "^\\d+(ms|s|m|h|d|w|M|y)$",
|
||||||
"type": "text"
|
"type": "text"
|
||||||
|
},
|
||||||
|
"EXTERNAL_PLUGIN_URLS" : {
|
||||||
|
"context": "global",
|
||||||
|
"default": "",
|
||||||
|
"help": "List of external plugins URLs (direct download to .zip file) to download and install (URLs are separated with space).",
|
||||||
|
"id": "external-plugin-urls",
|
||||||
|
"label": "External plugin URLs",
|
||||||
|
"regex": "^.*$",
|
||||||
|
"type": "text"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,10 +11,19 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
|
||||||
| **ClamAV** | 0.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
|
| **ClamAV** | 0.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
|
||||||
| **CrowdSec** | 0.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
|
| **CrowdSec** | 0.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
|
||||||
| **Discord** | 0.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
|
| **Discord** | 0.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
|
||||||
|
| **Slack** | 0.1 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
|
||||||
| **VirusTotal** | 0.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
|
| **VirusTotal** | 0.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
|
||||||
|
|
||||||
## How to use a plugin
|
## How to use a plugin
|
||||||
|
|
||||||
|
### Automatic
|
||||||
|
|
||||||
|
If you want to quickly install external plugins, you can use the `EXTERNAL_PLUGIN_URLS` setting. It takes a list of URLs, separated with space, pointing to compressed (zip format) archives containing one or more plugin(s).
|
||||||
|
|
||||||
|
Just use the following value if you want to automatically install the official plugins : `EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v0.2.zip`
|
||||||
|
|
||||||
|
### Manual
|
||||||
|
|
||||||
The first step is to install the plugin by putting the plugin files inside the corresponding `plugins` data folder, the procedure depends on your integration :
|
The first step is to install the plugin by putting the plugin files inside the corresponding `plugins` data folder, the procedure depends on your integration :
|
||||||
|
|
||||||
=== "Docker"
|
=== "Docker"
|
||||||
|
|
Loading…
Reference in New Issue