librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

ci/cd - fix BW CVEs and fix Linux restart

This commit is contained in:
bunkerity 2023-03-27 15:28:06 +02:00
parent fa7c7ac91f
commit 461789aed6
3 changed files with 52 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/bw/Dockerfile
View File

@ -74,7 +74,7 @@ RUN apk add --no-cache pcre bash python3 && \
chmod 660 /usr/share/bunkerweb/INTEGRATION
# Fix CVEs
# No need to update anything for now, there are no CVE concerning the already installed packages inside this image
RUN apk add "curl>=7.83.1-r6" "libcrypto1.1>=1.1.1t-r1" "libcurl>=7.83.1-r6" "libssl1.1>=1.1.1t-r1"
VOLUME /data /etc/nginx

41
src/linux/scripts/start.sh
View File

@ -78,10 +78,10 @@ function start() {
# Set the PYTHONPATH
export PYTHONPATH=/usr/share/bunkerweb/deps/python
log "ENTRYPOINT" "" "Starting BunkerWeb service ..."
log "SYSTEMCTL" "" "Starting BunkerWeb service ..."
# Setup and check /data folder
/usr/share/bunkerweb/helpers/data.sh "ENTRYPOINT"
/usr/share/bunkerweb/helpers/data.sh "SYSTEMCTL"
# Stop scheduler if it's running
stop_scheduler
@ -95,15 +95,15 @@ function start() {
fi
/usr/share/bunkerweb/gen/main.py --variables /var/tmp/bunkerweb/tmp.env --no-linux-reload
if [ $? -ne 0 ] ; then
log "ENTRYPOINT" "❌" "Error while generating config from /var/tmp/bunkerweb/tmp.env"
log "SYSTEMCTL" "❌" "Error while generating config from /var/tmp/bunkerweb/tmp.env"
exit 1
fi
# Start nginx
log "ENTRYPOINT" "" "Starting nginx ..."
log "SYSTEMCTL" "" "Starting nginx ..."
nginx
if [ $? -ne 0 ] ; then
log "ENTRYPOINT" "❌" "Error while executing nginx"
log "SYSTEMCTL" "❌" "Error while executing nginx"
exit 1
fi
count=0
@ -114,13 +114,13 @@ function start() {
fi
count=$(($count + 1))
sleep 1
log "ENTRYPOINT" "" "Waiting for nginx to start ..."
log "SYSTEMCTL" "" "Waiting for nginx to start ..."
done
if [ $count -ge 10 ] ; then
log "ENTRYPOINT" "❌" "nginx is not started"
log "SYSTEMCTL" "❌" "nginx is not started"
exit 1
fi
log "ENTRYPOINT" "" "nginx started ..."
log "SYSTEMCTL" "" "nginx started ..."
# Create dummy variables.env
if [ ! -f /etc/bunkerweb/variables.env ]; then
@ -128,59 +128,60 @@ function start() {
fi
# Update database
log "SYSTEMCTL" "" "Updating database ..."
if [ ! -f /var/lib/bunkerweb/db.sqlite3 ]; then
/usr/share/bunkerweb/gen/save_config.py --variables /etc/bunkerweb/variables.env --init
else
/usr/share/bunkerweb/gen/save_config.py --variables /etc/bunkerweb/variables.env
fi
if [ $? -ne 0 ] ; then
log "ENTRYPOINT" "❌" "save_config failed"
log "SYSTEMCTL" "❌" "save_config failed"
exit 1
fi
log "SYSTEMCTL" "" "Database updated ..."
# Execute scheduler
log "ENTRYPOINT" " " "Executing scheduler ..."
log "SYSTEMCTL" " " "Executing scheduler ..."
/usr/share/bunkerweb/scheduler/main.py --variables /etc/bunkerweb/variables.env
if [ "$?" -ne 0 ] ; then
log "ENTRYPOINT" "❌" "Scheduler failed"
log "SYSTEMCTL" "❌" "Scheduler failed"
exit 1
fi
log "ENTRYPOINT" " " "Scheduler stopped"
log "SYSTEMCTL" " " "Scheduler stopped"
}
function stop() {
log "ENTRYPOINT" "" "Stopping BunkerWeb service ..."
log "SYSTEMCTL" "" "Stopping BunkerWeb service ..."
stop_nginx
stop_scheduler
log "ENTRYPOINT" "" "BunkerWeb service stopped"
log "SYSTEMCTL" "" "BunkerWeb service stopped"
}
function reload()
{
log "ENTRYPOINT" "" "Reloading BunkerWeb service ..."
log "SYSTEMCTL" "" "Reloading BunkerWeb service ..."
PID_FILE_PATH="/var/tmp/bunkerweb/scheduler.pid"
if [ -f "$PID_FILE_PATH" ];
then
var=$(cat "$PID_FILE_PATH")
# Send signal to scheduler to reload
log "ENTRYPOINT" "" "Sending reload signal to scheduler ..."
log "SYSTEMCTL" "" "Sending reload signal to scheduler ..."
kill -SIGHUP $var
result=$?
if [ $result -ne 0 ] ; then
log "ENTRYPOINT" "❌" "Your command exited with non-zero status $result"
log "SYSTEMCTL" "❌" "Your command exited with non-zero status $result"
exit 1
fi
else
log "ENTRYPOINT" "❌" "Scheduler is not running"
log "SYSTEMCTL" "❌" "Scheduler is not running"
exit 1
fi
log "ENTRYPOINT" "" "BunkerWeb service reloaded ..."
log "SYSTEMCTL" "" "BunkerWeb service reloaded ..."
}
# List of differents args

37
src/scheduler/main.py
View File

@ -382,22 +382,45 @@ if __name__ == "__main__":
else:
logger.info("Successfuly sent /data/cache folder")
# reload nginx
logger.info("Reloading nginx ...")
# restart nginx
logger.info("Stopping temp nginx ...")
if integration == "Linux":
# Reloading the nginx server.
# Stop temp nginx
proc = subprocess_run(
# Reload nginx
["/usr/sbin/nginx", "-s", "reload"],
["/usr/sbin/nginx", "-s", "stop"],
stdin=DEVNULL,
stderr=STDOUT,
env=deepcopy(env),
)
if proc.returncode == 0:
logger.info("Successfuly reloaded nginx")
logger.info("Successfuly sent stop signal to temp nginx")
i = 0
while i < 20 :
if not Path("/var/tmp/bunkerweb/nginx.pid").is_file() :
break
logger.warning("Waiting for temp nginx to stop ...")
sleep(1)
i += 1
if i >= 20 :
logger.error("Timeout error while waiting for temp nginx to stop")
else :
# Start nginx
logger.info("Starting nginx ...")
proc = subprocess_run(
["/usr/sbin/nginx"],
stdin=DEVNULL,
stderr=STDOUT,
env=deepcopy(env),
)
if proc.returncode == 0:
logger.info("Successfuly started nginx")
else :
logger.error(
f"Error while starting nginx - returncode: {proc.returncode} - error: {proc.stderr.decode('utf-8')}",
)
else:
logger.error(
f"Error while reloading nginx - returncode: {proc.returncode} - error: {proc.stderr.decode('utf-8')}",
f"Error while sending stop signal to temp nginx - returncode: {proc.returncode} - error: {proc.stderr.decode('utf-8')}",
)
else:
if api_caller._send_to_apis("POST", "/reload"):