various bug fixes on templates and nginx update to 1.20.1
This commit is contained in:
parent
e2f02ee91e
commit
4a73ae8197
|
@ -1,4 +1,4 @@
|
|||
FROM nginx:1.20.0-alpine
|
||||
FROM nginx:1.20.1-alpine
|
||||
|
||||
COPY nginx-keys/ /tmp/nginx-keys
|
||||
COPY compile.sh /tmp/compile.sh
|
||||
|
@ -25,9 +25,6 @@ RUN chmod +x /tmp/prepare.sh && \
|
|||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
# fix CVE-2021-20205
|
||||
RUN apk add "libjpeg-turbo>=2.1.0-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
|
||||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM amd64/nginx:1.20.0-alpine
|
||||
FROM amd64/nginx:1.20.1-alpine
|
||||
|
||||
COPY nginx-keys/ /tmp/nginx-keys
|
||||
COPY compile.sh /tmp/compile.sh
|
||||
|
@ -25,9 +25,6 @@ RUN chmod +x /tmp/prepare.sh && \
|
|||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
# fix CVE-2021-20205
|
||||
RUN apk add "libjpeg-turbo>=2.1.0-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
|
||||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
|
|
@ -3,7 +3,7 @@ FROM alpine AS builder
|
|||
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
|
||||
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
|
||||
|
||||
FROM arm32v7/nginx:1.20.0-alpine
|
||||
FROM arm32v7/nginx:1.20.1-alpine
|
||||
|
||||
COPY --from=builder qemu-arm-static /usr/bin
|
||||
|
||||
|
@ -32,9 +32,6 @@ RUN chmod +x /tmp/prepare.sh && \
|
|||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
# fix CVE-2021-20205
|
||||
RUN apk add "libjpeg-turbo>=2.1.0-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
|
||||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
|
|
@ -3,7 +3,7 @@ FROM alpine AS builder
|
|||
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
|
||||
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
|
||||
|
||||
FROM arm64v8/nginx:1.20.0-alpine
|
||||
FROM arm64v8/nginx:1.20.1-alpine
|
||||
|
||||
COPY --from=builder qemu-aarch64-static /usr/bin
|
||||
|
||||
|
@ -32,9 +32,6 @@ RUN chmod +x /tmp/prepare.sh && \
|
|||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
# fix CVE-2021-20205
|
||||
RUN apk add "libjpeg-turbo>=2.1.0-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
|
||||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM i386/nginx:1.20.0-alpine
|
||||
FROM i386/nginx:1.20.1-alpine
|
||||
|
||||
COPY nginx-keys/ /tmp/nginx-keys
|
||||
COPY compile.sh /tmp/compile.sh
|
||||
|
@ -25,9 +25,6 @@ RUN chmod +x /tmp/prepare.sh && \
|
|||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
# fix CVE-2021-20205
|
||||
RUN apk add "libjpeg-turbo>=2.1.0-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
|
||||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM nginx:1.20.0-alpine AS builder
|
||||
FROM nginx:1.20.1-alpine AS builder
|
||||
|
||||
FROM alpine
|
||||
|
||||
|
|
|
@ -1,44 +1,26 @@
|
|||
FROM nginx:stable-alpine AS builder
|
||||
FROM nginx:1.20.1-alpine AS builder
|
||||
|
||||
FROM amd64/alpine
|
||||
|
||||
COPY --from=builder /etc/nginx/ /opt/confs/nginx
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
mkdir -p /opt/confs/global && \
|
||||
mkdir /opt/scripts && \
|
||||
addgroup -g 101 nginx && \
|
||||
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
|
||||
mkdir /etc/letsencrypt && \
|
||||
chown root:nginx /etc/letsencrypt && \
|
||||
chmod 770 /etc/letsencrypt && \
|
||||
mkdir /var/log/letsencrypt && \
|
||||
chown root:nginx /var/log/letsencrypt && \
|
||||
chmod 770 /var/log/letsencrypt && \
|
||||
mkdir /var/lib/letsencrypt && \
|
||||
chown root:nginx /var/lib/letsencrypt && \
|
||||
chmod 770 /var/lib/letsencrypt && \
|
||||
mkdir /cache && \
|
||||
chown root:nginx /cache && \
|
||||
chmod 770 /cache && \
|
||||
touch /var/log/jobs.log && \
|
||||
chown root:nginx /var/log/jobs.log && \
|
||||
chmod 770 /var/log/jobs.log && \
|
||||
chown -R root:nginx /opt/confs/nginx && \
|
||||
chmod -R 770 /opt/confs/nginx && \
|
||||
mkdir /acme-challenge && \
|
||||
chown root:nginx /acme-challenge && \
|
||||
chmod 770 /acme-challenge
|
||||
COPY autoconf/dependencies.sh /tmp
|
||||
RUN chmod +x /tmp/dependencies.sh && \
|
||||
/tmp/dependencies.sh && \
|
||||
rm -f /tmp/dependencies.sh
|
||||
|
||||
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
|
||||
COPY scripts/* /opt/scripts/
|
||||
COPY gen/ /opt/gen
|
||||
COPY entrypoint/ /opt/entrypoint
|
||||
COPY confs/global/ /opt/confs/global
|
||||
COPY confs/site/ /opt/confs/site
|
||||
COPY entrypoint/* /opt/entrypoint/
|
||||
COPY scripts/ /opt/scripts
|
||||
COPY settings.json /opt
|
||||
COPY misc/cron /etc/crontabs/nginx
|
||||
COPY autoconf/* /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
|
||||
|
||||
COPY autoconf/prepare.sh /tmp
|
||||
RUN chmod +x /tmp/prepare.sh && \
|
||||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -3,48 +3,30 @@ FROM alpine AS builder
|
|||
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
|
||||
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
|
||||
|
||||
FROM nginx:stable-alpine AS builder2
|
||||
FROM nginx:1.20.1-alpine AS builder2
|
||||
|
||||
FROM arm32v7/alpine
|
||||
|
||||
COPY --from=builder qemu-arm-static /usr/bin
|
||||
COPY --from=builder2 /etc/nginx/ /opt/confs/nginx
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
mkdir -p /opt/confs/global && \
|
||||
mkdir /opt/scripts && \
|
||||
addgroup -g 101 nginx && \
|
||||
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
|
||||
mkdir /etc/letsencrypt && \
|
||||
chown root:nginx /etc/letsencrypt && \
|
||||
chmod 770 /etc/letsencrypt && \
|
||||
mkdir /var/log/letsencrypt && \
|
||||
chown root:nginx /var/log/letsencrypt && \
|
||||
chmod 770 /var/log/letsencrypt && \
|
||||
mkdir /var/lib/letsencrypt && \
|
||||
chown root:nginx /var/lib/letsencrypt && \
|
||||
chmod 770 /var/lib/letsencrypt && \
|
||||
mkdir /cache && \
|
||||
chown root:nginx /cache && \
|
||||
chmod 770 /cache && \
|
||||
touch /var/log/jobs.log && \
|
||||
chown root:nginx /var/log/jobs.log && \
|
||||
chmod 770 /var/log/jobs.log && \
|
||||
chown -R root:nginx /opt/confs/nginx && \
|
||||
chmod -R 770 /opt/confs/nginx && \
|
||||
mkdir /acme-challenge && \
|
||||
chown root:nginx /acme-challenge && \
|
||||
chmod 770 /acme-challenge
|
||||
COPY autoconf/dependencies.sh /tmp
|
||||
RUN chmod +x /tmp/dependencies.sh && \
|
||||
/tmp/dependencies.sh && \
|
||||
rm -f /tmp/dependencies.sh
|
||||
|
||||
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
|
||||
COPY scripts/* /opt/scripts/
|
||||
COPY gen/ /opt/gen
|
||||
COPY entrypoint/ /opt/entrypoint
|
||||
COPY confs/global/ /opt/confs/global
|
||||
COPY confs/site/ /opt/confs/site
|
||||
COPY entrypoint/* /opt/entrypoint/
|
||||
COPY scripts/ /opt/scripts
|
||||
COPY settings.json /opt
|
||||
COPY misc/cron /etc/crontabs/nginx
|
||||
COPY autoconf/* /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
|
||||
|
||||
COPY autoconf/prepare.sh /tmp
|
||||
RUN chmod +x /tmp/prepare.sh && \
|
||||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -3,48 +3,30 @@ FROM alpine AS builder
|
|||
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
|
||||
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
|
||||
|
||||
FROM nginx:stable-alpine AS builder2
|
||||
FROM nginx:1.20.1-alpine AS builder2
|
||||
|
||||
FROM arm64v8/alpine
|
||||
|
||||
COPY --from=builder qemu-aarch64-static /usr/bin
|
||||
COPY --from=builder2 /etc/nginx/ /opt/confs/nginx
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
mkdir -p /opt/confs/global && \
|
||||
mkdir /opt/scripts && \
|
||||
addgroup -g 101 nginx && \
|
||||
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
|
||||
mkdir /etc/letsencrypt && \
|
||||
chown root:nginx /etc/letsencrypt && \
|
||||
chmod 770 /etc/letsencrypt && \
|
||||
mkdir /var/log/letsencrypt && \
|
||||
chown root:nginx /var/log/letsencrypt && \
|
||||
chmod 770 /var/log/letsencrypt && \
|
||||
mkdir /var/lib/letsencrypt && \
|
||||
chown root:nginx /var/lib/letsencrypt && \
|
||||
chmod 770 /var/lib/letsencrypt && \
|
||||
mkdir /cache && \
|
||||
chown root:nginx /cache && \
|
||||
chmod 770 /cache && \
|
||||
touch /var/log/jobs.log && \
|
||||
chown root:nginx /var/log/jobs.log && \
|
||||
chmod 770 /var/log/jobs.log && \
|
||||
chown -R root:nginx /opt/confs/nginx && \
|
||||
chmod -R 770 /opt/confs/nginx && \
|
||||
mkdir /acme-challenge && \
|
||||
chown root:nginx /acme-challenge && \
|
||||
chmod 770 /acme-challenge
|
||||
COPY autoconf/dependencies.sh /tmp
|
||||
RUN chmod +x /tmp/dependencies.sh && \
|
||||
/tmp/dependencies.sh && \
|
||||
rm -f /tmp/dependencies.sh
|
||||
|
||||
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
|
||||
COPY scripts/* /opt/scripts/
|
||||
COPY gen/ /opt/gen
|
||||
COPY entrypoint/ /opt/entrypoint
|
||||
COPY confs/global/ /opt/confs/global
|
||||
COPY confs/site/ /opt/confs/site
|
||||
COPY entrypoint/* /opt/entrypoint/
|
||||
COPY scripts/ /opt/scripts
|
||||
COPY settings.json /opt
|
||||
COPY misc/cron /etc/crontabs/nginx
|
||||
COPY autoconf/* /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
|
||||
|
||||
COPY autoconf/prepare.sh /tmp
|
||||
RUN chmod +x /tmp/prepare.sh && \
|
||||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -1,44 +1,26 @@
|
|||
FROM nginx:stable-alpine AS builder
|
||||
FROM nginx:1.20.1-alpine AS builder
|
||||
|
||||
FROM i386/alpine
|
||||
|
||||
COPY --from=builder /etc/nginx/ /opt/confs/nginx
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
mkdir -p /opt/confs/global && \
|
||||
mkdir /opt/scripts && \
|
||||
addgroup -g 101 nginx && \
|
||||
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
|
||||
mkdir /etc/letsencrypt && \
|
||||
chown root:nginx /etc/letsencrypt && \
|
||||
chmod 770 /etc/letsencrypt && \
|
||||
mkdir /var/log/letsencrypt && \
|
||||
chown root:nginx /var/log/letsencrypt && \
|
||||
chmod 770 /var/log/letsencrypt && \
|
||||
mkdir /var/lib/letsencrypt && \
|
||||
chown root:nginx /var/lib/letsencrypt && \
|
||||
chmod 770 /var/lib/letsencrypt && \
|
||||
mkdir /cache && \
|
||||
chown root:nginx /cache && \
|
||||
chmod 770 /cache && \
|
||||
touch /var/log/jobs.log && \
|
||||
chown root:nginx /var/log/jobs.log && \
|
||||
chmod 770 /var/log/jobs.log && \
|
||||
chown -R root:nginx /opt/confs/nginx && \
|
||||
chmod -R 770 /opt/confs/nginx && \
|
||||
mkdir /acme-challenge && \
|
||||
chown root:nginx /acme-challenge && \
|
||||
chmod 770 /acme-challenge
|
||||
COPY autoconf/dependencies.sh /tmp
|
||||
RUN chmod +x /tmp/dependencies.sh && \
|
||||
/tmp/dependencies.sh && \
|
||||
rm -f /tmp/dependencies.sh
|
||||
|
||||
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
|
||||
COPY scripts/* /opt/scripts/
|
||||
COPY gen/ /opt/gen
|
||||
COPY entrypoint/ /opt/entrypoint
|
||||
COPY confs/global/ /opt/confs/global
|
||||
COPY confs/site/ /opt/confs/site
|
||||
COPY entrypoint/* /opt/entrypoint/
|
||||
COPY scripts/ /opt/scripts
|
||||
COPY settings.json /opt
|
||||
COPY misc/cron /etc/crontabs/nginx
|
||||
COPY autoconf/* /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
|
||||
|
||||
COPY autoconf/prepare.sh /tmp
|
||||
RUN chmod +x /tmp/prepare.sh && \
|
||||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
# todo : if api_uri == "random"
|
||||
location ~ ^{{ API_URI }}/ping {
|
||||
location ~ ^%API_URI%/ping {
|
||||
return 444;
|
||||
}
|
||||
|
||||
location ~ {{ API_URI }} {
|
||||
location ~ %API_URI% {
|
||||
|
||||
rewrite_by_lua_block {
|
||||
|
||||
local api = require "api"
|
||||
local api_whitelist_ip = {% raw %}{{% endraw %}{% set elements = API_WHITELIST_IP.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local api_uri = "{{ API_URI }}"
|
||||
local api_whitelist_ip = { %API_WHITELIST_IP% }
|
||||
local api_uri = "%API_URI%"
|
||||
local logger = require "logger"
|
||||
|
||||
if api.is_api_call(api_uri, api_whitelist_ip) then
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
rewrite_by_lua_block {
|
||||
|
||||
local api = require "api"
|
||||
local api_whitelist_ip = {% raw %}{{% endraw %}{% set elements = API_WHITELIST_IP.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local api_whitelist_ip = {% raw %}{{% endraw %}{% if API_WHITELIST_IP != ""%}{% set elements = API_WHITELIST_IP.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
local api_uri = "{{ API_URI }}"
|
||||
local logger = require "logger"
|
||||
|
||||
|
|
|
@ -6,10 +6,14 @@ geoip2 /etc/nginx/geoip.mmdb {
|
|||
|
||||
map $geoip2_data_country_code $allowed_country {
|
||||
default {% if WHITELIST_COUNTRY != "" %}no{% else %}yes{% endif %};
|
||||
{% for country in WHITELIST_COUNTRY.split(" ") %}
|
||||
{{ country }} yes;
|
||||
{% endfor %}
|
||||
{% for country in BLACKLIST_COUNTRY.split(" ") %}
|
||||
{{ country }} no;
|
||||
{% endfor %}
|
||||
{% if WHITELIST_COUNTRY != "" %}
|
||||
{% for country in WHITELIST_COUNTRY.split(" ") %}
|
||||
{{ country }} yes;
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if BLACKLIST_COUNTRY != "" %}
|
||||
{% for country in BLACKLIST_COUNTRY.split(" ") %}
|
||||
{{ country }} no;
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ log_by_lua_block {
|
|||
-- bad behavior
|
||||
local use_bad_behavior = {% if USE_BAD_BEHAVIOR == "yes" %}true{% else %}false{% endif %}
|
||||
local behavior = require "behavior"
|
||||
local bad_behavior_status_codes = {% raw %}{{% endraw %}{% set elements = BAD_BEHAVIOR_STATUS_CODES.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local bad_behavior_status_codes = {% raw %}{{% endraw %}{% if BAD_BEHAVIOR_STATUS_CODES != "" %}{% set elements = BAD_BEHAVIOR_STATUS_CODES.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
local bad_behavior_threshold = {{ BAD_BEHAVIOR_THRESHOLD }}
|
||||
local bad_behavior_count_time = {{ BAD_BEHAVIOR_COUNT_TIME }}
|
||||
local bad_behavior_ban_time = {{ BAD_BEHAVIOR_BAN_TIME }}
|
||||
|
|
|
@ -30,23 +30,23 @@ local use_antibot_captcha = {% if USE_ANTIBOT == "captcha" %}true{% else %}false
|
|||
local use_antibot_recaptcha = {% if USE_ANTIBOT == "recaptcha" %}true{% else %}false{% endif %}
|
||||
|
||||
-- resolvers
|
||||
local dns_resolvers = {% raw %}{{% endraw %}{% set elements = DNS_RESOLVERS.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local dns_resolvers = {% raw %}{{% endraw %}{% if DNS_RESOLVERS != "" %}{% set elements = DNS_RESOLVERS.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
|
||||
-- whitelist
|
||||
local use_whitelist_ip = {% if USE_WHITELIST_IP == "yes" %}true{% else %}false{% endif %}
|
||||
local use_whitelist_reverse = {% if USE_WHITELIST_REVERSE == "yes" %}true{% else %}false{% endif %}
|
||||
local whitelist_ip_list = {% raw %}{{% endraw %}{% set elements = WHITELIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local whitelist_reverse_list = {% raw %}{{% endraw %}{% set elements = WHITELIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local whitelist_ip_list = {% raw %}{{% endraw %}{% if WHITELIST_IP_LIST != "" %}{% set elements = WHITELIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
local whitelist_reverse_list = {% raw %}{{% endraw %}{% if WHITELIST_REVERSE_LIST != "" %}{% set elements = WHITELIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
|
||||
-- blacklist
|
||||
local use_blacklist_ip = {% if USE_BLACKLIST_IP == "yes" %}true{% else %}false{% endif %}
|
||||
local use_blacklist_reverse = {% if USE_BLACKLIST_REVERSE == "yes" %}true{% else %}false{% endif %}
|
||||
local blacklist_ip_list = {% raw %}{{% endraw %}{% set elements = BLACKLIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local blacklist_reverse_list = {% raw %}{{% endraw %}{% set elements = BLACKLIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local blacklist_ip_list = {% raw %}{{% endraw %}{% if BLACKLIST_IP_LIST != "" %}{% set elements = BLACKLIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
local blacklist_reverse_list = {% raw %}{{% endraw %}{% if BLACKLIST_REVERSE_LIST != "" %}{% set elements = BLACKLIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
|
||||
-- dnsbl
|
||||
local use_dnsbl = {% if USE_DNSBL == "yes" %}true{% else %}false{% endif %}
|
||||
local dnsbl_list = {% raw %}{{% endraw %}{% set elements = DNSBL_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local dnsbl_list = {% raw %}{{% endraw %}{% if DNSBL_LIST != "" %}{% set elements = DNSBL_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
|
||||
-- bad behavior
|
||||
local use_bad_behavior = {% if USE_BAD_BEHAVIOR == "yes" %}true{% else %}false{% endif %}
|
||||
|
@ -65,8 +65,8 @@ local logger = require "logger"
|
|||
|
||||
-- user variables
|
||||
local antibot_uri = "{{ ANTIBOT_URI }}"
|
||||
local whitelist_user_agent = {% raw %}{{% endraw %}{% set elements = WHITELIST_USER_AGENT.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local whitelist_uri = {% raw %}{{% endraw %}{% set elements = WHITELIST_URI.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
|
||||
local whitelist_user_agent = {% raw %}{{% endraw %}{% if WHITELIST_USER_AGENT != "" %}{% set elements = WHITELIST_USER_AGENT.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
local whitelist_uri = {% raw %}{{% endraw %}{% if WHITELIST_URI != "" %}{% set elements = WHITELIST_URI.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
|
||||
|
||||
-- check if already in whitelist cache
|
||||
if use_whitelist_ip and whitelist.ip_cached_ok() then
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
root {{ ROOT_FOLDER }}/{{ FIRST_SERVER }};
|
||||
root {{ ROOT_FOLDER }};
|
||||
index index.html index.php;
|
||||
try_files $uri $uri/ =404;
|
||||
|
|
|
@ -94,7 +94,7 @@ pid="$!"
|
|||
if [ "$1" == "test" ] ; then
|
||||
sleep 10
|
||||
echo -n "autotest" > /www/index.html
|
||||
check=$(curl "http://localhost:8080")
|
||||
check=$(curl -H "User-Agent: legit" "http://localhost:8080")
|
||||
if [ "$check" == "autotest" ] ; then
|
||||
exit 0
|
||||
fi
|
||||
|
|
|
@ -10,11 +10,13 @@ if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$SWARM_MODE" = "yes" ] ;
|
|||
if [ "$SWARM_MODE" = "yes" ] ; then
|
||||
replace_in_file "/tmp/nginx-temp.conf" "%USE_API%" "include /tmp/api.conf;"
|
||||
replace_in_file "/tmp/api.conf" "%API_URI%" "$API_URI"
|
||||
API_WHITELIST_IP="${API_WHITELIST_IP-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}"
|
||||
list=$(spaces_to_lua "$API_WHITELIST_IP")
|
||||
replace_in_file "/tmp/api.conf" "%API_WHITELIST_IP%" "$list"
|
||||
else
|
||||
replace_in_file "/tmp/nginx-temp.conf" "%USE_API%" ""
|
||||
fi
|
||||
HTTP_PORT="${HTTP_PORT-8080}"
|
||||
replace_in_file "/tmp/nginx-temp.conf" "%HTTP_PORT%" "$HTTP_PORT"
|
||||
nginx -c /tmp/nginx-temp.conf
|
||||
if [ "$?" -eq 0 ] ; then
|
||||
|
|
Loading…
Reference in New Issue