integrations - fix missing acme folder when using Swarm or Kubernetes
This commit is contained in:
parent
7045c0c2b6
commit
650ad7ea49
|
@ -52,9 +52,9 @@ chmod 770 /cache
|
|||
|
||||
# prepare /acme-challenge
|
||||
ln -s /acme-challenge /opt/bunkerized-nginx/acme-challenge
|
||||
mkdir /acme-challenge
|
||||
chown root:nginx /acme-challenge
|
||||
chmod 770 /acme-challenge
|
||||
mkdir -p /acme-challenge/.well-known/acme-challenge
|
||||
chown -R root:nginx /acme-challenge
|
||||
chmod -R 770 /acme-challenge
|
||||
|
||||
# prepare /http-confs
|
||||
ln -s /http-confs /opt/bunkerized-nginx/http-confs
|
||||
|
|
|
@ -12,7 +12,8 @@ CONFIGS = {
|
|||
"http": "/http-confs",
|
||||
"server": "/server-confs",
|
||||
"modsec": "/modsec-confs",
|
||||
"modsec-crs": "/modsec-crs-confs"
|
||||
"modsec-crs": "/modsec-crs-confs",
|
||||
"acme": "/acme-challenge"
|
||||
}
|
||||
|
||||
class Config :
|
||||
|
|
|
@ -2,7 +2,7 @@ import socketserver, threading, os, stat
|
|||
|
||||
from logger import log
|
||||
|
||||
class ReloadServerHandler(socketserver.StreamRequestHandler):
|
||||
class ReloadServerHandler(socketserver.BaseRequestHandler):
|
||||
|
||||
def handle(self) :
|
||||
locked = False
|
||||
|
@ -10,7 +10,8 @@ class ReloadServerHandler(socketserver.StreamRequestHandler):
|
|||
|
||||
while True :
|
||||
data = self.request.recv(512)
|
||||
if not data or not data in [b"lock", b"reload", b"unlock"] :
|
||||
print(data, flush=True)
|
||||
if not data or not data in [b"lock", b"reload", b"unlock", b"acme"] :
|
||||
break
|
||||
if data == b"lock" :
|
||||
self.server.controller.lock.acquire()
|
||||
|
|
|
@ -1,33 +1,19 @@
|
|||
#!/bin/sh
|
||||
|
||||
# prepare /www
|
||||
mkdir /www
|
||||
chown -R root:nginx /www
|
||||
chmod -R 770 /www
|
||||
|
||||
# prepare /acme-challenge
|
||||
mkdir /acme-challenge
|
||||
chown root:nginx /acme-challenge
|
||||
chmod 770 /acme-challenge
|
||||
|
||||
# prepare /cache
|
||||
mkdir /cache
|
||||
chown root:nginx /cache
|
||||
chmod 770 /cache
|
||||
|
||||
# prepare /plugins
|
||||
mkdir /plugins
|
||||
chown root:nginx /plugins
|
||||
chmod 770 /plugins
|
||||
|
||||
# prepare symlinks
|
||||
# prepare folders
|
||||
folders="www http-confs server-confs modsec-confs modsec-crs-confs cache pre-server-confs acme-challenge plugins"
|
||||
for folder in $folders ; do
|
||||
if [ -e "/opt/bunkerized-nginx/$folder" ] ; then
|
||||
rm -rf "/opt/bunkerized-nginx/$folder"
|
||||
if [ -e "/opt/bunkerized-nginx/${folder}" ] ; then
|
||||
rm -rf "/opt/bunkerized-nginx/${folder}"
|
||||
fi
|
||||
mkdir "/${folder}"
|
||||
chown root:nginx "/${folder}"
|
||||
chmod 770 "/${folder}"
|
||||
ln -s "/$folder" "/opt/bunkerized-nginx/$folder"
|
||||
done
|
||||
mkdir -p /acme-challenge/.well-known/acme-challenge
|
||||
chown -R root:nginx /acme-challenge
|
||||
chmod 770 /acme-challenge
|
||||
|
||||
# prepare /var/log
|
||||
rm -f /var/log/nginx/*
|
||||
|
|
|
@ -348,7 +348,7 @@ module_hotfixes=true"
|
|||
elif [ "$OS" = "fedora" ] ; then
|
||||
echo "[*] Install nginx"
|
||||
do_and_check_cmd dnf install -y nginx
|
||||
elif [ "$OS" = "archlinux" ; then
|
||||
elif [ "$OS" = "archlinux" ] ; then
|
||||
echo "[*] Update pacman DB"
|
||||
do_and_check_cmd pacman -Sy
|
||||
echo "[*] Install nginx"
|
||||
|
@ -825,7 +825,7 @@ fi
|
|||
# Create acme-challenge folder
|
||||
if [ ! -d "/opt/bunkerized-nginx/acme-challenge" ] ; then
|
||||
echo "[*] Create /opt/bunkerized-nginx/acme-challenge folder"
|
||||
do_and_check_cmd mkdir /opt/bunkerized-nginx/acme-challenge
|
||||
do_and_check_cmd mkdir -p /opt/bunkerized-nginx/acme-challenge/.well-known/acme-challenge
|
||||
fi
|
||||
|
||||
# Create plugins folder
|
||||
|
@ -840,7 +840,7 @@ do_and_check_cmd chown -R root:nginx /opt/bunkerized-nginx
|
|||
do_and_check_cmd find /opt/bunkerized-nginx -type f -exec chmod 0740 {} \;
|
||||
do_and_check_cmd find /opt/bunkerized-nginx -type d -exec chmod 0750 {} \;
|
||||
do_and_check_cmd chmod 770 /opt/bunkerized-nginx/cache
|
||||
do_and_check_cmd chmod 770 /opt/bunkerized-nginx/acme-challenge
|
||||
do_and_check_cmd chmod -R 770 /opt/bunkerized-nginx/acme-challenge
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/entrypoint/*
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/gen/main.py
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/main.py
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
45 0 * * * . /opt/bunkerized-nginx/entrypoint/utils.sh && [ "$(has_value BLOCK_REFERRER yes)" != "" ] && /bin/su -c "/opt/bunkerized-nginx/jobs/main.py --reload --lock --name referrers" nginx >> /var/log/nginx/jobs.log 2>&1
|
||||
0 1 * * * . /opt/bunkerized-nginx/entrypoint/utils.sh && [ "$(has_value BLOCK_ABUSERS yes)" != "" ] && /bin/su -c "/opt/bunkerized-nginx/jobs/main.py --reload --lock --name abusers" nginx >> /var/log/nginx/jobs.log 2>&1
|
||||
0 2 * * * . /opt/bunkerized-nginx/entrypoint/utils.sh && [ "$(has_value BLOCK_PROXIES yes)" != "" ] && /bin/su -c "/opt/bunkerized-nginx/jobs/main.py --reload --lock --name proxies" nginx >> /var/log/nginx/jobs.log 2>&1
|
||||
30 */1 * * * . /opt/bunkerized-nginx/entrypoint/utils.sh && [ "$(has_value USE_REMOTE_API yes)" != "" ] && /bin/su -c "/opt/bunkerized-nginx/jobs/main.py --reload --name remote-api-database --server $(grep '^REMOTE_API_SERVER=' /etc/nginx/global.env | cut -d '=' -f 2) --version $(cat /opt/bunkerized-nginx/VERSION) --id $(cat /opt/bunkerized-nginx/cache/machine.id)" nginx >> /var/log/nginx/jobs.log 2>&1
|
||||
30 */1 * * * . /opt/bunkerized-nginx/entrypoint/utils.sh && [ "$(has_value USE_REMOTE_API yes)" != "" ] && /bin/su -c "/opt/bunkerized-nginx/jobs/main.py --reload --lock --name remote-api-database --server $(grep '^REMOTE_API_SERVER=' /etc/nginx/global.env | cut -d '=' -f 2) --version $(cat /opt/bunkerized-nginx/VERSION) --id $(cat /opt/bunkerized-nginx/cache/machine.id)" nginx >> /var/log/nginx/jobs.log 2>&1
|
||||
0 */1 * * * . /opt/bunkerized-nginx/entrypoint/utils.sh && [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] && /bin/su -c "/opt/bunkerized-nginx/jobs/main.py --reload --lock --name exit-nodes" nginx >> /var/log/nginx/jobs.log 2>&1
|
||||
0 3 2 * * . /opt/bunkerized-nginx/entrypoint/utils.sh && [ [ "$(has_value BLACKLIST_COUNTRY ".\+")" != "" ] || [ "$(has_value WHITELIST_COUNTRY ".\+")" != "" ] ] && /bin/su -c "/opt/bunkerized-nginx/jobs/main.py --reload --lock --name geoip" nginx >> /var/log/nginx/jobs.log 2>&1
|
||||
|
|
Loading…
Reference in New Issue