librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

move /etc/letsencrypt to /var/cache/bunkerweb/letsencrypt (wip)

This commit is contained in:
florian 2023-05-04 17:52:18 +02:00
parent 75ca603b7d
commit 773874154d
27 changed files with 123 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/autoconf/Dockerfile
View File

@ -37,7 +37,6 @@ RUN apk add --no-cache bash && \
mkdir -p /etc/bunkerweb && \
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
mkdir -p /data/cache/letsencrypt && ln -s /data/cache/letsencrypt /etc/letsencrypt && \
mkdir -p /data/www && ln -s /data/www /var/www/html && \
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \

1
src/bw/Dockerfile
View File

@ -50,7 +50,6 @@ RUN apk add --no-cache pcre bash python3 && \
mkdir -p /var/www/html && \
mkdir -p /etc/bunkerweb && \
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
mkdir -p /data/cache/letsencrypt && ln -s /data/cache/letsencrypt /etc/letsencrypt && \
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
chown -R root:nginx /data && \

2
src/common/core/blacklist/jobs/blacklist-download.py
View File

@ -192,6 +192,8 @@ try:
if not cached:
logger.error(f"Error while caching blacklist : {err}")
status = 2
else:
status = 1
except:
status = 2
logger.error(

10
src/common/core/bunkernet/jobs/bunkernet-register.py
View File

@ -53,7 +53,7 @@ try:
# Ask an ID if needed
bunkernet_id = None
if not not is_cached_file(
if not is_cached_file(
f"/var/cache/bunkerweb/blacklist/{kind}.list", "hour", db
):
logger.info("Registering instance on BunkerNet API ...")
@ -62,7 +62,7 @@ try:
logger.error(
f"Error while sending register request to BunkerNet API : {data}"
)
_exit(1)
_exit(2)
elif status == 429:
logger.warning(
"BunkerNet API is rate limiting us, trying again later...",
@ -80,13 +80,13 @@ try:
logger.error(
f"Received invalid data from BunkerNet API while sending db request : {data}, retrying later...",
)
_exit(1)
_exit(2)
if status != 200:
logger.error(
f"Error {status} from BunkerNet API : {data['data']}",
)
_exit(1)
_exit(2)
elif data.get("result", "ko") != "ok":
logger.error(
f"Received error from BunkerNet API while sending register request : {data.get('data', {})}"
@ -133,7 +133,7 @@ try:
logger.error(
f"Received invalid data from BunkerNet API while sending db request : {data}, retrying later...",
)
_exit(1)
_exit(2)
if data.get("result", "ko") != "ok":
logger.error(

2
src/common/core/greylist/jobs/greylist-download.py
View File

@ -174,6 +174,8 @@ try:
if not cached:
logger.error(f"Error while caching greylist : {err}")
status = 2
else:
status = 1
except:
status = 2
logger.error(

1
src/common/core/jobs/jobs/download-plugins.py
View File

@ -161,6 +161,7 @@ try:
f"Couldn't update external plugins to database: {err}",
)
status = 1
logger.info("External plugins downloaded and installed")
except:

6
src/common/core/letsencrypt/confs/server-http/lets-encrypt.conf
View File

@ -10,8 +10,8 @@ location ~ ^/.well-known/acme-challenge/ {
listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %};
# TLS config
ssl_certificate /etc/letsencrypt/live/{{ SERVER_NAME.split(" ")[0] }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ SERVER_NAME.split(" ")[0] }}/privkey.pem;
ssl_certificate /var/cache/bunkerweb/letsencrypt/etc/live/{{ SERVER_NAME.split(" ")[0] }}/fullchain.pem;
ssl_certificate_key /var/cache/bunkerweb/letsencrypt/etc/live/{{ SERVER_NAME.split(" ")[0] }}/privkey.pem;
ssl_protocols {{ SSL_PROTOCOLS }};
ssl_prefer_server_ciphers on;
ssl_session_tickets off;
@ -22,4 +22,4 @@ ssl_dhparam /etc/nginx/dhparam;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
{% endif %}
{% endif %}
{% endif %}

6
src/common/core/letsencrypt/confs/server-stream/lets-encrypt.conf
View File

@ -4,8 +4,8 @@
listen 0.0.0.0:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% endif %}{% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %};
# TLS config
ssl_certificate /etc/letsencrypt/live/{{ SERVER_NAME.split(" ")[0] }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ SERVER_NAME.split(" ")[0] }}/privkey.pem;
ssl_certificate /var/cache/bunkerweb/letsencrypt/etc/live/{{ SERVER_NAME.split(" ")[0] }}/fullchain.pem;
ssl_certificate_key /var/cache/bunkerweb/letsencrypt/etc/live/{{ SERVER_NAME.split(" ")[0] }}/privkey.pem;
ssl_protocols {{ SSL_PROTOCOLS }};
ssl_prefer_server_ciphers on;
ssl_session_tickets off;
@ -16,4 +16,4 @@ ssl_dhparam /etc/nginx/dhparam;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
{% endif %}
{% endif %}
{% endif %}

24
src/common/core/letsencrypt/jobs/certbot-new.py
View File

@ -30,15 +30,15 @@ db = Database(
lock = Lock()
status = 0
def folder_to_tgz() :
with taropen("/var/tmp/bunkerweb/")
def certbot_new(domains, email):
environ["PYTHONPATH"] = "/usr/share/bunkerweb/deps/python"
proc = run(
[
"/usr/share/bunkerweb/deps/python/bin/certbot",
"certonly",
"--config-dir=/var/cache/bunkerweb/letsencrypt/etc",
"--work-dir=/var/cache/bunkerweb/letsencrypt/lib",
"--logs-dir=/var/cache/bunkerweb/letsencrypt/log",
"--manual",
"--preferred-challenges=http",
"--manual-auth-hook",
@ -62,7 +62,7 @@ def certbot_new(domains, email):
status = 0
try:
# Create directories if they don't exist
# Create directory if it doesn't exist
Path("/var/cache/bunkerweb/letsencrypt").mkdir(parents=True, exist_ok=True)
# Extract letsencrypt folder if it exists in db
@ -132,7 +132,7 @@ try:
first_server = getenv("SERVER_NAME", "").split(" ")[0]
domains = getenv("SERVER_NAME", "").replace(" ", ",")
if Path(f"/var/cache/bunkerweb/letsencrypt/{first_server}/cert.pem").exists():
if Path(f"/var/cache/bunkerweb/letsencrypt/etc/live/{first_server}/cert.pem").exists():
logger.info(f"Certificates already exists for domain(s) {domains}")
else:
real_email = getenv("EMAIL_LETS_ENCRYPT", f"contact@{first_server}")
@ -154,16 +154,20 @@ try:
# Put new folder in cache
if db:
bio = BytesIO()
with tfopen(mode="w:gz", fileobj=bio) as tgz:
with tfopen("folder.tgz", mode="w:gz", fileobj=bio) as tgz:
tgz.add("/var/cache/bunkerweb/letsencrypt", arcname=".")
bio.seek(0)
# Put tgz in cache
cached, err = cache_file(
f"/var/cache/bunkerweb/letsencrypt/folder.tgz",
f"/var/cache/bunkerweb/blacklist/{kind}.list",
new_hash,
db,
f"certbot-new",
f"folder.tgz",
bio,
db
)
if not cached:
logger.error(f"Error while saving Let's Encrypt data to db cache : {err}")
else:
logger.info("Successfully saved Let's Encrypt data to db cache")
except:
status = 3

50
src/common/core/letsencrypt/jobs/certbot-renew.py
View File

@ -1,6 +1,6 @@
#!/usr/bin/python3
from os import environ, getenv
from os import environ, getenv, listdir
from pathlib import Path
from subprocess import DEVNULL, STDOUT, run
from sys import exit as sys_exit, path as sys_path
@ -15,6 +15,7 @@ sys_path.extend(
from logger import setup_logger
from Database import Database
def renew(domain):
environ["PYTHONPATH"] = "/usr/share/bunkerweb/deps/python"
@ -22,6 +23,9 @@ def renew(domain):
[
"/usr/share/bunkerweb/deps/python/bin/certbot",
"renew",
"--config-dir=/var/cache/bunkerweb/letsencrypt/etc",
"--work-dir=/var/cache/bunkerweb/letsencrypt/lib",
"--logs-dir=/var/cache/bunkerweb/letsencrypt/log",
"--cert-name",
domain,
"--deploy-hook",
@ -38,6 +42,28 @@ logger = setup_logger("LETS-ENCRYPT", getenv("LOG_LEVEL", "INFO"))
status = 0
try:
# Create directory if it doesn't exist
Path("/var/cache/bunkerweb/letsencrypt").mkdir(parents=True, exist_ok=True)
# Extract letsencrypt folder if it exists in db
db = Database(
logger,
sqlalchemy_string=getenv("DATABASE_URI", None),
)
if db:
tgz = get_file("certbot-new", "folder.tgz", db)
if tgz:
# Delete folder if needed
if len(listdir("/var/cache/bunkerweb/letsencrypt")) > 0:
rmtree("/var/cache/bunkerweb/letsencrypt")
# Extract it
with tfopen(name="folder.tgz", mode="r:gz", fileobj=BytesIO(tgz)) as tf:
tf.extractall("/var/cache/bunkerweb/letsencrypt")
logger.info("Successfully retrieved Let's Encrypt data from db cache")
else:
logger.info("No Let's Encrypt data found in db cache")
if getenv("MULTISITE") == "yes":
servers = getenv("SERVER_NAME", [])
@ -52,7 +78,7 @@ try:
getenv("AUTO_LETS_ENCRYPT", "no"),
)
!= "yes"
or not Path(f"/etc/letsencrypt/live/{first_server}/cert.pem").exists()
or not Path(f"/var/cache/bunkerweb/letsencrypt/etc/live/{first_server}/cert.pem").exists()
):
continue
@ -64,7 +90,7 @@ try:
)
elif getenv("AUTO_LETS_ENCRYPT", "no") == "yes" and not getenv("SERVER_NAME", ""):
first_server = getenv("SERVER_NAME", "").split(" ")[0]
if Path(f"/etc/letsencrypt/live/{first_server}/cert.pem").exists():
if Path(f"/var/cache/bunkerweb/letsencrypt/etc/live/{first_server}/cert.pem").exists():
ret = renew(first_server)
if ret != 0:
status = 2
@ -72,6 +98,24 @@ try:
f"Certificates renewal for {first_server} failed",
)
# Put new folder in cache
if db:
bio = BytesIO()
with tfopen("folder.tgz", mode="w:gz", fileobj=bio) as tgz:
tgz.add("/var/cache/bunkerweb/letsencrypt", arcname=".")
bio.seek(0)
# Put tgz in cache
cached, err = cache_file(
f"certbot-new",
f"folder.tgz",
bio,
db
)
if not cached:
logger.error(f"Error while saving Let's Encrypt data to db cache : {err}")
else:
logger.info("Successfully saved Let's Encrypt data to db cache")
except:
status = 2
logger.error(f"Exception while running certbot-renew.py :\n{format_exc()}")

1
src/common/core/misc/jobs/default-server-cert.py
View File

@ -65,6 +65,7 @@ try:
)
status = 2
else:
status = 1
logger.info(
"Successfully generated self-signed certificate for default server",
)

4
src/common/core/realip/jobs/realip-download.py
View File

@ -107,10 +107,10 @@ try:
f"Exception while getting RealIP list from {url} :\n{format_exc()}"
)
Path("/var/tmp/bunkerweb/realip-combined.list").write_bytes(content)
Path("/var/tmp/bunkerweb/realip/combined.list").write_bytes(content)
# Check if file has changed
new_hash = file_hash("/var/tmp/bunkerweb/realip-combined.list")
new_hash = file_hash("/var/tmp/bunkerweb/realip/combined.list")
old_hash = cache_hash("/var/cache/bunkerweb/realip/combined.list", db)
if new_hash == old_hash:
logger.info("New file is identical to cache file, reload is not needed")

13
src/common/core/selfsigned/jobs/self-signed.py
View File

@ -25,6 +25,7 @@ db = Database(
)
lock = Lock()
status = 0
def generate_cert(first_server, days, subj):
if Path(f"/var/cache/bunkerweb/selfsigned/{first_server}.pem").is_file():
@ -40,6 +41,8 @@ def generate_cert(first_server, days, subj):
if proc.returncode != 0:
logger.error(f"Self-signed certificate generation failed for {first_server}")
return False, 2
return True, 1
# Update db
with lock:
@ -103,10 +106,7 @@ try:
getenv("SELF_SIGNED_SSL_SUBJ", "/CN=www.example.com/"),
),
)
if not ret:
status = ret_status
elif ret_status == 1 and ret_status != 2:
status = 1
status = ret_status
# Singlesite case
elif getenv("GENERATE_SELF_SIGNED_SSL", "no") == "yes" and getenv("SERVER_NAME"):
@ -116,10 +116,7 @@ try:
getenv("SELF_SIGNED_SSL_EXPIRY", "365"),
getenv("SELF_SIGNED_SSL_SUBJ", "/CN=www.example.com/"),
)
if not ret:
status = ret_status
elif ret_status == 1 and ret_status != 2:
status = 1
status = ret_status
except:
status = 2

2
src/common/core/whitelist/jobs/whitelist-download.py
View File

@ -176,6 +176,8 @@ try:
if not cached:
logger.error(f"Error while caching whitelist : {err}")
status = 2
else :
status = 1
except:
status = 2
logger.error(

30
src/common/utils/jobs.py
View File

@ -67,7 +67,25 @@ def get_file_in_db(job: str, file: str, db) -> bytes:
return False
return cached_file.data
def set_file_in_db(job: str, file: str, data, db)
def set_file_in_db(job: str, name: str, bio, db) -> bool:
ret, err = true, "success"
try:
content = bio.read()
bio.seek(0)
with lock:
err = db.update_job_cache(
basename(getsourcefile(_getframe(1))).replace(".py", ""),
None,
name,
content,
checksum=bytes_hash(bio)
)
if err:
ret = False
except:
return False, f"exception :\n{format_exc()}"
return ret, err
def file_hash(file: str) -> str:
_sha512 = sha512()
@ -79,6 +97,16 @@ def file_hash(file: str) -> str:
_sha512.update(data)
return _sha512.hexdigest()
def bytes_hash(bio: bytes) -> str:
_sha512 = sha512()
while True:
data = bio.read(1024)
if not data:
break
_sha512.update(data)
bio.seek(0)
return _sha512.hexdigest()
def cache_hash(cache: str, db=None) -> Optional[str]:
with suppress(BaseException):

1
src/linux/Dockerfile-centos
View File

@ -64,7 +64,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
mkdir -p /etc/letsencrypt && \
#mkdir /var/www/html && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
#It's a find command that will find all files in the bunkerweb directory, excluding the ui/deps directory, and then chmod them to 0740.

3
src/linux/Dockerfile-debian
View File

@ -69,8 +69,7 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/www/ && \
mkdir -p /var/lib/bunkerweb && \
mkdir -p /etc/letsencrypt && \
#mkdir /var/www/html && \
mkdir /var/www/html && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
#It's a find command that will find all files in the bunkerweb directory, excluding the ui/deps directory, and then chmod them to 0740.
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \

1
src/linux/Dockerfile-fedora
View File

@ -63,7 +63,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
mkdir -p /etc/letsencrypt && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \

1
src/linux/Dockerfile-rhel
View File

@ -76,7 +76,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
mkdir -p /etc/letsencrypt && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \

1
src/linux/Dockerfile-ubuntu
View File

@ -66,7 +66,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
mkdir -p /etc/letsencrypt && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \

2
src/linux/fpm-centos
View File

@ -10,4 +10,4 @@
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

2
src/linux/fpm-debian
View File

@ -10,4 +10,4 @@
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveDEB.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

2
src/linux/fpm-fedora
View File

@ -10,4 +10,4 @@
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

2
src/linux/fpm-rhel
View File

@ -10,4 +10,4 @@
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

2
src/linux/fpm-ubuntu
View File

@ -10,4 +10,4 @@
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveDEB.sh
--deb-no-default-config-files
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

20
src/linux/scripts/postinstall.sh
View File

@ -95,22 +95,4 @@ else
echo "/var/www/html directory already exists, skipping copy..."
fi
# Create letsencrypt folders if needed
if [ ! -d /etc/letsencrypt ] ; then
mkdir /etc/letsencrypt
fi
chown nginx:nginx /etc/letsencrypt
chmod 770 /etc/letsencrypt
if [ ! -d /var/lib/letsencrypt ] ; then
mkdir /var/lib/letsencrypt
fi
chown nginx:nginx /var/lib/letsencrypt
chmod 770 /var/lib/letsencrypt
if [ ! -d /var/log/letsencrypt ] ; then
mkdir /var/log/letsencrypt
fi
chown nginx:nginx /var/log/letsencrypt
chmod 770 /var/log/letsencrypt
echo "Postinstall successful !"
echo "Postinstall successful !"

1
src/scheduler/Dockerfile
View File

@ -44,7 +44,6 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \
mkdir -p /etc/bunkerweb && \
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
mkdir -p /data/cache/letsencrypt && ln -s /data/cache/letsencrypt /etc/letsencrypt && \
mkdir -p /data/www && ln -s /data/www /var/www/html && \
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \