move /etc/letsencrypt to /var/cache/bunkerweb/letsencrypt (wip)
This commit is contained in:
parent
75ca603b7d
commit
773874154d
|
@ -37,7 +37,6 @@ RUN apk add --no-cache bash && \
|
|||
mkdir -p /etc/bunkerweb && \
|
||||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
|
||||
mkdir -p /data/cache/letsencrypt && ln -s /data/cache/letsencrypt /etc/letsencrypt && \
|
||||
mkdir -p /data/www && ln -s /data/www /var/www/html && \
|
||||
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
|
||||
|
|
|
@ -50,7 +50,6 @@ RUN apk add --no-cache pcre bash python3 && \
|
|||
mkdir -p /var/www/html && \
|
||||
mkdir -p /etc/bunkerweb && \
|
||||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
mkdir -p /data/cache/letsencrypt && ln -s /data/cache/letsencrypt /etc/letsencrypt && \
|
||||
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
|
||||
chown -R root:nginx /data && \
|
||||
|
|
|
@ -192,6 +192,8 @@ try:
|
|||
if not cached:
|
||||
logger.error(f"Error while caching blacklist : {err}")
|
||||
status = 2
|
||||
else:
|
||||
status = 1
|
||||
except:
|
||||
status = 2
|
||||
logger.error(
|
||||
|
|
|
@ -53,7 +53,7 @@ try:
|
|||
|
||||
# Ask an ID if needed
|
||||
bunkernet_id = None
|
||||
if not not is_cached_file(
|
||||
if not is_cached_file(
|
||||
f"/var/cache/bunkerweb/blacklist/{kind}.list", "hour", db
|
||||
):
|
||||
logger.info("Registering instance on BunkerNet API ...")
|
||||
|
@ -62,7 +62,7 @@ try:
|
|||
logger.error(
|
||||
f"Error while sending register request to BunkerNet API : {data}"
|
||||
)
|
||||
_exit(1)
|
||||
_exit(2)
|
||||
elif status == 429:
|
||||
logger.warning(
|
||||
"BunkerNet API is rate limiting us, trying again later...",
|
||||
|
@ -80,13 +80,13 @@ try:
|
|||
logger.error(
|
||||
f"Received invalid data from BunkerNet API while sending db request : {data}, retrying later...",
|
||||
)
|
||||
_exit(1)
|
||||
_exit(2)
|
||||
|
||||
if status != 200:
|
||||
logger.error(
|
||||
f"Error {status} from BunkerNet API : {data['data']}",
|
||||
)
|
||||
_exit(1)
|
||||
_exit(2)
|
||||
elif data.get("result", "ko") != "ok":
|
||||
logger.error(
|
||||
f"Received error from BunkerNet API while sending register request : {data.get('data', {})}"
|
||||
|
@ -133,7 +133,7 @@ try:
|
|||
logger.error(
|
||||
f"Received invalid data from BunkerNet API while sending db request : {data}, retrying later...",
|
||||
)
|
||||
_exit(1)
|
||||
_exit(2)
|
||||
|
||||
if data.get("result", "ko") != "ok":
|
||||
logger.error(
|
||||
|
|
|
@ -174,6 +174,8 @@ try:
|
|||
if not cached:
|
||||
logger.error(f"Error while caching greylist : {err}")
|
||||
status = 2
|
||||
else:
|
||||
status = 1
|
||||
except:
|
||||
status = 2
|
||||
logger.error(
|
||||
|
|
|
@ -161,6 +161,7 @@ try:
|
|||
f"Couldn't update external plugins to database: {err}",
|
||||
)
|
||||
|
||||
status = 1
|
||||
logger.info("External plugins downloaded and installed")
|
||||
|
||||
except:
|
||||
|
|
|
@ -10,8 +10,8 @@ location ~ ^/.well-known/acme-challenge/ {
|
|||
listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %};
|
||||
|
||||
# TLS config
|
||||
ssl_certificate /etc/letsencrypt/live/{{ SERVER_NAME.split(" ")[0] }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ SERVER_NAME.split(" ")[0] }}/privkey.pem;
|
||||
ssl_certificate /var/cache/bunkerweb/letsencrypt/etc/live/{{ SERVER_NAME.split(" ")[0] }}/fullchain.pem;
|
||||
ssl_certificate_key /var/cache/bunkerweb/letsencrypt/etc/live/{{ SERVER_NAME.split(" ")[0] }}/privkey.pem;
|
||||
ssl_protocols {{ SSL_PROTOCOLS }};
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_tickets off;
|
||||
|
@ -22,4 +22,4 @@ ssl_dhparam /etc/nginx/dhparam;
|
|||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
listen 0.0.0.0:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% endif %}{% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %};
|
||||
|
||||
# TLS config
|
||||
ssl_certificate /etc/letsencrypt/live/{{ SERVER_NAME.split(" ")[0] }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ SERVER_NAME.split(" ")[0] }}/privkey.pem;
|
||||
ssl_certificate /var/cache/bunkerweb/letsencrypt/etc/live/{{ SERVER_NAME.split(" ")[0] }}/fullchain.pem;
|
||||
ssl_certificate_key /var/cache/bunkerweb/letsencrypt/etc/live/{{ SERVER_NAME.split(" ")[0] }}/privkey.pem;
|
||||
ssl_protocols {{ SSL_PROTOCOLS }};
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_tickets off;
|
||||
|
@ -16,4 +16,4 @@ ssl_dhparam /etc/nginx/dhparam;
|
|||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
|
|
@ -30,15 +30,15 @@ db = Database(
|
|||
lock = Lock()
|
||||
status = 0
|
||||
|
||||
def folder_to_tgz() :
|
||||
with taropen("/var/tmp/bunkerweb/")
|
||||
|
||||
def certbot_new(domains, email):
|
||||
environ["PYTHONPATH"] = "/usr/share/bunkerweb/deps/python"
|
||||
proc = run(
|
||||
[
|
||||
"/usr/share/bunkerweb/deps/python/bin/certbot",
|
||||
"certonly",
|
||||
"--config-dir=/var/cache/bunkerweb/letsencrypt/etc",
|
||||
"--work-dir=/var/cache/bunkerweb/letsencrypt/lib",
|
||||
"--logs-dir=/var/cache/bunkerweb/letsencrypt/log",
|
||||
"--manual",
|
||||
"--preferred-challenges=http",
|
||||
"--manual-auth-hook",
|
||||
|
@ -62,7 +62,7 @@ def certbot_new(domains, email):
|
|||
status = 0
|
||||
|
||||
try:
|
||||
# Create directories if they don't exist
|
||||
# Create directory if it doesn't exist
|
||||
Path("/var/cache/bunkerweb/letsencrypt").mkdir(parents=True, exist_ok=True)
|
||||
|
||||
# Extract letsencrypt folder if it exists in db
|
||||
|
@ -132,7 +132,7 @@ try:
|
|||
first_server = getenv("SERVER_NAME", "").split(" ")[0]
|
||||
domains = getenv("SERVER_NAME", "").replace(" ", ",")
|
||||
|
||||
if Path(f"/var/cache/bunkerweb/letsencrypt/{first_server}/cert.pem").exists():
|
||||
if Path(f"/var/cache/bunkerweb/letsencrypt/etc/live/{first_server}/cert.pem").exists():
|
||||
logger.info(f"Certificates already exists for domain(s) {domains}")
|
||||
else:
|
||||
real_email = getenv("EMAIL_LETS_ENCRYPT", f"contact@{first_server}")
|
||||
|
@ -154,16 +154,20 @@ try:
|
|||
# Put new folder in cache
|
||||
if db:
|
||||
bio = BytesIO()
|
||||
with tfopen(mode="w:gz", fileobj=bio) as tgz:
|
||||
with tfopen("folder.tgz", mode="w:gz", fileobj=bio) as tgz:
|
||||
tgz.add("/var/cache/bunkerweb/letsencrypt", arcname=".")
|
||||
bio.seek(0)
|
||||
# Put tgz in cache
|
||||
cached, err = cache_file(
|
||||
f"/var/cache/bunkerweb/letsencrypt/folder.tgz",
|
||||
f"/var/cache/bunkerweb/blacklist/{kind}.list",
|
||||
new_hash,
|
||||
db,
|
||||
f"certbot-new",
|
||||
f"folder.tgz",
|
||||
bio,
|
||||
db
|
||||
)
|
||||
if not cached:
|
||||
logger.error(f"Error while saving Let's Encrypt data to db cache : {err}")
|
||||
else:
|
||||
logger.info("Successfully saved Let's Encrypt data to db cache")
|
||||
|
||||
except:
|
||||
status = 3
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
from os import environ, getenv
|
||||
from os import environ, getenv, listdir
|
||||
from pathlib import Path
|
||||
from subprocess import DEVNULL, STDOUT, run
|
||||
from sys import exit as sys_exit, path as sys_path
|
||||
|
@ -15,6 +15,7 @@ sys_path.extend(
|
|||
|
||||
from logger import setup_logger
|
||||
|
||||
from Database import Database
|
||||
|
||||
def renew(domain):
|
||||
environ["PYTHONPATH"] = "/usr/share/bunkerweb/deps/python"
|
||||
|
@ -22,6 +23,9 @@ def renew(domain):
|
|||
[
|
||||
"/usr/share/bunkerweb/deps/python/bin/certbot",
|
||||
"renew",
|
||||
"--config-dir=/var/cache/bunkerweb/letsencrypt/etc",
|
||||
"--work-dir=/var/cache/bunkerweb/letsencrypt/lib",
|
||||
"--logs-dir=/var/cache/bunkerweb/letsencrypt/log",
|
||||
"--cert-name",
|
||||
domain,
|
||||
"--deploy-hook",
|
||||
|
@ -38,6 +42,28 @@ logger = setup_logger("LETS-ENCRYPT", getenv("LOG_LEVEL", "INFO"))
|
|||
status = 0
|
||||
|
||||
try:
|
||||
|
||||
# Create directory if it doesn't exist
|
||||
Path("/var/cache/bunkerweb/letsencrypt").mkdir(parents=True, exist_ok=True)
|
||||
|
||||
# Extract letsencrypt folder if it exists in db
|
||||
db = Database(
|
||||
logger,
|
||||
sqlalchemy_string=getenv("DATABASE_URI", None),
|
||||
)
|
||||
if db:
|
||||
tgz = get_file("certbot-new", "folder.tgz", db)
|
||||
if tgz:
|
||||
# Delete folder if needed
|
||||
if len(listdir("/var/cache/bunkerweb/letsencrypt")) > 0:
|
||||
rmtree("/var/cache/bunkerweb/letsencrypt")
|
||||
# Extract it
|
||||
with tfopen(name="folder.tgz", mode="r:gz", fileobj=BytesIO(tgz)) as tf:
|
||||
tf.extractall("/var/cache/bunkerweb/letsencrypt")
|
||||
logger.info("Successfully retrieved Let's Encrypt data from db cache")
|
||||
else:
|
||||
logger.info("No Let's Encrypt data found in db cache")
|
||||
|
||||
if getenv("MULTISITE") == "yes":
|
||||
servers = getenv("SERVER_NAME", [])
|
||||
|
||||
|
@ -52,7 +78,7 @@ try:
|
|||
getenv("AUTO_LETS_ENCRYPT", "no"),
|
||||
)
|
||||
!= "yes"
|
||||
or not Path(f"/etc/letsencrypt/live/{first_server}/cert.pem").exists()
|
||||
or not Path(f"/var/cache/bunkerweb/letsencrypt/etc/live/{first_server}/cert.pem").exists()
|
||||
):
|
||||
continue
|
||||
|
||||
|
@ -64,7 +90,7 @@ try:
|
|||
)
|
||||
elif getenv("AUTO_LETS_ENCRYPT", "no") == "yes" and not getenv("SERVER_NAME", ""):
|
||||
first_server = getenv("SERVER_NAME", "").split(" ")[0]
|
||||
if Path(f"/etc/letsencrypt/live/{first_server}/cert.pem").exists():
|
||||
if Path(f"/var/cache/bunkerweb/letsencrypt/etc/live/{first_server}/cert.pem").exists():
|
||||
ret = renew(first_server)
|
||||
if ret != 0:
|
||||
status = 2
|
||||
|
@ -72,6 +98,24 @@ try:
|
|||
f"Certificates renewal for {first_server} failed",
|
||||
)
|
||||
|
||||
# Put new folder in cache
|
||||
if db:
|
||||
bio = BytesIO()
|
||||
with tfopen("folder.tgz", mode="w:gz", fileobj=bio) as tgz:
|
||||
tgz.add("/var/cache/bunkerweb/letsencrypt", arcname=".")
|
||||
bio.seek(0)
|
||||
# Put tgz in cache
|
||||
cached, err = cache_file(
|
||||
f"certbot-new",
|
||||
f"folder.tgz",
|
||||
bio,
|
||||
db
|
||||
)
|
||||
if not cached:
|
||||
logger.error(f"Error while saving Let's Encrypt data to db cache : {err}")
|
||||
else:
|
||||
logger.info("Successfully saved Let's Encrypt data to db cache")
|
||||
|
||||
except:
|
||||
status = 2
|
||||
logger.error(f"Exception while running certbot-renew.py :\n{format_exc()}")
|
||||
|
|
|
@ -65,6 +65,7 @@ try:
|
|||
)
|
||||
status = 2
|
||||
else:
|
||||
status = 1
|
||||
logger.info(
|
||||
"Successfully generated self-signed certificate for default server",
|
||||
)
|
||||
|
|
|
@ -107,10 +107,10 @@ try:
|
|||
f"Exception while getting RealIP list from {url} :\n{format_exc()}"
|
||||
)
|
||||
|
||||
Path("/var/tmp/bunkerweb/realip-combined.list").write_bytes(content)
|
||||
Path("/var/tmp/bunkerweb/realip/combined.list").write_bytes(content)
|
||||
|
||||
# Check if file has changed
|
||||
new_hash = file_hash("/var/tmp/bunkerweb/realip-combined.list")
|
||||
new_hash = file_hash("/var/tmp/bunkerweb/realip/combined.list")
|
||||
old_hash = cache_hash("/var/cache/bunkerweb/realip/combined.list", db)
|
||||
if new_hash == old_hash:
|
||||
logger.info("New file is identical to cache file, reload is not needed")
|
||||
|
|
|
@ -25,6 +25,7 @@ db = Database(
|
|||
)
|
||||
lock = Lock()
|
||||
|
||||
status = 0
|
||||
|
||||
def generate_cert(first_server, days, subj):
|
||||
if Path(f"/var/cache/bunkerweb/selfsigned/{first_server}.pem").is_file():
|
||||
|
@ -40,6 +41,8 @@ def generate_cert(first_server, days, subj):
|
|||
if proc.returncode != 0:
|
||||
logger.error(f"Self-signed certificate generation failed for {first_server}")
|
||||
return False, 2
|
||||
|
||||
return True, 1
|
||||
|
||||
# Update db
|
||||
with lock:
|
||||
|
@ -103,10 +106,7 @@ try:
|
|||
getenv("SELF_SIGNED_SSL_SUBJ", "/CN=www.example.com/"),
|
||||
),
|
||||
)
|
||||
if not ret:
|
||||
status = ret_status
|
||||
elif ret_status == 1 and ret_status != 2:
|
||||
status = 1
|
||||
status = ret_status
|
||||
|
||||
# Singlesite case
|
||||
elif getenv("GENERATE_SELF_SIGNED_SSL", "no") == "yes" and getenv("SERVER_NAME"):
|
||||
|
@ -116,10 +116,7 @@ try:
|
|||
getenv("SELF_SIGNED_SSL_EXPIRY", "365"),
|
||||
getenv("SELF_SIGNED_SSL_SUBJ", "/CN=www.example.com/"),
|
||||
)
|
||||
if not ret:
|
||||
status = ret_status
|
||||
elif ret_status == 1 and ret_status != 2:
|
||||
status = 1
|
||||
status = ret_status
|
||||
|
||||
except:
|
||||
status = 2
|
||||
|
|
|
@ -176,6 +176,8 @@ try:
|
|||
if not cached:
|
||||
logger.error(f"Error while caching whitelist : {err}")
|
||||
status = 2
|
||||
else :
|
||||
status = 1
|
||||
except:
|
||||
status = 2
|
||||
logger.error(
|
||||
|
|
|
@ -67,7 +67,25 @@ def get_file_in_db(job: str, file: str, db) -> bytes:
|
|||
return False
|
||||
return cached_file.data
|
||||
|
||||
def set_file_in_db(job: str, file: str, data, db)
|
||||
def set_file_in_db(job: str, name: str, bio, db) -> bool:
|
||||
ret, err = true, "success"
|
||||
try:
|
||||
content = bio.read()
|
||||
bio.seek(0)
|
||||
with lock:
|
||||
err = db.update_job_cache(
|
||||
basename(getsourcefile(_getframe(1))).replace(".py", ""),
|
||||
None,
|
||||
name,
|
||||
content,
|
||||
checksum=bytes_hash(bio)
|
||||
)
|
||||
|
||||
if err:
|
||||
ret = False
|
||||
except:
|
||||
return False, f"exception :\n{format_exc()}"
|
||||
return ret, err
|
||||
|
||||
def file_hash(file: str) -> str:
|
||||
_sha512 = sha512()
|
||||
|
@ -79,6 +97,16 @@ def file_hash(file: str) -> str:
|
|||
_sha512.update(data)
|
||||
return _sha512.hexdigest()
|
||||
|
||||
def bytes_hash(bio: bytes) -> str:
|
||||
_sha512 = sha512()
|
||||
while True:
|
||||
data = bio.read(1024)
|
||||
if not data:
|
||||
break
|
||||
_sha512.update(data)
|
||||
bio.seek(0)
|
||||
return _sha512.hexdigest()
|
||||
|
||||
|
||||
def cache_hash(cache: str, db=None) -> Optional[str]:
|
||||
with suppress(BaseException):
|
||||
|
|
|
@ -64,7 +64,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
|
|||
mkdir -p /var/tmp/bunkerweb/ && \
|
||||
mkdir -p /var/www/html && \
|
||||
mkdir -p /var/lib/bunkerweb && \
|
||||
mkdir -p /etc/letsencrypt && \
|
||||
#mkdir /var/www/html && \
|
||||
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
|
||||
#It's a find command that will find all files in the bunkerweb directory, excluding the ui/deps directory, and then chmod them to 0740.
|
||||
|
|
|
@ -69,8 +69,7 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
|
|||
mkdir -p /var/tmp/bunkerweb/ && \
|
||||
mkdir -p /var/www/ && \
|
||||
mkdir -p /var/lib/bunkerweb && \
|
||||
mkdir -p /etc/letsencrypt && \
|
||||
#mkdir /var/www/html && \
|
||||
mkdir /var/www/html && \
|
||||
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
|
||||
#It's a find command that will find all files in the bunkerweb directory, excluding the ui/deps directory, and then chmod them to 0740.
|
||||
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
|
|
|
@ -63,7 +63,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
|
|||
mkdir -p /var/tmp/bunkerweb/ && \
|
||||
mkdir -p /var/www/html && \
|
||||
mkdir -p /var/lib/bunkerweb && \
|
||||
mkdir -p /etc/letsencrypt && \
|
||||
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
|
||||
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \
|
||||
|
|
|
@ -76,7 +76,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
|
|||
mkdir -p /var/tmp/bunkerweb/ && \
|
||||
mkdir -p /var/www/html && \
|
||||
mkdir -p /var/lib/bunkerweb && \
|
||||
mkdir -p /etc/letsencrypt && \
|
||||
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
|
||||
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \
|
||||
|
|
|
@ -66,7 +66,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
|
|||
mkdir -p /var/tmp/bunkerweb/ && \
|
||||
mkdir -p /var/www/html && \
|
||||
mkdir -p /var/lib/bunkerweb && \
|
||||
mkdir -p /etc/letsencrypt && \
|
||||
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
|
||||
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \
|
||||
|
|
|
@ -10,4 +10,4 @@
|
|||
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
|
||||
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
|
||||
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
|
||||
|
|
|
@ -10,4 +10,4 @@
|
|||
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
|
||||
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
|
||||
--after-remove /usr/share/bunkerweb/scripts/afterRemoveDEB.sh
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
|
||||
|
|
|
@ -10,4 +10,4 @@
|
|||
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
|
||||
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
|
||||
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
|
||||
|
|
|
@ -10,4 +10,4 @@
|
|||
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
|
||||
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
|
||||
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
|
||||
|
|
|
@ -10,4 +10,4 @@
|
|||
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
|
||||
--after-remove /usr/share/bunkerweb/scripts/afterRemoveDEB.sh
|
||||
--deb-no-default-config-files
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt
|
||||
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
|
||||
|
|
|
@ -95,22 +95,4 @@ else
|
|||
echo "/var/www/html directory already exists, skipping copy..."
|
||||
fi
|
||||
|
||||
# Create letsencrypt folders if needed
|
||||
if [ ! -d /etc/letsencrypt ] ; then
|
||||
mkdir /etc/letsencrypt
|
||||
fi
|
||||
chown nginx:nginx /etc/letsencrypt
|
||||
chmod 770 /etc/letsencrypt
|
||||
if [ ! -d /var/lib/letsencrypt ] ; then
|
||||
mkdir /var/lib/letsencrypt
|
||||
|
||||
fi
|
||||
chown nginx:nginx /var/lib/letsencrypt
|
||||
chmod 770 /var/lib/letsencrypt
|
||||
if [ ! -d /var/log/letsencrypt ] ; then
|
||||
mkdir /var/log/letsencrypt
|
||||
fi
|
||||
chown nginx:nginx /var/log/letsencrypt
|
||||
chmod 770 /var/log/letsencrypt
|
||||
|
||||
echo "Postinstall successful !"
|
||||
echo "Postinstall successful !"
|
||||
|
|
|
@ -44,7 +44,6 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \
|
|||
mkdir -p /etc/bunkerweb && \
|
||||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
|
||||
mkdir -p /data/cache/letsencrypt && ln -s /data/cache/letsencrypt /etc/letsencrypt && \
|
||||
mkdir -p /data/www && ln -s /data/www /var/www/html && \
|
||||
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
|
||||
|
|
Loading…
Reference in New Issue