fixed some fedora bugs, support LOCAL_PHP and LOCAL_PHP_PATH and sample variables.env
This commit is contained in:
parent
49ada6a8c5
commit
8e3dbf1c70
|
@ -6,7 +6,7 @@ load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
|
|||
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so;
|
||||
#load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
|
||||
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
|
||||
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{% if REMOTE_PHP != "" +%}
|
||||
fastcgi_param SCRIPT_FILENAME {{ REMOTE_PHP_PATH }}/$fastcgi_script_name;
|
||||
{% elif LOCAL_PHP != "" +%}
|
||||
fastcgi_param SCRIPT_FILENAME {{ LOCAL_PHP_PATH }}/$fastcgi_script_name;
|
||||
{% else +%}
|
||||
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
|
||||
{% endif %}
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
location ~ \.php$ {
|
||||
fastcgi_pass {{ REMOTE_PHP }}:9000;
|
||||
fastcgi_index index.php;
|
||||
{% if REMOTE_PHP != "" +%}
|
||||
fastcgi_pass {{ REMOTE_PHP }}:9000;
|
||||
{% elif LOCAL_PHP != "" +%}
|
||||
fastcgi_pass unix:{{ LOCAL_PHP }};
|
||||
{% endif %}
|
||||
fastcgi_index index.php;
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@ include /opt/bunkerized-nginx/pre-server-confs/{{ FIRST_SERVER }}/*.conf;
|
|||
server {
|
||||
|
||||
# FastCGI variables
|
||||
{% if REMOTE_PHP != "" +%}
|
||||
{% if REMOTE_PHP != "" or LOCAL_PHP != "" +%}
|
||||
include {{ NGINX_PREFIX }}fastcgi.conf;
|
||||
{% endif %}
|
||||
|
||||
|
@ -181,7 +181,7 @@ server {
|
|||
{% endif %}
|
||||
|
||||
# remote PHP
|
||||
{% if REMOTE_PHP != "" +%}
|
||||
{% if REMOTE_PHP != "" or LOCAL_PHP != "" +%}
|
||||
include {{ NGINX_PREFIX }}php.conf;
|
||||
{% endif %}
|
||||
|
||||
|
|
|
@ -373,7 +373,7 @@ elif [ "$OS" = "centos" ] ; then
|
|||
CENTOS_DEPS="git autoconf pkg-config pcre-devel automake libtool gcc-c++ make lua-devel gd-devel lua openssl-devel wget brotli-devel gnupg"
|
||||
do_and_check_cmd yum install -y $CENTOS_DEPS
|
||||
elif [ "$OS" = "fedora" ] ; then
|
||||
FEDORA_DEPS="git autoconf pkg-config pcre-devel automake libtool gcc-c++ make lua-devel gd-devel lua openssl-devel wget brotli-devel gnupg libxslt-devel"
|
||||
FEDORA_DEPS="git autoconf pkg-config pcre-devel automake libtool gcc-c++ make lua-devel gd-devel lua openssl-devel wget brotli-devel gnupg libxslt-devel perl-ExtUtils-Embed gperftools-devel"
|
||||
do_and_check_cmd dnf install -y $FEDORA_DEPS
|
||||
elif [ "$OS" = "alpine" ] ; then
|
||||
ALPINE_DEPS="git build autoconf libtool automake git geoip-dev yajl-dev g++ gcc curl-dev libxml2-dev pcre-dev make linux-headers musl-dev lua-dev gd-dev gnupg brotli-dev openssl-dev"
|
||||
|
@ -574,6 +574,7 @@ echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecuri
|
|||
do_and_check_cmd chmod +x "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/opt/bunkerized-nginx/deps/lib -Wl,-rpath,/opt/bunkerized-nginx/deps/lib" LUAJIT_INC="/opt/bunkerized-nginx/deps/include/luajit-2.1" MODSECURITY_LIB="/opt/bunkerized-nginx/deps/lib" MODSECURITY_INC="/opt/bunkerized-nginx/deps/include" do_and_check_cmd ./configure-fix.sh
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
|
||||
# TODO : move modules to /opt/bunkerized-nginx/modules
|
||||
if [ ! -d "/usr/lib/nginx/modules" ] ; then
|
||||
do_and_check_cmd mkdir -p /usr/lib/nginx/modules
|
||||
fi
|
||||
|
@ -603,8 +604,10 @@ elif [ "$OS" = "centos" ] ; then
|
|||
CENTOS_DEPS="git crontabs curl python3 python3-pip procps"
|
||||
do_and_check_cmd yum install -y $CENTOS_DEPS
|
||||
elif [ "$OS" = "fedora" ] ; then
|
||||
FEDORA_DEPS="git crontabs curl python3 python3-pip procps"
|
||||
FEDORA_DEPS="git crontabs curl python3 python3-pip procps nginx-mod-stream"
|
||||
do_and_check_cmd dnf install -y $FEDORA_DEPS
|
||||
# Temp fix
|
||||
do_and_check_cmd cp /usr/lib64/nginx/modules/ngx_stream_module.so /usr/lib/nginx/modules/ngx_stream_module.so
|
||||
elif [ "$OS" = "alpine" ] ; then
|
||||
ALPINE_DEPS="certbot bash libmaxminddb libgcc lua yajl libstdc++ openssl py3-pip git"
|
||||
do_and_check_cmd apk add --no-cache $ALPINE_DEPS
|
||||
|
@ -658,6 +661,10 @@ do_and_check_cmd cp -r /tmp/bunkerized-nginx/defaults /opt/bunkerized-nginx
|
|||
echo "[*] Copy settings"
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/settings.json /opt/bunkerized-nginx
|
||||
|
||||
# Copy sample variables.env
|
||||
echo "[*] Copy sample variables.env"
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/misc/variables.env /opt/bunkerized-nginx
|
||||
|
||||
# Copy UI
|
||||
if [ "$OS" != "alpine" ] ; then
|
||||
echo "[*] Copy UI"
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
import json
|
||||
|
||||
with open("settings.json") as f :
|
||||
data = json.loads(f.read())
|
||||
|
||||
output = ""
|
||||
for cat in data :
|
||||
output += "# " + cat + "\n"
|
||||
for param in data[cat]["params"] :
|
||||
if param["type"] == "multiple" :
|
||||
params = param["params"]
|
||||
else :
|
||||
params = [param]
|
||||
for true_param in params :
|
||||
output += "#" + true_param["env"] + "=" + true_param["default"] + "\n"
|
||||
output += "\n"
|
||||
print(output)
|
|
@ -0,0 +1,185 @@
|
|||
# List of environment variables for bunkerized-nginx.
|
||||
# Manual : https://bunkerized-nginx.readthedocs.io/en/latest/
|
||||
|
||||
# Antibot
|
||||
#USE_ANTIBOT=no
|
||||
#ANTIBOT_URI=/challenge
|
||||
#ANTIBOT_SESSION_SECRET=random
|
||||
#ANTIBOT_RECAPTCHA_SITEKEY=
|
||||
#ANTIBOT_RECAPTCHA_SECRET=
|
||||
#ANTIBOT_RECAPTCHA_SCORE=0.7
|
||||
|
||||
# Authelia
|
||||
#USE_AUTHELIA=no
|
||||
#AUTHELIA_BACKEND=
|
||||
#AUTHELIA_UPSTREAM=
|
||||
#AUTHELIA_MODE=portal
|
||||
|
||||
# Basic auth
|
||||
#USE_AUTH_BASIC=no
|
||||
#AUTH_BASIC_LOCATION=sitewide
|
||||
#AUTH_BASIC_USER=changeme
|
||||
#AUTH_BASIC_PASSWORD=changeme
|
||||
#AUTH_BASIC_TEXT=Restricted area
|
||||
|
||||
# Blacklist
|
||||
#USE_BLACKLIST_IP=yes
|
||||
#BLACKLIST_IP_LIST=
|
||||
#USE_BLACKLIST_REVERSE=yes
|
||||
#BLACKLIST_REVERSE_LIST=.shodan.io
|
||||
#BLACKLIST_COUNTRY=
|
||||
|
||||
# Block
|
||||
#BLOCK_USER_AGENT=yes
|
||||
#BLOCK_TOR_EXIT_NODE=yes
|
||||
#BLOCK_PROXIES=yes
|
||||
#BLOCK_ABUSERS=yes
|
||||
#BLOCK_REFERRER=yes
|
||||
|
||||
# Cache
|
||||
#USE_CLIENT_CACHE=no
|
||||
#CLIENT_CACHE_EXTENSIONS=jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2
|
||||
#CLIENT_CACHE_CONTROL=public, max-age=15552000
|
||||
#CLIENT_CACHE_ETAG=on
|
||||
#USE_OPEN_FILE_CACHE=no
|
||||
#OPEN_FILE_CACHE=max=1000 inactive=20s
|
||||
#OPEN_FILE_CACHE_ERRORS=on
|
||||
#OPEN_FILE_CACHE_MIN_USES=2
|
||||
#OPEN_FILE_CACHE_VALID=30s
|
||||
#USE_PROXY_CACHE=no
|
||||
#PROXY_CACHE_PATH_ZONE_SIZE=10m
|
||||
#PROXY_CACHE_PATH_PARAMS=max_size=100m
|
||||
#PROXY_CACHE_METHODS=GET HEAD
|
||||
#PROXY_CACHE_MIN_USES=2
|
||||
#PROXY_CACHE_KEY=\$scheme\$host\$request_uri
|
||||
#PROXY_CACHE_VALID=200=10m 301=10m 302=1h
|
||||
#PROXY_NO_CACHE=\$http_authorization
|
||||
#PROXY_CACHE_BYPASS=\$http_authorization
|
||||
|
||||
# Compression
|
||||
#USE_GZIP=no
|
||||
#GZIP_COMP_LEVEL=5
|
||||
#GZIP_MIN_LENGTH=1000
|
||||
#GZIP_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml
|
||||
#USE_BROTLI=no
|
||||
#BROTLI_COMP_LEVEL=6
|
||||
#BROTLI_MIN_LENGTH=1000
|
||||
#BROTLI_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml
|
||||
|
||||
# CrowdSec
|
||||
#USE_CROWDSEC=no
|
||||
#CROWDSEC_HOST=
|
||||
#CROWDSEC_KEY=
|
||||
|
||||
# DNSBL
|
||||
#USE_DNSBL=yes
|
||||
#DNSBL_LIST=bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org
|
||||
|
||||
# HTTPS
|
||||
#AUTO_LETS_ENCRYPT=no
|
||||
#EMAIL_LETS_ENCRYPT=
|
||||
#REDIRECT_HTTP_TO_HTTPS=no
|
||||
#HTTP2=yes
|
||||
#HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
|
||||
#LISTEN_HTTP=yes
|
||||
#USE_CUSTOM_HTTPS=no
|
||||
#CUSTOM_HTTPS_CERT=
|
||||
#CUSTOM_HTTPS_KEY=
|
||||
#GENERATE_SELF_SIGNED_SSL=no
|
||||
#SELF_SIGNED_SSL_EXPIRY=365
|
||||
#SELF_SIGNED_SSL_COUNTRY=CH
|
||||
#SELF_SIGNED_SSL_STATE=Switzerland
|
||||
#SELF_SIGNED_SSL_CITY=Bern
|
||||
#SELF_SIGNED_SSL_OU=IT
|
||||
#SELF_SIGNED_SSL_ORG=Acme Inc
|
||||
#SELF_SIGNED_SSL_CN=bunkerized
|
||||
|
||||
# Headers
|
||||
#X_FRAME_OPTIONS=DENY
|
||||
#X_XSS_PROTECTION=1; mode=block
|
||||
#X_CONTENT_TYPE_OPTIONS=nosniff
|
||||
#REFERRER_POLICY=no-referrer
|
||||
#FEATURE_POLICY=accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vibrate 'none'; vr 'none'
|
||||
#PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), sync-xhr=(), usb=(), vibrate=(), vr=()
|
||||
#COOKIE_FLAGS=* HttpOnly SameSite=Lax
|
||||
#COOKIE_AUTO_SECURE_FLAG=yes
|
||||
#STRICT_TRANSPORT_SECURITY=max-age=31536000
|
||||
#CONTENT_SECURITY_POLICY=object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self';
|
||||
|
||||
# Info leak
|
||||
#REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version
|
||||
#DISABLE_DEFAULT_SERVER=no
|
||||
#ERRORS=
|
||||
|
||||
# Limit conn
|
||||
#USE_LIMIT_CONN=yes
|
||||
#LIMIT_CONN_MAX=50
|
||||
#LIMIT_CONN_CACHE=10m
|
||||
|
||||
# Limit req
|
||||
#USE_LIMIT_REQ=yes
|
||||
#LIMIT_REQ_RATE=1r/s
|
||||
#LIMIT_REQ_BURST=2
|
||||
#LIMIT_REQ_CACHE=10m
|
||||
|
||||
# Misc
|
||||
#SERVER_NAME=www.bunkerity.com
|
||||
#MAX_CLIENT_SIZE=10m
|
||||
#ALLOWED_METHODS=GET|POST|HEAD
|
||||
#SERVE_FILES=yes
|
||||
#INJECT_BODY=
|
||||
|
||||
# ModSecurity
|
||||
#USE_MODSECURITY=yes
|
||||
#USE_MODSECURITY_CRS=yes
|
||||
#MODSECURITY_SEC_AUDIT_ENGINE=RelevantOnly
|
||||
|
||||
# PHP
|
||||
#REMOTE_PHP=
|
||||
#REMOTE_PHP_PATH=/app
|
||||
|
||||
# Reverse proxy
|
||||
#USE_REVERSE_PROXY=no
|
||||
#REVERSE_PROXY_URL=
|
||||
#REVERSE_PROXY_HOST=
|
||||
#REVERSE_PROXY_WS=no
|
||||
#REVERSE_PROXY_HEADERS=
|
||||
#PROXY_REAL_IP=no
|
||||
#PROXY_REAL_IP_FROM=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
|
||||
#PROXY_REAL_IP_HEADER=X-Forwarded-For
|
||||
#PROXY_REAL_IP_RECURSIVE=on
|
||||
|
||||
# Bad behavior
|
||||
#USE_BAD_BEHAVIOR=yes
|
||||
#BAD_BEHAVIOR_BAN_TIME=86400
|
||||
#BAD_BEHAVIOR_COUNT_TIME=60
|
||||
#BAD_BEHAVIOR_STATUS_CODES=400 401 403 404 405 429 444
|
||||
#BAD_BEHAVIOR_THRESHOLD=10
|
||||
|
||||
# API
|
||||
#USE_API=no
|
||||
#API_WHITELIST_IP=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
|
||||
#API_URI=random
|
||||
#SWARM_MODE=no
|
||||
|
||||
# nginx
|
||||
#MULTISITE=no
|
||||
#DNS_RESOLVERS=127.0.0.11
|
||||
#LOG_FORMAT=$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
|
||||
#LOG_LEVEL=info
|
||||
#ROOT_FOLDER=/opt/bunkerized-nginx/www
|
||||
#ROOT_SITE_SUBFOLDER=
|
||||
#SERVER_TOKENS=off
|
||||
#HTTP_PORT=8080
|
||||
#HTTPS_PORT=8443
|
||||
#WORKER_RLIMIT_NOFILE=2048
|
||||
#WORKER_CONNECTIONS=1024
|
||||
|
||||
# Whitelist
|
||||
#USE_WHITELIST_IP=yes
|
||||
#WHITELIST_IP_LIST=23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8
|
||||
#USE_WHITELIST_REVERSE=yes
|
||||
#WHITELIST_REVERSE_LIST=.googlebot.com .google.com .search.msn.com .crawl.yahoot.net .crawl.baidu.jp .crawl.baidu.com .yandex.com .yandex.ru .yandex.net
|
||||
#WHITELIST_COUNTRY=
|
||||
#WHITELIST_USER_AGENT=
|
||||
#WHITELIST_URI=
|
|
@ -911,7 +911,7 @@
|
|||
"params": [
|
||||
{
|
||||
"context": "multisite",
|
||||
"default": "www.bunkerity.com",
|
||||
"default": "www.example.com",
|
||||
"env": "SERVER_NAME",
|
||||
"id": "server-name",
|
||||
"label": "Server name",
|
||||
|
|
Loading…
Reference in New Issue