Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev
This commit is contained in:
commit
93c766e564
|
@ -69,7 +69,7 @@ RUN apk add --no-cache pcre bash python3 && \
|
|||
ln -s /proc/1/fd/1 /var/log/nginx/access.log
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add "libcrypto3>=3.0.8-r4" "libssl3>=3.0.8-r4"
|
||||
RUN apk add "libcrypto3>=3.0.8-r4" "libssl3>=3.0.8-r4" "curl>=8.1.0-r0" "libcurl>=8.1.0-r0"
|
||||
|
||||
VOLUME /data /etc/nginx
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@ services:
|
|||
LOG_LEVEL: "info"
|
||||
GENERATE_SELF_SIGNED_SSL: "no"
|
||||
ALLOWED_METHODS: "GET|POST|HEAD|OPTIONS"
|
||||
CUSTOM_CONF_SEVER_HTTP_main: "location /options { default_type 'text/plain'; content_by_lua_block { if ngx.var.request_method == \"OPTIONS\" then ngx.say(\"Hello, world!\") end } }"
|
||||
|
||||
# ? CORS settings
|
||||
USE_CORS: "no"
|
||||
|
|
|
@ -113,19 +113,20 @@ try:
|
|||
sleep(1)
|
||||
|
||||
print(
|
||||
f"ℹ️ Sending a preflight request to http{'s' if ssl else ''}://www.example.com ...",
|
||||
f"ℹ️ Sending a preflight request to http{'s' if ssl else ''}://www.example.com/options ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
response = options(
|
||||
f"http{'s' if ssl else ''}://www.example.com",
|
||||
f"http{'s' if ssl else ''}://www.example.com/options",
|
||||
headers={
|
||||
"Host": "www.example.com",
|
||||
"Origin": f"http{'s' if ssl else ''}://bwadm.example.com",
|
||||
},
|
||||
verify=False,
|
||||
)
|
||||
response.raise_for_status()
|
||||
if response.status_code != 404:
|
||||
response.raise_for_status()
|
||||
|
||||
if use_cors:
|
||||
if (
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
from os import getenv
|
||||
from subprocess import run
|
||||
from requests import ConnectionError, head, options, post
|
||||
from requests import ConnectionError, get, head, post
|
||||
from socket import create_connection
|
||||
from ssl import CERT_NONE, create_default_context
|
||||
from time import sleep
|
||||
|
@ -141,19 +141,20 @@ try:
|
|||
allowed_methods = getenv("ALLOWED_METHODS", "GET|POST|HEAD")
|
||||
|
||||
print(
|
||||
f"ℹ️ Sending a OPTIONS request to http{'s' if ssl_generated else ''}://www.example.com to test ALLOWED_METHODS",
|
||||
f"ℹ️ Sending a GET request to http{'s' if ssl_generated else ''}://www.example.com to test ALLOWED_METHODS",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
response = options(
|
||||
response = get(
|
||||
f"http{'s' if ssl_generated else ''}://www.example.com",
|
||||
headers={"Host": "www.example.com"},
|
||||
verify=False,
|
||||
)
|
||||
|
||||
if response.status_code == 405:
|
||||
if "OPTIONS" in allowed_methods:
|
||||
if "GET" in allowed_methods:
|
||||
print(
|
||||
"❌ Request got rejected, even if OPTIONS is in allowed methods, exiting ...",
|
||||
"❌ Request got rejected, even if GET is in allowed methods, exiting ...",
|
||||
flush=True,
|
||||
)
|
||||
exit(1)
|
||||
|
@ -163,9 +164,9 @@ try:
|
|||
if response.status_code != 404:
|
||||
response.raise_for_status()
|
||||
|
||||
if "OPTIONS" not in allowed_methods:
|
||||
if "GET" not in allowed_methods:
|
||||
print(
|
||||
"❌ Request didn't get rejected, even if OPTIONS is not in allowed methods, exiting ...",
|
||||
"❌ Request didn't get rejected, even if GET is not in allowed methods, exiting ...",
|
||||
flush=True,
|
||||
)
|
||||
exit(1)
|
||||
|
|
|
@ -59,7 +59,7 @@ do
|
|||
echo "🗃️ Running tests when misc settings have tweaked values ..."
|
||||
echo "ℹ️ Keeping the ssl generated in self signed ..."
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "no"@DISABLE_DEFAULT_SERVER: "yes"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "GET|POST|HEAD|OPTIONS"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "POST|HEAD"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "5m"@MAX_CLIENT_SIZE: "10m"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "yes"@SERVE_FILES: "no"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "yes"@HTTP2: "no"@' {} \;
|
||||
|
|
Loading…
Reference in New Issue