jobs - fix jobs in Swarm mode

autoconf/app.py

@@ -39,8 +39,7 @@ except docker.errors.APIError as e :
 	sys.exit(3)
 
 # Process them before events
-with lock :
-	autoconf.pre_process(before)
+autoconf.pre_process(before)
 
 # Process events received from Docker
 try :
@@ -65,8 +64,7 @@ try :
 				continue
 
 		# Process the event
-		with lock :
-			autoconf.process(server, event["Action"])
+		autoconf.process(server, event["Action"])
 
 except docker.errors.APIError as e :
 	utils.log("[!] Docker API error " + str(e))

entrypoint/jobs.sh

@@ -3,6 +3,71 @@
 # load some functions
 . /opt/entrypoint/utils.sh
 
+# self signed certs for sites
+files=$(has_value GENERATE_SELF_SIGNED_SSL yes)
+if [ "$files" != " " ] ; then
+	for file in $files ; do
+		site=$(echo $file | cut -f 4 -d '/')
+		dest="/etc/nginx/"
+		if [ "$site" != "site.env" ] ; then
+			dest="${dest}/${site}/"
+		fi
+		SELF_SIGNED_SSL_EXPIRY="$(sed -nE 's/^SELF_SIGNED_SSL_EXPIRY=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_COUNTRY="$(sed -nE 's/^SELF_SIGNED_SSL_COUNTRY=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_STATE="$(sed -nE 's/^SELF_SIGNED_SSL_STATE=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_CITY="$(sed -nE 's/^SELF_SIGNED_SSL_CITY=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_ORG="$(sed -nE 's/^SELF_SIGNED_SSL_ORG=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_OU="$(sed -nE 's/^SELF_SIGNED_SSL_OU=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_CN="$(sed -nE 's/^SELF_SIGNED_SSL_CN=(.*)$/\1/p' $file)"
+		openssl_output=$(openssl req -nodes -x509 -newkey rsa:4096 -keyout ${dest}self-key.pem -out ${dest}self-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN" 2>&1)
+		if [ $? -eq 0 ] ; then
+			echo "[*] Generated self-signed certificate ${dest}self-cert.pem with key ${dest}self-key.pem"
+		else
+			echo "[!] Error while generating self-signed certificate : $openssl_output"
+		fi
+	done
+fi
+
+# self signed cert for default server
+if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$(has_value GENERATE_SELF_SIGNED_SSL yes)" != "" ] || [ "$(has_value USE_CUSTOM_HTTPS yes)" != "" ] ; then
+	SELF_SIGNED_SSL_EXPIRY="999"
+	SELF_SIGNED_SSL_COUNTRY="US"
+	SELF_SIGNED_SSL_STATE="Utah"
+	SELF_SIGNED_SSL_CITY="Lehi"
+	SELF_SIGNED_SSL_ORG="Your Company, Inc."
+	SELF_SIGNED_SSL_OU="IT"
+	SELF_SIGNED_SSL_CN="www.yourdomain.com"
+	openssl_output=$(openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/default-key.pem -out /etc/nginx/default-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN" 2>&1)
+	if [ $? -eq 0 ] ; then
+		echo "[*] Generated self-signed certificate for default server"
+	else
+		echo "[!] Error while generating self-signed certificate for default server : $openssl_output"
+	fi
+fi
+
+# certbot
+files=$(has_value AUTO_LETS_ENCRYPT yes)
+if [ "$files" != " " ] ; then
+	for file in $files ; do
+		if [ "$(echo "$file" | grep 'site.env$')" = "" ] ; then
+			continue
+		fi
+		SERVER_NAME="$(sed -nE 's/^SERVER_NAME=(.*)$/\1/p' $file)"
+		FIRST_SERVER="$(echo $SERVER_NAME | cut -d ' ' -f 1)"
+		EMAIL_LETS_ENCRYPT="$(sed -nE 's/^EMAIL_LETS_ENCRYPT=(.*)$/\1/p' $file)"
+		if [ "$EMAIL_LETS_ENCRYPT" = "" ] ; then
+			EMAIL_LETS_ENCRYPT="contact@${FIRST_SERVER}"
+		fi
+		certbot_outpout=$(/opt/scripts/certbot-new.sh "$(echo -n $SERVER_NAME | sed 's/ /,/g')" "$EMAIL_LETS_ENCRYPT" 2>&1)
+		if [ $? -eq 0 ] ; then
+			echo "[*] Certbot new successfully executed"
+		else
+			echo "[*] Error while executing certbot new : $certbot_output"
+		fi
+	done
+fi
+
+
 # GeoIP
 if [ "$(has_value BLACKLIST_COUNTRY .+)" != "" ] || [ "$(has_value WHITELIST_COUNTRY .+)" != "" ] ; then
 	if [ -f "/cache/geoip.mmdb" ] ; then
@@ -68,52 +133,3 @@ if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
 		/opt/scripts/abusers.sh > /dev/null 2>&1 &
 	fi
 fi
-
-# self signed certs for sites
-files=$(has_value GENERATE_SELF_SIGNED_SSL yes)
-if [ "$files" != " " ] ; then
-	for file in $files ; do
-		site=$(echo $file | cut -f 4 -d '/')
-		dest="/etc/nginx/"
-		if [ "$site" != "site.env" ] ; then
-			dest="${dest}/${site}/"
-		fi
-		SELF_SIGNED_SSL_EXPIRY="$(sed -nE 's/^SELF_SIGNED_SSL_EXPIRY=(.*)$/\1/p' $file)"
-		SELF_SIGNED_SSL_COUNTRY="$(sed -nE 's/^SELF_SIGNED_SSL_COUNTRY=(.*)$/\1/p' $file)"
-		SELF_SIGNED_SSL_STATE="$(sed -nE 's/^SELF_SIGNED_SSL_STATE=(.*)$/\1/p' $file)"
-		SELF_SIGNED_SSL_CITY="$(sed -nE 's/^SELF_SIGNED_SSL_CITY=(.*)$/\1/p' $file)"
-		SELF_SIGNED_SSL_ORG="$(sed -nE 's/^SELF_SIGNED_SSL_ORG=(.*)$/\1/p' $file)"
-		SELF_SIGNED_SSL_OU="$(sed -nE 's/^SELF_SIGNED_SSL_OU=(.*)$/\1/p' $file)"
-		SELF_SIGNED_SSL_CN="$(sed -nE 's/^SELF_SIGNED_SSL_CN=(.*)$/\1/p' $file)"
-		openssl req -nodes -x509 -newkey rsa:4096 -keyout ${dest}self-key.pem -out ${dest}self-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
-	done
-fi
-
-# self signed cert for default server
-if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$(has_value GENERATE_SELF_SIGNED_SSL yes)" != "" ] || [ "$(has_value USE_CUSTOM_HTTPS yes)" != "" ] ; then
-	SELF_SIGNED_SSL_EXPIRY="999"
-	SELF_SIGNED_SSL_COUNTRY="US"
-	SELF_SIGNED_SSL_STATE="Utah"
-	SELF_SIGNED_SSL_CITY="Lehi"
-	SELF_SIGNED_SSL_ORG="Your Company, Inc."
-	SELF_SIGNED_SSL_OU="IT"
-	SELF_SIGNED_SSL_CN="www.yourdomain.com"
-	openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/default-key.pem -out /etc/nginx/default-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
-fi
-
-# certbot
-files=$(has_value AUTO_LETS_ENCRYPT yes)
-if [ "$files" != " " ] ; then
-	for file in $files ; do
-		if [ "$(echo "$file" | grep 'site.env$')" = "" ] ; then
-			continue
-		fi
-		SERVER_NAME="$(sed -nE 's/^SERVER_NAME=(.*)$/\1/p' $file)"
-		FIRST_SERVER="$(echo $SERVER_NAME | cut -d ' ' -f 1)"
-		EMAIL_LETS_ENCRYPT="$(sed -nE 's/^EMAIL_LETS_ENCRYPT=(.*)$/\1/p' $file)"
-		if [ "$EMAIL_LETS_ENCRYPT" = "" ] ; then
-			EMAIL_LETS_ENCRYPT="contact@${FIRST_SERVER}"
-		fi
-		/opt/scripts/certbot-new.sh "$(echo -n $SERVER_NAME | sed 's/ /,/g')" "$EMAIL_LETS_ENCRYPT"
-	done
-fi

scripts/abusers.sh

@@ -22,7 +22,7 @@ curl -s "https://iplists.firehol.org/files/firehol_abusers_30d.netset" | \
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
-elif [ -S /tmp/autoconf.sock ] ; then
+elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 

scripts/exit-nodes.sh

@@ -22,7 +22,7 @@ curl -s "https://iplists.firehol.org/files/tor_exits.ipset" | \
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
-elif [ -S /tmp/autoconf.sock ] ; then
+elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 

scripts/geoip.sh

@@ -15,7 +15,7 @@ fi
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
-elif [ -S /tmp/autoconf.sock ] ; then
+elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 

scripts/proxies.sh

@@ -22,7 +22,7 @@ curl -s "https://iplists.firehol.org/files/firehol_proxies.netset" | \
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
-elif [ -S /tmp/autoconf.sock ] ; then
+elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 

scripts/referrers.sh

@@ -27,7 +27,7 @@ fi
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
-elif [ -S /tmp/autoconf.sock ] ; then
+elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 

scripts/user-agents.sh

@@ -27,7 +27,7 @@ fi
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
-elif [ -S /tmp/autoconf.sock ] ; then
+elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi