road to swarm - add openssl to autoconf, fix api_uri in LUA, fix file rights
This commit is contained in:
bunkerity
parent
3591715f21
commit
a2543384cd
|
|
@ -4,7 +4,7 @@ FROM alpine
|
|||
|
||||
COPY --from=builder /etc/nginx/ /opt/confs/nginx
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
FROM amd64/alpine
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ FROM arm32v7/alpine
|
|||
|
||||
COPY --from=builder qemu-arm-static /usr/bin
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ FROM arm64v8/alpine
|
|||
|
||||
COPY --from=builder qemu-aarch64-static /usr/bin
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
FROM i386/alpine
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
echo "[*] Starting autoconf ..."
|
||||
|
||||
cp /opt/confs/nginx/* /etc/nginx
|
||||
cp -r /opt/confs/nginx/* /etc/nginx
|
||||
|
||||
# trap SIGTERM and SIGINT
|
||||
function trap_exit() {
|
||||
|
|
@ -22,6 +22,9 @@ echo "" > /etc/crontabs/root
|
|||
touch /var/log/jobs.log
|
||||
echo "0 0 * * * /usr/sbin/logrotate -f /etc/logrotate.conf > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
|
||||
# start cron
|
||||
crond
|
||||
|
||||
# run autoconf app
|
||||
/opt/entrypoint/app.py &
|
||||
|
||||
|
|
|
|||
|
|
@ -1,12 +1,11 @@
|
|||
rewrite_by_lua_block {
|
||||
|
||||
local api = require "api"
|
||||
local api_uri = "%API_URI%"
|
||||
|
||||
ngx.var.api_uri = "%API_URI%
|
||||
|
||||
if api.is_api_call() then
|
||||
if api.is_api_call(api_uri) then
|
||||
ngx.header.content_type = 'text/plain'
|
||||
if api.do_api_call() then
|
||||
if api.do_api_call(api_uri) then
|
||||
ngx.log(ngx.WARN, "[API] API call " .. ngx.var.request_uri .. " successfull from " .. ngx.var.remote_addr)
|
||||
ngx.say("ok")
|
||||
else
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ if [ "$MULTISITE" = "yes" ] ; then
|
|||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%SSL_CIPHERS%" ""
|
||||
fi
|
||||
openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/default-key.pem -out /etc/nginx/default-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
|
||||
chmod +r /etc/nginx/default-key.pem
|
||||
if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%LETS_ENCRYPT_WEBROOT%" "include /etc/nginx/multisite-default-server-lets-encrypt-webroot.conf;"
|
||||
else
|
||||
|
|
@ -98,6 +99,7 @@ fi
|
|||
if [ "$GENERATE_SELF_SIGNED_SSL" = "yes" ] ; then
|
||||
mkdir /etc/nginx/self-signed-ssl/
|
||||
openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/self-signed-ssl/key.pem -out /etc/nginx/self-signed-ssl/cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
|
||||
chmod +r /etc/nginx/self-signed-ssl/key.pem
|
||||
fi
|
||||
|
||||
# country ban/whitelist
|
||||
|
|
|
|||
|
|
@ -1,12 +1,11 @@
|
|||
local M = {}
|
||||
local api_uri = ngx.var.api_uri
|
||||
local api_list = {}
|
||||
|
||||
api_list["^/reload$"] = function ()
|
||||
return os.execute("/usr/sbin/nginx -s reload") == 0
|
||||
end
|
||||
|
||||
function M.is_api_call ()
|
||||
function M.is_api_call (api_uri)
|
||||
if ngx.var.request_uri:sub(1, #api_uri) .. "/" == api_uri .. "/" then
|
||||
for uri, code in pairs(api_list) do
|
||||
if string.match(ngx.var.request_uri:sub(#api_uri + 1), uri) then
|
||||
|
|
@ -17,7 +16,7 @@ function M.is_api_call ()
|
|||
return false
|
||||
end
|
||||
|
||||
function M.do_api_call ()
|
||||
function M.do_api_call (api_uri)
|
||||
for uri, code in pairs(api_list) do
|
||||
if string.match(ngx.var.request_uri:sub(#api_uri + 1), uri) then
|
||||
return code()
|
||||
|
|
|
|||
Loading…
Reference in New Issue