librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev

This commit is contained in:
bunkerity 2023-04-25 16:05:17 +02:00
parent bd577cfb2e a829528c3f
commit bc1dbe18a8
6 changed files with 72 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/autoconf/Dockerfile
View File

@ -43,12 +43,11 @@ RUN apk add --no-cache bash && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
chown -R root:nginx /data && \
chmod -R 770 /data && \
chown -R root:nginx /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \
chown -R root:nginx /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /usr/bin/bwcli && \
find /usr/share/bunkerweb -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -type d -exec chmod 0750 {} \; && \
chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \
chmod 750 /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/bin/bwcli /usr/share/bunkerweb/autoconf/main.py /usr/share/bunkerweb/deps/python/bin/* && \
chown root:nginx /usr/bin/bwcli && \
mkdir /var/log/letsencrypt /var/lib/letsencrypt && \
chown root:nginx /var/log/letsencrypt /var/lib/letsencrypt && \
chmod 770 /var/log/letsencrypt /var/lib/letsencrypt

3
src/bw/Dockerfile
View File

@ -36,13 +36,12 @@ COPY src/common/api /usr/share/bunkerweb/api
COPY src/common/cli /usr/share/bunkerweb/cli
COPY src/common/confs /usr/share/bunkerweb/confs
COPY src/common/core /usr/share/bunkerweb/core
COPY src/common/db /usr/share/bunkerweb/db
COPY src/common/gen /usr/share/bunkerweb/gen
COPY src/common/helpers /usr/share/bunkerweb/helpers
COPY src/common/settings.json /usr/share/bunkerweb/settings.json
COPY src/common/utils /usr/share/bunkerweb/utils
COPY src/VERSION /usr/share/bunkerweb/VERSION
COPY misc/*.ascii /usr/share/bunkerweb/
COPY misc/*.ascii /usr/share/bunkerweb/misc/
# Install runtime dependencies, pypi packages, move bwcli, create data folders and set permissions
RUN apk add --no-cache pcre bash python3 && \

2
src/bw/entrypoint.sh
View File

@ -2,7 +2,7 @@
. /usr/share/bunkerweb/helpers/utils.sh
ascii_array=($(ls /usr/share/bunkerweb/*.ascii))
ascii_array=($(ls /usr/share/bunkerweb/misc/*.ascii))
cat ${ascii_array[$(($RANDOM % ${#ascii_array[@]}))]}
log "ENTRYPOINT" "" "Starting BunkerWeb v$(cat /usr/share/bunkerweb/VERSION) ..."

61
src/common/cli/CLI.py
View File

@ -1,3 +1,4 @@
from os import getenv
from dotenv import dotenv_values
from pathlib import Path
from redis import StrictRedis
@ -35,8 +36,22 @@ def format_remaining_time(seconds):
class CLI(ApiCaller):
def __init__(self):
self.__variables = dotenv_values("/etc/nginx/variables.env")
self.__logger = setup_logger("CLI", self.__variables.get("LOG_LEVEL", "INFO"))
self.__logger = setup_logger("CLI", getenv("LOG_LEVEL", "INFO"))
if not Path("/usr/share/bunkerweb/db").is_dir():
self.__variables = dotenv_values("/etc/nginx/variables.env")
else:
if "/usr/share/bunkerweb/db" not in sys_path:
sys_path.append("/usr/share/bunkerweb/db")
from Database import Database
db = Database(
self.__logger,
sqlalchemy_string=getenv("DATABASE_URI", None),
)
self.__variables = db.get_config()
self.__integration = self.__detect_integration()
self.__use_redis = self.__variables.get("USE_REDIS", "no") == "yes"
self.__redis = None
@ -95,7 +110,11 @@ class CLI(ApiCaller):
)
self.__use_redis = False
if self.__integration in ("docker", "linux"):
if not Path("/usr/share/bunkerweb/db").is_dir() or self.__integration not in (
"kubernetes",
"swarm",
"autoconf",
):
# Docker & Linux case
super().__init__(
apis=[
@ -154,14 +173,21 @@ class CLI(ApiCaller):
return False, "error"
def bans(self) -> Tuple[bool, str]:
bans = {}
servers = {}
ret, resp = self._send_to_apis("GET", "/bans", response=True)
if not ret:
return False, "error"
for k, v in resp.items():
servers[k] = v.get("data", [])
if self.__redis:
bans["redis"] = []
servers["redis"] = []
for key in self.__redis.scan_iter("bans_ip_*"):
ip = key.decode("utf-8").replace("bans_ip_", "")
exp = self.__redis.ttl(key)
bans["redis"].append(
servers["redis"].append(
{
"ip": ip,
"exp": exp,
@ -169,18 +195,15 @@ class CLI(ApiCaller):
}
)
ret, resp = self._send_to_apis("GET", "/bans", response=True) # TODO: fix this
if not ret:
return False, "error"
cli_str = ""
for server, bans in servers.items():
cli_str += f"List of bans for {server}:\n"
if not bans:
cli_str += "No ban found\n"
print(resp, flush=True) # TODO: handle response
for ban in bans:
cli_str += f"- {ban['ip']} for {format_remaining_time(ban['exp'])} : {ban.get('reason', 'no reason given')}\n"
else:
cli_str += "\n"
# bans.extend(resp.get("data", []))
# if len(bans) == 0:
# return True, "No ban found"
# cli_str = "List of bans :\n"
# for ban in bans:
# cli_str += f"- {ban['ip']} for {format_remaining_time(ban['exp'])} : {ban.get('reason', 'no reason given')}\n"
# return True, cli_str
return True, cli_str

31
src/common/utils/ApiCaller.py
View File

@ -2,7 +2,7 @@ from io import BytesIO
from os import getenv
from sys import path as sys_path
from tarfile import open as taropen
from typing import Optional
from typing import Any, Dict, List, Literal, Optional, Tuple, Union
if "/usr/share/bunkerweb/utils" not in sys_path:
sys_path.append("/usr/share/bunkerweb/utils")
@ -18,8 +18,8 @@ from docker import DockerClient
class ApiCaller:
def __init__(self, apis=[]):
self.__apis = apis
def __init__(self, apis: List[API] = None):
self.__apis = apis or []
self.__logger = setup_logger("Api", getenv("LOG_LEVEL", "INFO"))
def auto_setup(self, bw_integration: Optional[str] = None):
@ -101,14 +101,22 @@ class ApiCaller:
)
)
def _set_apis(self, apis):
def _set_apis(self, apis: List[API]):
self.__apis = apis
def _get_apis(self):
return self.__apis
def _send_to_apis(self, method, url, files=None, data=None, response=False):
def _send_to_apis(
self,
method: Union[Literal["POST"], Literal["GET"]],
url: str,
files: Optional[Dict[str, BytesIO]] = None,
data: Optional[Dict[str, Any]] = None,
response: bool = False,
) -> Tuple[bool, Tuple[bool, Optional[Dict[str, Any]]]]:
ret = True
responses = {}
for api in self.__apis:
if files is not None:
for buffer in files.values():
@ -130,13 +138,18 @@ class ApiCaller:
f"Successfully sent API request to {api.get_endpoint()}{url}",
)
if response:
instance = api.get_endpoint().replace("http://", "").split(":")[0]
if isinstance(resp, dict):
responses[instance] = resp
else:
responses[instance] = resp.json()
if response:
if isinstance(resp, dict):
return ret, resp
return ret, resp.json()
return ret, responses
return ret
def _send_files(self, path, url):
def _send_files(self, path: str, url: str) -> bool:
ret = True
with BytesIO() as tgz:
with taropen(

8
src/scheduler/Dockerfile
View File

@ -21,6 +21,7 @@ RUN apk add --no-cache --virtual .build-deps g++ gcc musl-dev jpeg-dev zlib-dev
# Copy files
# can't exclude specific files/dir from . so we are copying everything by hand
COPY src/common/api /usr/share/bunkerweb/api
COPY src/common/cli /usr/share/bunkerweb/cli
COPY src/common/confs /usr/share/bunkerweb/confs
COPY src/common/db /usr/share/bunkerweb/db
COPY src/common/core /usr/share/bunkerweb/core
@ -31,11 +32,12 @@ COPY src/common/utils /usr/share/bunkerweb/utils
COPY src/scheduler /usr/share/bunkerweb/scheduler
COPY src/VERSION /usr/share/bunkerweb/VERSION
# Add scheduler user, install runtime dependencies, create data folders and set permissions
# Add scheduler user, drop bwcli, install runtime dependencies, create data folders and set permissions
RUN apk add --no-cache bash libgcc libstdc++ openssl && \
ln -s /usr/local/bin/python3 /usr/bin/python3 && \
addgroup -g 101 scheduler && \
adduser -h /var/cache/nginx -g scheduler -s /bin/sh -G scheduler -D -H -u 101 scheduler && \
cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
echo "Docker" > /usr/share/bunkerweb/INTEGRATION && \
mkdir -p /var/tmp/bunkerweb && \
mkdir -p /var/www && \
@ -48,12 +50,12 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
chown -R root:scheduler /data && \
chmod -R 770 /data && \
chown -R root:scheduler /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \
chown -R root:scheduler /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /usr/bin/bwcli && \
find /usr/share/bunkerweb -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -type d -exec chmod 0750 {} \; && \
chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \
find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \
chmod 750 /usr/share/bunkerweb/gen/*.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/scheduler/entrypoint.sh /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/deps/python/bin/* && \
chmod 750 /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/gen/*.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/scheduler/entrypoint.sh /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/deps/python/bin/* /usr/bin/bwcli && \
mkdir -p /etc/nginx && \
chown -R scheduler:scheduler /etc/nginx && \
chmod -R 770 /etc/nginx && \