Fix autoconf not working properly with the shared volume

2022-12-03 16:47:35 +01:00 · 2022-12-03 16:47:35 +01:00 · c195ffc864
parent 291d64e29d
commit c195ffc864
4 changed files with 22 additions and 12 deletions
--- a/src/autoconf/Dockerfile
+++ b/src/autoconf/Dockerfile
@ -32,11 +32,21 @@ RUN apk add --no-cache bash && \
    addgroup -g 101 nginx && \
    adduser -h /var/cache/nginx -g nginx -s /bin/sh -G nginx -D -H -u 101 nginx && \
    cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
+    mkdir -p /var/tmp/bunkerweb && \
+    mkdir -p /var/www && \
+    mkdir -p /etc/bunkerweb && \
+    mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
    mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
-    chown -R nginx:nginx /usr/share/bunkerweb /var/lib/bunkerweb && \
+    mkdir -p /data/cache/letsencrypt && ln -s /data/cache/letsencrypt /etc/letsencrypt && \
+    mkdir -p /data/www && ln -s /data/www /var/www/html && \
+    for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
+    for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
+    chown -R root:nginx /data && \
+    chmod -R 770 /data && \
+    chown -R root:nginx /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \
    find /usr/share/bunkerweb -type f -exec chmod 0740 {} \; && \
    find /usr/share/bunkerweb -type d -exec chmod 0750 {} \; && \
-    chmod 770 /var/lib/bunkerweb && \
+    chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \
    chmod 750 /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/bin/bwcli /usr/share/bunkerweb/autoconf/main.py /usr/share/bunkerweb/deps/python/bin/* && \
    chown root:nginx /usr/bin/bwcli

--- a/src/scheduler/Dockerfile
+++ b/src/scheduler/Dockerfile
@ -49,9 +49,9 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \
  chown -R root:scheduler /data && \
  chmod -R 770 /data && \
  chown -R root:scheduler /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \
-  for dir in $(echo "/usr/share/bunkerweb /etc/bunkerweb") ; do find ${dir} -type f -exec chmod 0740 {} \; ; done && \
-  for dir in $(echo "/usr/share/bunkerweb /etc/bunkerweb") ; do find ${dir} -type d -exec chmod 0750 {} \; ; done && \
-  chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /var/tmp/bunkerweb && \
+  find /usr/share/bunkerweb -type f -exec chmod 0740 {} \; && \
+  find /usr/share/bunkerweb -type d -exec chmod 0750 {} \; && \
+  chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \
  find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \
  chmod 750 /usr/share/bunkerweb/gen/*.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/scheduler/entrypoint.sh /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/deps/python/bin/* && \
  mkdir /etc/nginx && \
--- a/src/scheduler/JobScheduler.py
+++ b/src/scheduler/JobScheduler.py
@ -112,8 +112,8 @@ class JobScheduler(ApiCaller):
                stdin=DEVNULL,
                stderr=STDOUT,
                env=self.__env,
-                user=120,
-                group=120,
+                user=101,
+                group=101,
            )
        except BaseException:
            success = False
@ -237,4 +237,3 @@ class JobScheduler(ApiCaller):
            )
            return False
        return ret
-
--- a/src/scheduler/main.py
+++ b/src/scheduler/main.py
@ -6,6 +6,7 @@ from glob import glob
 from os import (
    _exit,
    chmod,
+    chown,
    getenv,
    getpid,
    listdir,
@ -16,7 +17,7 @@ from os import (
    walk,
 )
 from os.path import dirname, exists, isdir, isfile, islink, join
-from shutil import chown, copy, rmtree
+from shutil import copy, rmtree
 from signal import SIGINT, SIGTERM, signal, SIGHUP
 from subprocess import run as subprocess_run, DEVNULL, STDOUT
 from sys import path as sys_path
@ -110,7 +111,7 @@ def generate_custom_configs(
    # Fix permissions for the custom configs folder
    for root, dirs, files in walk("/data/configs", topdown=False):
        for name in files + dirs:
-            chown(join(root, name), "scheduler", "scheduler")
+            chown(join(root, name), 101, 101)

            if isdir(join(root, name)):
                chmod(join(root, name), 0o750)
@ -339,7 +340,7 @@ if __name__ == "__main__":
                    # Fix permissions for the nginx folder
                    for root, dirs, files in walk("/etc/nginx", topdown=False):
                        for name in files + dirs:
-                            chown(join(root, name), "scheduler", "scheduler")
+                            chown(join(root, name), 101, 101)
                            chmod(join(root, name), 0o770)

                    copy("/etc/nginx/variables.env", "/var/tmp/bunkerweb/variables.env")
@ -358,7 +359,7 @@ if __name__ == "__main__":
                walk("/data/cache", topdown=False), walk("/data/configs", topdown=False)
            ):
                for name in files + dirs:
-                    chown(join(root, name), "scheduler", "scheduler")
+                    chown(join(root, name), 101, 101)

                    if isdir(join(root, name)):
                        chmod(join(root, name), 0o750)