mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
custom crontab values
This commit is contained in:
commit
cae05447d3
3 changed files with 83 additions and 13 deletions
64
README.md
64
README.md
|
@ -700,6 +700,12 @@ Context : *global*, *multisite*
|
|||
If set to yes, automatic certificate generation and renewal will be setup through Let's Encrypt. This will enable HTTPS on your website for free.
|
||||
You will need to redirect the 80 port to 8080 port inside container and also set the `SERVER_NAME` environment variable.
|
||||
|
||||
`AUTO_LETS_ENCRYPT_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 0 2 * * *
|
||||
Context : *global*
|
||||
Cron expression of how often lets encrypt is asking for being renewed.
|
||||
|
||||
`EMAIL_LETS_ENCRYPT`
|
||||
Values : *contact@yourdomain.com*
|
||||
Default value : *contact@yourdomain.com*
|
||||
|
@ -947,11 +953,17 @@ The secret given by Google when `USE_ANTIBOT` is set to *recaptcha*.
|
|||
|
||||
`BLOCK_USER_AGENT`
|
||||
Values : *yes* | *no*
|
||||
Default value : *yes*
|
||||
Default value : *yes*
|
||||
Context : *global*, *multisite*
|
||||
If set to yes, block clients with "bad" user agent.
|
||||
Blacklist can be found [here](https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list) and [here](https://raw.githubusercontent.com/JayBizzle/Crawler-Detect/master/raw/Crawlers.txt).
|
||||
|
||||
`BLOCK_USER_AGENT_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 5 0 * * * *
|
||||
Context : *global*
|
||||
Cron expression of how often blocklist user agent is updated.
|
||||
|
||||
`BLOCK_TOR_EXIT_NODE`
|
||||
Values : *yes* | *no*
|
||||
Default value : *yes*
|
||||
|
@ -959,6 +971,12 @@ Context : *global*, *multisite*
|
|||
Is set to yes, will block known TOR exit nodes.
|
||||
Blacklist can be found [here](https://iplists.firehol.org/?ipset=tor_exits).
|
||||
|
||||
`BLOCK_TOR_EXIT_NODE_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 15 0 * * * *
|
||||
Context : *global*
|
||||
Cron expression of how often blocklist tor exit node is updated.
|
||||
|
||||
`BLOCK_PROXIES`
|
||||
Values : *yes* | *no*
|
||||
Default value : *yes*
|
||||
|
@ -966,6 +984,12 @@ Context : *global*, *multisite*
|
|||
Is set to yes, will block known proxies.
|
||||
Blacklist can be found [here](https://iplists.firehol.org/?ipset=firehol_proxies).
|
||||
|
||||
`BLOCK_PROXIES_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 20 0 * * * *
|
||||
Context : *global*
|
||||
Cron expression of how often blocklist proxies is updated.
|
||||
|
||||
`BLOCK_ABUSERS`
|
||||
Values : *yes* | *no*
|
||||
Default value : *yes*
|
||||
|
@ -973,6 +997,12 @@ Context : *global*, *multisite*
|
|||
Is set to yes, will block known abusers.
|
||||
Blacklist can be found [here](https://iplists.firehol.org/?ipset=firehol_abusers_30d).
|
||||
|
||||
`BLOCK_ABUSERS_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 30 0 * * * *
|
||||
Context : *global*
|
||||
Cron expression of how often blocklist abusers is updated.
|
||||
|
||||
`BLOCK_REFERRER`
|
||||
Values : *yes* | *no*
|
||||
Default value : *yes*
|
||||
|
@ -980,6 +1010,12 @@ Context : *global*, *multisite*
|
|||
Is set to yes, will block known bad referrer header.
|
||||
Blacklist can be found [here](https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-referrers.list).
|
||||
|
||||
`BLOCK_REFERRER_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 10 0 * * * *
|
||||
Context : *global*
|
||||
Cron expression of how often blocklist referrer is updated.
|
||||
|
||||
### DNSBL
|
||||
|
||||
`USE_DNSBL`
|
||||
|
@ -1134,6 +1170,12 @@ Default value :
|
|||
Context : *global*, *multisite*
|
||||
Only allow specific countries accessing your website. Use 2 letters country code separated with space.
|
||||
|
||||
`GEOIP_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 30 2 2 * *
|
||||
Context : *global*
|
||||
Cron expression of how often geoip will update its database.
|
||||
|
||||
## PHP
|
||||
|
||||
`REMOTE_PHP`
|
||||
|
@ -1194,7 +1236,7 @@ IPs or subnet which should never be ban by fail2ban.
|
|||
Values : *yes* | *no*
|
||||
Default value : *yes*
|
||||
Context : *global*, *multisite*
|
||||
If set to yes, ClamAV will scan every file uploads and block the upload if the file is detected.
|
||||
If set to yes, ClamAV will scan every file uploads and block the upload if the file is detected.
|
||||
|
||||
`USE_CLAMAV_SCAN`
|
||||
Values : *yes* | *no*
|
||||
|
@ -1202,12 +1244,24 @@ Default value : *yes*
|
|||
Context : *global*
|
||||
If set to yes, ClamAV will scan all the files inside the container every day.
|
||||
|
||||
`USE_CLAMAV_SCAN_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 40 */1 * * *
|
||||
Context : *global*
|
||||
Cron expression of how often ClamAV will scan all the files inside the container.
|
||||
|
||||
`CLAMAV_SCAN_REMOVE`
|
||||
Values : *yes* | *no*
|
||||
Default value : *yes*
|
||||
Context : *global*
|
||||
If set to yes, ClamAV will automatically remove the detected files.
|
||||
|
||||
`CLAMAV_UPDATE_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 0 3 * * *
|
||||
Context : *global*
|
||||
Cron expression of how often ClamAV will update its database.
|
||||
|
||||
## Misc
|
||||
|
||||
`ADDITIONAL_MODULES`
|
||||
|
@ -1228,6 +1282,12 @@ Default value : 7
|
|||
Context : *global*
|
||||
The number of days before rotated files are deleted.
|
||||
|
||||
`LOGROTATE_CRON`
|
||||
Values : *\<cron expression\>*
|
||||
Default value : 0 4 * * *
|
||||
Context : *global*
|
||||
Cron expression of how often Logrotate will rotate files.
|
||||
|
||||
# Include custom configurations
|
||||
Custom configurations files (ending with .conf suffix) can be added in some directory inside the container :
|
||||
- /http-confs : http context
|
||||
|
|
|
@ -46,11 +46,17 @@ SERVER_NAME="${SERVER_NAME-www.bunkerity.com}"
|
|||
ALLOWED_METHODS="${ALLOWED_METHODS-GET|POST|HEAD}"
|
||||
BLOCK_USER_AGENT="${BLOCK_USER_AGENT-yes}"
|
||||
WHITELIST_USERAGENT_LIST="${WHITELIST_USERAGENT_LIST-}"
|
||||
BLOCK_USER_AGENT_CRON="${BLOCK_USER_AGENT_CRON-5 0 * * *}"
|
||||
BLOCK_REFERRER="${BLOCK_REFERRER-yes}"
|
||||
BLOCK_REFERRER_CRON="${BLOCK_REFERRER_CRON-10 0 * * *}"
|
||||
BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-yes}"
|
||||
BLOCK_TOR_EXIT_NODE_CRON="${BLOCK_TOR_EXIT_NODE_CRON-15 * * * *}"
|
||||
BLOCK_PROXIES="${BLOCK_PROXIES-yes}"
|
||||
BLOCK_PROXIES_CRON="${BLOCK_PROXIES_CRON-20 0 * * *}"
|
||||
BLOCK_ABUSERS="${BLOCK_ABUSERS-yes}"
|
||||
BLOCK_ABUSERS_CRON="${BLOCK_ABUSERS_CRON-30 0 * * *}"
|
||||
AUTO_LETS_ENCRYPT="${AUTO_LETS_ENCRYPT-no}"
|
||||
AUTO_LETS_ENCRYPT_CRON="${AUTO_LETS_ENCRYPT_CRON-0 2 * * *}"
|
||||
HTTP2="${HTTP2-yes}"
|
||||
HTTPS_PROTOCOLS="${HTTPS_PROTOCOLS-TLSv1.2 TLSv1.3}"
|
||||
STRICT_TRANSPORT_SECURITY="${STRICT_TRANSPORT_SECURITY-max-age=31536000}"
|
||||
|
@ -71,6 +77,8 @@ FAIL2BAN_MAXRETRY="${FAIL2BAN_MAXRETRY-15}"
|
|||
FAIL2BAN_IGNOREIP="${FAIL2BAN_IGNOREIP-127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}"
|
||||
USE_CLAMAV_UPLOAD="${USE_CLAMAV_UPLOAD-yes}"
|
||||
USE_CLAMAV_SCAN="${USE_CLAMAV_SCAN-yes}"
|
||||
USE_CLAMAV_SCAN_CRON="${USE_CLAMAV_SCAN_CRON-40 */1 * * *}"
|
||||
CLAMAV_UPDATE_CRON="${CLAMAV_UPDATE_CRON-0 3 * * *}"
|
||||
CLAMAV_SCAN_REMOVE="${CLAMAV_SCAN_REMOVE-yes}"
|
||||
USE_AUTH_BASIC="${USE_AUTH_BASIC-no}"
|
||||
AUTH_BASIC_TEXT="${AUTH_BASIC_TEXT-Restricted area}"
|
||||
|
@ -81,6 +89,7 @@ USE_CUSTOM_HTTPS="${USE_CUSTOM_HTTPS-no}"
|
|||
ROOT_FOLDER="${ROOT_FOLDER-/www}"
|
||||
LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
|
||||
LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
|
||||
LOGROTATE_CRON="${LOGROTATE_CRON-0 4 * * *}"
|
||||
DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11}"
|
||||
USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
|
||||
WHITELIST_IP_LIST="${WHITELIST_IP_LIST-127.0.0.1 23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
|
||||
|
@ -103,6 +112,7 @@ PROXY_REAL_IP="${PROXY_REAL_IP-no}"
|
|||
PROXY_REAL_IP_FROM="${PROXY_REAL_IP_FROM-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}"
|
||||
PROXY_REAL_IP_HEADER="${PROXY_REAL_IP_HEADER-X-Forwarded-For}"
|
||||
PROXY_REAL_IP_RECURSIVE="${PROXY_REAL_IP_RECURSIVE-on}"
|
||||
GEOIP_CRON="${GEOIP_CRON-30 2 2 * *}"
|
||||
GENERATE_SELF_SIGNED_SSL="${GENERATE_SELF_SIGNED_SSL-no}"
|
||||
SELF_SIGNED_SSL_EXPIRY="${SELF_SIGNED_SSL_EXPIRY-365}"
|
||||
SELF_SIGNED_SSL_COUNTRY="${SELF_SIGNED_SSL_COUNTRY-CH}"
|
||||
|
|
|
@ -100,7 +100,7 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
|||
/opt/scripts/certbot-new.sh "$DOMAINS_LETS_ENCRYPT" "$EMAIL_LETS_ENCRYPT"
|
||||
fi
|
||||
fi
|
||||
echo "0 0 * * * /opt/scripts/certbot-renew.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
echo "$AUTO_LETS_ENCRYPT_CRON /opt/scripts/certbot-renew.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
fi
|
||||
|
||||
# self-signed certificate
|
||||
|
@ -119,7 +119,7 @@ if [ "$BLACKLIST_COUNTRY" != "" ] || [ "$WHITELIST_COUNTRY" != "" ] ; then
|
|||
replace_in_file "/etc/nginx/geoip.conf" "%DEFAULT%" "yes"
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%COUNTRY%" "$(echo $BLACKLIST_COUNTRY | sed 's/ / no;\\n/g') no;"
|
||||
fi
|
||||
echo "0 0 2 * * /opt/scripts/geoip.sh" >> /etc/crontabs/root
|
||||
echo "$GEOIP_CRON /opt/scripts/geoip.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/geoip.mmdb" ] ; then
|
||||
echo "[*] Copying cached geoip.mmdb ..."
|
||||
cp /cache/geoip.mmdb /etc/nginx/geoip.mmdb
|
||||
|
@ -134,7 +134,7 @@ fi
|
|||
# block bad UA
|
||||
if [ "$(has_value BLOCK_USER_AGENT yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_USER_AGENT%" "include /etc/nginx/map-user-agent.conf;"
|
||||
echo "0 0 * * * /opt/scripts/user-agents.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_USER_AGENT_CRON /opt/scripts/user-agents.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/map-user-agent.conf" ] ; then
|
||||
echo "[*] Copying cached map-user-agent.conf ..."
|
||||
cp /cache/map-user-agent.conf /etc/nginx/map-user-agent.conf
|
||||
|
@ -149,7 +149,7 @@ fi
|
|||
# block bad refferer
|
||||
if [ "$(has_value BLOCK_REFERRER yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_REFERRER%" "include /etc/nginx/map-referrer.conf;"
|
||||
echo "0 0 * * * /opt/scripts/referrers.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_REFERRER_CRON /opt/scripts/referrers.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/map-referrer.conf" ] ; then
|
||||
echo "[*] Copying cached map-referrer.conf ..."
|
||||
cp /cache/map-referrer.conf /etc/nginx/map-referrer.conf
|
||||
|
@ -163,7 +163,7 @@ fi
|
|||
|
||||
# block TOR exit nodes
|
||||
if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] ; then
|
||||
echo "0 * * * * /opt/scripts/exit-nodes.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_TOR_EXIT_NODE_CRON /opt/scripts/exit-nodes.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/block-tor-exit-node.conf" ] ; then
|
||||
echo "[*] Copying cached block-tor-exit-node.conf ..."
|
||||
cp /cache/block-tor-exit-node.conf /etc/nginx/block-tor-exit-node.conf
|
||||
|
@ -175,7 +175,7 @@ fi
|
|||
|
||||
# block proxies
|
||||
if [ "$(has_value BLOCK_PROXIES yes)" != "" ] ; then
|
||||
echo "0 0 * * * /opt/scripts/proxies.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_PROXIES_CRON /opt/scripts/proxies.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/block-proxies.conf" ] ; then
|
||||
echo "[*] Copying cached block-proxies.conf ..."
|
||||
cp /cache/block-proxies.conf /etc/nginx/block-proxies.conf
|
||||
|
@ -187,7 +187,7 @@ fi
|
|||
|
||||
# block abusers
|
||||
if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
|
||||
echo "0 0 * * * /opt/scripts/abusers.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_ABUSERS_CRON /opt/scripts/abusers.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/block-abusers.conf" ] ; then
|
||||
echo "[*] Copying cached block-abusers.conf ..."
|
||||
cp /cache/block-abusers.conf /etc/nginx/block-abusers.conf
|
||||
|
@ -286,13 +286,13 @@ fi
|
|||
if [ "$(has_value USE_CLAMAV_UPLOAD yes)" != "" ] || [ "$USE_CLAMAV_SCAN" = "yes" ] ; then
|
||||
echo "[*] Updating clamav (in background) ..."
|
||||
freshclam > /dev/null 2>&1 &
|
||||
echo "0 0 * * * /usr/bin/freshclam > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
echo "$CLAMAV_UPDATE_CRON /usr/bin/freshclam > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
fi
|
||||
if [ "$USE_CLAMAV_SCAN" = "yes" ] ; then
|
||||
if [ "$USE_CLAMAV_SCAN_REMOVE" = "yes" ] ; then
|
||||
echo "0 */1 * * * /usr/bin/clamscan -r -i --no-summary --remove / >> /var/log/clamav.log 2>&1" >> /etc/crontabs/root
|
||||
echo "$USE_CLAMAV_SCAN_CRON /usr/bin/clamscan -r -i --no-summary --remove / >> /var/log/clamav.log 2>&1" >> /etc/crontabs/root
|
||||
else
|
||||
echo "0 */1 * * * /usr/bin/clamscan -r -i --no-summary / >> /var/log/clamav.log 2>&1" >> /etc/crontabs/root
|
||||
echo "$USE_CLAMAV_SCAN_CRON /usr/bin/clamscan -r -i --no-summary / >> /var/log/clamav.log 2>&1" >> /etc/crontabs/root
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -312,4 +312,4 @@ touch /var/log/error.log
|
|||
# setup logrotate
|
||||
replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MAXAGE%" "$LOGROTATE_MAXAGE"
|
||||
replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MINSIZE%" "$LOGROTATE_MINSIZE"
|
||||
echo "0 0 * * * /opt/scripts/logrotate.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
echo "$LOGROTATE_CRON /opt/scripts/logrotate.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
|
|
Loading…
Reference in a new issue