linux - started work on bunkerized-nginx command
This commit is contained in:
parent
b448d91ca8
commit
d0366fcc0d
|
@ -43,7 +43,7 @@ end
|
|||
|
||||
-- Load plugins
|
||||
ngx.shared.plugins_data:safe_set("plugins", nil, 0)
|
||||
local p = io.popen("find /plugins -maxdepth 1 -type d ! -path /plugins")
|
||||
local p = io.popen("find /opt/bunkerized-nginx/plugins -maxdepth 1 -type d ! -path /opt/bunkerized-nginx/plugins")
|
||||
for dir in p:lines() do
|
||||
-- read JSON
|
||||
local file = io.open(dir .. "/plugin.json")
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
location ~ ^/.well-known/acme-challenge/ {
|
||||
root /acme-challenge;
|
||||
root /opt/bunkerized-nginx/acme-challenge;
|
||||
}
|
||||
|
|
|
@ -20,7 +20,7 @@ http {
|
|||
listen 0.0.0.0:%HTTP_PORT% default_server;
|
||||
server_name _;
|
||||
location ~ ^/.well-known/acme-challenge/ {
|
||||
root /acme-challenge;
|
||||
root /opt/bunkerized-nginx/acme-challenge;
|
||||
}
|
||||
%USE_API%
|
||||
location / {
|
||||
|
|
|
@ -78,7 +78,7 @@ http {
|
|||
port_in_redirect off;
|
||||
|
||||
# lua path and dicts
|
||||
lua_package_path "/usr/local/lib/lua/?.lua;/plugins/?.lua;;";
|
||||
lua_package_path "/usr/local/lib/lua/?.lua;/opt/bunkerized-nginx/plugins/?.lua;;";
|
||||
{% if has_value("USE_WHITELIST_IP", "yes") %}lua_shared_dict whitelist_ip_cache 10m;{% endif %}
|
||||
{% if has_value("USE_WHITELIST_REVERSE", "yes") %}lua_shared_dict whitelist_reverse_cache 10m;{% endif %}
|
||||
{% if has_value("USE_BLACKLIST_IP", "yes") %}lua_shared_dict blacklist_ip_cache 10m;{% endif %}
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
location ~ ^/.well-known/acme-challenge/ {
|
||||
root /acme-challenge;
|
||||
root /opt/bunkerized-nginx/acme-challenge;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
#!/bin/bash
|
||||
|
||||
function do_and_check_cmd() {
|
||||
if [ "$CHANGE_DIR" != "" ] ; then
|
||||
cd "$CHANGE_DIR"
|
||||
fi
|
||||
output=$(su -s "/bin/bash" -c "$@" nginx 2>&1)
|
||||
ret="$?"
|
||||
if [ $ret -ne 0 ] ; then
|
||||
echo "[!] Error from command : $*"
|
||||
echo "$output"
|
||||
exit $ret
|
||||
fi
|
||||
echo "$output"
|
||||
return 0
|
||||
}
|
||||
|
||||
# Check if we are root
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "[!] Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if variables.env is present
|
||||
if [ ! -f "/opt/bunkerized-nginx/variables.env" ] ; then
|
||||
echo "[!] Missing /opt/bunkerized-nginx/variables.env"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Run generator
|
||||
echo "[*] Generate configuration files"
|
||||
do_and_check_cmd /opt/bunkerized-nginx/gen/main.py --settings /opt/bunkerized-nginx/settings.json --templates /opt/bunkerized-nginx/confs --output /etc/nginx --variables /opt/bunkerized-nginx/variables.env
|
||||
|
||||
# Run pre-jobs
|
||||
echo "[*] Run pre-jobs"
|
||||
do_and_check_cmd /opt/bunkerized-nginx/entrypoint/pre-jobs.sh
|
||||
|
||||
# Reload nginx if it's running
|
||||
if [ -f "/tmp/nginx.pid" ] ; then
|
||||
echo "[*] Reload nginx"
|
||||
do_and_check_cmd nginx -s reload
|
||||
# Otherwise start it
|
||||
else
|
||||
echo "[*] Start nginx"
|
||||
do_and_check_cmd nginx -g 'daemon off;'
|
||||
fi
|
||||
|
||||
# Run post-jobs
|
||||
echo "[*] Run post-jobs"
|
||||
do_and_check_cmd /opt/bunkerized-nginx/entrypoint/post-jobs.sh
|
|
@ -130,6 +130,10 @@ do_and_check_cmd cp -r /tmp/bunkerized-nginx/defaults /opt/bunkerized-nginx
|
|||
echo "[*] Copy settings"
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/settings.json /opt/bunkerized-nginx
|
||||
|
||||
# Copy bunkerized-nginx
|
||||
echo "[*] Copy bunkerized-nginx"
|
||||
do_and_check_cmd cp /tmp/bunkerized-nginx/helpers/bunkerized-nginx /usr/local/bin
|
||||
|
||||
# Create nginx user
|
||||
if [ "$(grep "nginx:" /etc/passwd)" = "" ] ; then
|
||||
echo "[*] Add nginx user"
|
||||
|
@ -200,6 +204,10 @@ do_and_check_cmd chmod 770 /opt/bunkerized-nginx/acme-challenge
|
|||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/scripts/*
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/entrypoint/*
|
||||
|
||||
# Set permissions for /usr/local/bin/bunkerized-nginx
|
||||
do_and_check_cmd chown root:root /usr/local/bin/bunkerized-nginx
|
||||
do_and_check_cmd chmod 750 /usr/local/bin/bunkerized-nginx
|
||||
|
||||
# Install cron
|
||||
echo "[*] Add jobs to crontab"
|
||||
if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
ok
|
|
@ -7,7 +7,7 @@ function cleanup() {
|
|||
image="$1"
|
||||
|
||||
echo "[*] Run $image"
|
||||
id="$(docker run --rm -d -it "$image")"
|
||||
id="$(docker run --rm -d -it -p 80:80 "$image")"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker run failed"
|
||||
cleanup "$id"
|
||||
|
@ -53,3 +53,35 @@ if [ $? -ne 0 ] ; then
|
|||
cleanup "$id"
|
||||
exit 6
|
||||
fi
|
||||
|
||||
echo "[*] Copy variables.env"
|
||||
docker cp "tests/variables.env:$id" /opt/bunkerized-nginx/variables.env
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker cp failed"
|
||||
cleanup "$id"
|
||||
exit 7
|
||||
fi
|
||||
|
||||
echo "[*] Copy index.html"
|
||||
docker cp "tests/index.html:$id" /opt/bunkerized-nginx/www
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker cp failed"
|
||||
cleanup "$id"
|
||||
exit 8
|
||||
fi
|
||||
|
||||
echo "[*] Exec bunkerized-nginx"
|
||||
docker exec "$id" bunkerized-nginx
|
||||
if [ $? -ne 0 ] || [ "$res" != "ok" ] ; then
|
||||
echo "[!] docker exec failed"
|
||||
cleanup "$id"
|
||||
exit 9
|
||||
fi
|
||||
|
||||
echo "[*] Exec curl"
|
||||
res="$(curl -s http://localhost/")
|
||||
if [ $? -ne 0 ] || [ "$res" != "ok" ] ; then
|
||||
echo "[!] curl failed"
|
||||
cleanup "$id"
|
||||
exit 10
|
||||
fi
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
SERVER_NAME=www.test.com
|
Loading…
Reference in New Issue