linux - started work on bunkerized-nginx command

2021-06-22 21:19:12 +02:00 · 2021-06-22 21:19:12 +02:00 · d0366fcc0d
parent b448d91ca8
commit d0366fcc0d
10 changed files with 100 additions and 6 deletions
--- a/confs/global/init-lua.conf
+++ b/confs/global/init-lua.conf
@ -43,7 +43,7 @@ end

 -- Load plugins
 ngx.shared.plugins_data:safe_set("plugins", nil, 0)
-local p = io.popen("find /plugins -maxdepth 1 -type d ! -path /plugins")
+local p = io.popen("find /opt/bunkerized-nginx/plugins -maxdepth 1 -type d ! -path /opt/bunkerized-nginx/plugins")
 for dir in p:lines() do
 	-- read JSON
 	local file = io.open(dir .. "/plugin.json")
--- a/confs/global/multisite-default-server-lets-encrypt-webroot.conf
+++ b/confs/global/multisite-default-server-lets-encrypt-webroot.conf
@ -1,3 +1,3 @@
 location ~ ^/.well-known/acme-challenge/ {
-	root /acme-challenge;
+	root /opt/bunkerized-nginx/acme-challenge;
 }
--- a/confs/global/nginx-temp.conf
+++ b/confs/global/nginx-temp.conf
@ -20,7 +20,7 @@ http {
 		listen 0.0.0.0:%HTTP_PORT% default_server;
 		server_name _;
 		location ~ ^/.well-known/acme-challenge/ {
-			root /acme-challenge;
+			root /opt/bunkerized-nginx/acme-challenge;
 		}
 		%USE_API%
 		location / {
--- a/confs/global/nginx.conf
+++ b/confs/global/nginx.conf
@ -78,7 +78,7 @@ http {
 	port_in_redirect off;

 	# lua path and dicts
-	lua_package_path "/usr/local/lib/lua/?.lua;/plugins/?.lua;;";
+	lua_package_path "/usr/local/lib/lua/?.lua;/opt/bunkerized-nginx/plugins/?.lua;;";
 	{% if has_value("USE_WHITELIST_IP", "yes") %}lua_shared_dict whitelist_ip_cache 10m;{% endif %}
 	{% if has_value("USE_WHITELIST_REVERSE", "yes") %}lua_shared_dict whitelist_reverse_cache 10m;{% endif %}
 	{% if has_value("USE_BLACKLIST_IP", "yes") %}lua_shared_dict blacklist_ip_cache 10m;{% endif %}
--- a/confs/site/lets-encrypt-webroot.conf
+++ b/confs/site/lets-encrypt-webroot.conf
@ -1,3 +1,3 @@
 location ~ ^/.well-known/acme-challenge/ {
-	root /acme-challenge;
+	root /opt/bunkerized-nginx/acme-challenge;
 }
--- a/helpers/bunkerized-nginx
+++ b/helpers/bunkerized-nginx
@ -0,0 +1,50 @@
+#!/bin/bash
+
+function do_and_check_cmd() {
+        if [ "$CHANGE_DIR" != "" ] ; then
+                cd "$CHANGE_DIR"
+        fi
+        output=$(su -s "/bin/bash" -c "$@" nginx 2>&1)
+        ret="$?"
+        if [ $ret -ne 0 ] ; then
+                echo "[!] Error from command : $*"
+                echo "$output"
+                exit $ret
+        fi
+        echo "$output"
+        return 0
+}
+
+# Check if we are root
+if [ $(id -u) -ne 0 ] ; then
+	echo "[!] Run me as root"
+	exit 1
+fi
+
+# Check if variables.env is present
+if [ ! -f "/opt/bunkerized-nginx/variables.env" ] ; then
+	echo "[!] Missing /opt/bunkerized-nginx/variables.env"
+	exit 1
+fi
+
+# Run generator
+echo "[*] Generate configuration files"
+do_and_check_cmd /opt/bunkerized-nginx/gen/main.py --settings /opt/bunkerized-nginx/settings.json --templates /opt/bunkerized-nginx/confs --output /etc/nginx --variables /opt/bunkerized-nginx/variables.env
+
+# Run pre-jobs
+echo "[*] Run pre-jobs"
+do_and_check_cmd /opt/bunkerized-nginx/entrypoint/pre-jobs.sh
+
+# Reload nginx if it's running
+if [ -f "/tmp/nginx.pid" ] ; then
+	echo "[*] Reload nginx"
+	do_and_check_cmd nginx -s reload
+# Otherwise start it
+else
+	echo "[*] Start nginx"
+	do_and_check_cmd nginx -g 'daemon off;'
+fi
+
+# Run post-jobs
+echo "[*] Run post-jobs"
+do_and_check_cmd /opt/bunkerized-nginx/entrypoint/post-jobs.sh
--- a/helpers/install.sh
+++ b/helpers/install.sh
@ -130,6 +130,10 @@ do_and_check_cmd cp -r /tmp/bunkerized-nginx/defaults /opt/bunkerized-nginx
 echo "[*] Copy settings"
 do_and_check_cmd cp /tmp/bunkerized-nginx/settings.json /opt/bunkerized-nginx

+# Copy bunkerized-nginx
+echo "[*] Copy bunkerized-nginx"
+do_and_check_cmd cp /tmp/bunkerized-nginx/helpers/bunkerized-nginx /usr/local/bin
+
 # Create nginx user
 if [ "$(grep "nginx:" /etc/passwd)" = "" ] ; then
 	echo "[*] Add nginx user"
@ -200,6 +204,10 @@ do_and_check_cmd chmod 770 /opt/bunkerized-nginx/acme-challenge
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/scripts/*
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/entrypoint/*

+# Set permissions for /usr/local/bin/bunkerized-nginx
+do_and_check_cmd chown root:root /usr/local/bin/bunkerized-nginx
+do_and_check_cmd chmod 750 /usr/local/bin/bunkerized-nginx
+
 # Install cron
 echo "[*] Add jobs to crontab"
 if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
--- a/tests/index.html
+++ b/tests/index.html
@ -0,0 +1 @@
+ok
--- a/tests/linux.sh
+++ b/tests/linux.sh
@ -7,7 +7,7 @@ function cleanup() {
 image="$1"

 echo "[*] Run $image"
-id="$(docker run --rm -d -it "$image")"
+id="$(docker run --rm -d -it -p 80:80 "$image")"
 if [ $? -ne 0 ] ; then
 	echo "[!] docker run failed"
 	cleanup "$id"
@ -53,3 +53,35 @@ if [ $? -ne 0 ] ; then
 	cleanup "$id"
 	exit 6
 fi
+
+echo "[*] Copy variables.env"
+docker cp "tests/variables.env:$id" /opt/bunkerized-nginx/variables.env
+if [ $? -ne 0 ] ; then
+	echo "[!] docker cp failed"
+	cleanup "$id"
+	exit 7
+fi
+
+echo "[*] Copy index.html"
+docker cp "tests/index.html:$id" /opt/bunkerized-nginx/www
+if [ $? -ne 0 ] ; then
+	echo "[!] docker cp failed"
+	cleanup "$id"
+	exit 8
+fi
+
+echo "[*] Exec bunkerized-nginx"
+docker exec "$id" bunkerized-nginx
+if [ $? -ne 0 ] || [ "$res" != "ok" ] ; then
+	echo "[!] docker exec failed"
+	cleanup "$id"
+	exit 9
+fi
+
+echo "[*] Exec curl"
+res="$(curl -s http://localhost/")
+if [ $? -ne 0 ] || [ "$res" != "ok" ] ; then
+	echo "[!] curl failed"
+	cleanup "$id"
+	exit 10
+fi
--- a/tests/variables.env
+++ b/tests/variables.env
@ -0,0 +1,3 @@
+HTTP_PORT=80
+HTTPS_PORT=443
+SERVER_NAME=www.test.com