don't send local IP to BunkerNet on default server, fix certbot new when MULTISITE=no and fix unknown reason in get_reason

2022-06-11 18:36:52 +02:00 · 2022-06-11 18:36:52 +02:00 · e852298352
parent 972a284efd
commit e852298352
3 changed files with 13 additions and 1 deletions
--- a/core/bunkernet/confs/default-server-http/bunkernet.conf
+++ b/core/bunkernet/confs/default-server-http/bunkernet.conf
@ -21,6 +21,14 @@ log_by_lua_block {
 		if ngx.status ~= ngx.HTTP_CLOSE then
 			return
 		end
+		-- Check if IP is global
+		local is_global, err = utils.ip_is_global(ngx.var.remote_addr)
+		if is_global == nil then
+			return
+		end
+		if not is_global then
+			return
+		end
 		-- Only report if it hasn't been reported for the same reason recently
 		local reported = datastore:get("plugin_bunkernet_cache_" .. ngx.var.remote_addr .. "default")
 		if reported then
--- a/core/letsencrypt/jobs/certbot-new.py
+++ b/core/letsencrypt/jobs/certbot-new.py
@ -45,7 +45,7 @@ try :
    elif os.getenv("AUTO_LETS_ENCRYPT") == "yes" and os.getenv("SERVER_NAME") != "" :
        first_server = os.getenv("SERVER_NAME").split(" ")[0]
        domains = os.getenv("SERVER_NAME").replace(" ", ",")
-        if not os.path.exists("/etc/letsencrypt/live/" + first_server + "/cert.pem") :
+        if os.path.exists("/etc/letsencrypt/live/" + first_server + "/cert.pem") :
            logger.log("LETS-ENCRYPT", "ℹ️", "Certificates already exists for domain(s) " + domains)
        else :
            real_email = os.getenv("EMAIL_LETS_ENCRYPT", "contact@" + first_server)
--- a/lua/utils.lua
+++ b/lua/utils.lua
@ -244,6 +244,10 @@ utils.get_reason = function()
 	if os.getenv("REASON") == "modsecurity" then
 		return "modsecurity"
 	end
+	local banned, err = datastore:get("bans_ip_" .. ngx.var.remote_addr)
+	if banned then
+		return banned
+	end
 	if ngx.status == ngx.HTTP_FORBIDDEN then
 		return "unknown"
 	end