From e852298352fbabc69d33d1c86128baa955226d53 Mon Sep 17 00:00:00 2001
From: florian <contact@bunkerity.com>
Date: Sat, 11 Jun 2022 18:36:52 +0200
Subject: [PATCH] don't send local IP to BunkerNet on default server, fix
 certbot new when MULTISITE=no and fix unknown reason in get_reason

---
 core/bunkernet/confs/default-server-http/bunkernet.conf | 8 ++++++++
 core/letsencrypt/jobs/certbot-new.py                    | 2 +-
 lua/utils.lua                                           | 4 ++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/core/bunkernet/confs/default-server-http/bunkernet.conf b/core/bunkernet/confs/default-server-http/bunkernet.conf
index 31d6e7a1..419090bc 100644
--- a/core/bunkernet/confs/default-server-http/bunkernet.conf
+++ b/core/bunkernet/confs/default-server-http/bunkernet.conf
@@ -21,6 +21,14 @@ log_by_lua_block {
 		if ngx.status ~= ngx.HTTP_CLOSE then
 			return
 		end
+		-- Check if IP is global
+		local is_global, err = utils.ip_is_global(ngx.var.remote_addr)
+		if is_global == nil then
+			return
+		end
+		if not is_global then
+			return
+		end
 		-- Only report if it hasn't been reported for the same reason recently
 		local reported = datastore:get("plugin_bunkernet_cache_" .. ngx.var.remote_addr .. "default")
 		if reported then
diff --git a/core/letsencrypt/jobs/certbot-new.py b/core/letsencrypt/jobs/certbot-new.py
index ee10595a..81a33568 100755
--- a/core/letsencrypt/jobs/certbot-new.py
+++ b/core/letsencrypt/jobs/certbot-new.py
@@ -45,7 +45,7 @@ try :
     elif os.getenv("AUTO_LETS_ENCRYPT") == "yes" and os.getenv("SERVER_NAME") != "" :
         first_server = os.getenv("SERVER_NAME").split(" ")[0]
         domains = os.getenv("SERVER_NAME").replace(" ", ",")
-        if not os.path.exists("/etc/letsencrypt/live/" + first_server + "/cert.pem") :
+        if os.path.exists("/etc/letsencrypt/live/" + first_server + "/cert.pem") :
             logger.log("LETS-ENCRYPT", "ℹ️", "Certificates already exists for domain(s) " + domains)
         else :
             real_email = os.getenv("EMAIL_LETS_ENCRYPT", "contact@" + first_server)
diff --git a/lua/utils.lua b/lua/utils.lua
index 759f2c1a..2557127a 100644
--- a/lua/utils.lua
+++ b/lua/utils.lua
@@ -244,6 +244,10 @@ utils.get_reason = function()
 	if os.getenv("REASON") == "modsecurity" then
 		return "modsecurity"
 	end
+	local banned, err = datastore:get("bans_ip_" .. ngx.var.remote_addr)
+	if banned then
+		return banned
+	end
 	if ngx.status == ngx.HTTP_FORBIDDEN then
 		return "unknown"
 	end