From 022a653ebc6acccdec41f7ada10354ac48f0af71 Mon Sep 17 00:00:00 2001
From: bunkerity <contact@bunkerity.com>
Date: Sat, 24 Oct 2020 20:48:04 +0200
Subject: [PATCH] display fail2ban.log and logging bug fix

---
 entrypoint.sh                   |  8 ++++++--
 hooks/post_push                 |  1 -
 multi-arch-manifest-dev.yaml    | 21 ---------------------
 multi-arch-manifest-master.yaml | 21 ---------------------
 scripts/abusers.sh              |  5 ++++-
 scripts/exit-nodes.sh           |  5 ++++-
 scripts/proxies.sh              |  5 ++++-
 7 files changed, 18 insertions(+), 48 deletions(-)
 delete mode 100644 multi-arch-manifest-dev.yaml
 delete mode 100644 multi-arch-manifest-master.yaml

diff --git a/entrypoint.sh b/entrypoint.sh
index 0d16b65..c1615cb 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -612,10 +612,14 @@ fi
 # setup logrotate
 replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MAXAGE%" "$LOGROTATE_MAXAGE"
 replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MINSIZE%" "$LOGROTATE_MINSIZE"
-echo "0 0 * * * logrotate -f /etc/logrotate.conf > /dev/null 2>&1" >> /etc/crontabs/root
+echo "0 0 * * * logrotate -f /etc/logrotate.conf > /dev/null 2>&1 && pkill -HUP rsyslogd && fail2ban-client restart && nginx -s reload" >> /etc/crontabs/root
 
 # display logs
-tail -f /var/log/access.log /var/log/error.log &
+LOGS="/var/log/access.log /var/log/error.log"
+if [ "$USE_FAIL2BAN" = "yes" ] ; then
+	LOGS="$LOGS /var/log/fail2ban.log"
+fi
+tail -f $LOGS &
 wait $!
 
 # sigterm trapped
diff --git a/hooks/post_push b/hooks/post_push
index 8841a21..4c8845a 100644
--- a/hooks/post_push
+++ b/hooks/post_push
@@ -5,7 +5,6 @@ chmod +x manifest-tool
 
 VERSION=$(cat VERSION | tr -d '\n')
 if [ "$SOURCE_BRANCH" = "dev" ] ; then
-	./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx:dev-ARCHVARIANT --target bunkerity/bunkerized-nginx:dev-${VERSION}
 	./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx:dev-ARCHVARIANT --target bunkerity/bunkerized-nginx:dev
 elif [ "$SOURCE_BRANCH" = "master" ] ; then
 	./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx:ARCHVARIANT --target bunkerity/bunkerized-nginx:${VERSION}
diff --git a/multi-arch-manifest-dev.yaml b/multi-arch-manifest-dev.yaml
deleted file mode 100644
index 8682028..0000000
--- a/multi-arch-manifest-dev.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-image: bunkerity/bunkerized-nginx:dev
-manifests:
-  - image: bunkerity/bunkerized-nginx:dev-amd64
-    platform:
-      architecture: amd64
-      os: linux
-  - image: bunkerity/bunkerized-nginx:dev-arm32v7
-    platform:
-      architecture: arm
-      os: linux
-      variant: v7
-  - image: bunkerity/bunkerized-nginx:dev-arm64v8
-    platform:
-      architecture: arm64
-      os: linux
-      variant: v8
-  - image: bunkerity/bunkerized-nginx:dev-i386
-    platform:
-      architecture: 386
-      os: linux
-
diff --git a/multi-arch-manifest-master.yaml b/multi-arch-manifest-master.yaml
deleted file mode 100644
index 476e9ac..0000000
--- a/multi-arch-manifest-master.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-image: bunkerity/bunkerized-nginx:latest
-manifests:
-  - image: bunkerity/bunkerized-nginx:amd64
-    platform:
-      architecture: amd64
-      os: linux
-  - image: bunkerity/bunkerized-nginx:arm32v7
-    platform:
-      architecture: arm
-      os: linux
-      variant: v7
-  - image: bunkerity/bunkerized-nginx:arm64v8
-    platform:
-      architecture: arm64
-      os: linux
-      variant: v8
-  - image: bunkerity/bunkerized-nginx:i386
-    platform:
-      architecture: 386
-      os: linux
-
diff --git a/scripts/abusers.sh b/scripts/abusers.sh
index f6ac8c9..df8896b 100755
--- a/scripts/abusers.sh
+++ b/scripts/abusers.sh
@@ -3,7 +3,10 @@
 echo "" > /etc/nginx/block-abusers.conf
 curl -s "https://iplists.firehol.org/files/firehol_abusers_30d.netset" | grep -v "^\#.*" |
 while read entry ; do
-	echo "deny ${entry};" >> /etc/nginx/block-abusers.conf
+	check=$(echo $entry | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$")
+	if [ "$check" != "" ] ; then
+		echo "deny ${entry};" >> /etc/nginx/block-abusers.conf
+	fi
 done
 if [ -f /tmp/nginx.pid ] ; then
 	/usr/sbin/nginx -s reload
diff --git a/scripts/exit-nodes.sh b/scripts/exit-nodes.sh
index 8f85047..718c254 100644
--- a/scripts/exit-nodes.sh
+++ b/scripts/exit-nodes.sh
@@ -3,7 +3,10 @@
 echo "" > /etc/nginx/block-tor-exit-node.conf
 curl -s "https://iplists.firehol.org/files/tor_exits.ipset" | grep -v "^\#.*" |
 while read entry ; do
-	echo "deny ${entry};" >> /etc/nginx/block-tor-exit-node.conf
+	check=$(echo $entry | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$")
+	if [ "$check" != "" ] ; then
+		echo "deny ${entry};" >> /etc/nginx/block-tor-exit-node.conf
+	fi
 done
 if [ -f /tmp/nginx.pid ] ; then
 	/usr/sbin/nginx -s reload
diff --git a/scripts/proxies.sh b/scripts/proxies.sh
index 7702b13..0a6ba32 100755
--- a/scripts/proxies.sh
+++ b/scripts/proxies.sh
@@ -3,7 +3,10 @@
 echo "" > /etc/nginx/block-proxies.conf
 curl -s "https://iplists.firehol.org/files/firehol_proxies.netset" | grep -v "^\#.*" |
 while read entry ; do
-	echo "deny ${entry};" >> /etc/nginx/block-proxies.conf
+	check=$(echo $entry | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$")
+	if [ "$check" != "" ] ; then
+		echo "deny ${entry};" >> /etc/nginx/block-proxies.conf
+	fi
 done
 if [ -f /tmp/nginx.pid ] ; then
 	/usr/sbin/nginx -s reload