Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

custom conf

Browse Source
This commit is contained in:
bunkerity 2020-01-03 10:21:37 +00:00
parent 5d16f6a8f2
commit 09e6b50e58
5 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@ -15,9 +15,8 @@ RUN apk --no-cache add php7-fpm php7-session certbot libstdc++ libmaxminddb geoi
mkdir /www && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
VOLUME /www
VOLUME /www /confs
EXPOSE 80
EXPOSE 443
EXPOSE 80/tcp 443/tcp
ENTRYPOINT ["/opt/entrypoint.sh"]

2
README.md
View File

@ -87,7 +87,5 @@ Accepted value can be found [here](https://github.com/AirisX/nginx_cookie_flag_m
## TODO
- File permissions hardening
- Custom nginx configuration
- Custom TLS certificates
- Documentation
- Reverse proxy mode

5
confs/serve-files.conf Normal file
View File

@ -0,0 +1,5 @@
root /www;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}

9
confs/server.conf
View File

@ -2,12 +2,7 @@ server {
%LISTEN_HTTP%
%AUTO_LETS_ENCRYPT%
server_name %SERVER_NAME%;
root /www;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
%BLOCK_TOR_EXIT_NODE%
}
%SERVE_FILES%
if ($request_method !~ ^(%ALLOWED_METHODS%)$)
{
return 405;
@ -22,6 +17,8 @@ server {
%FEATURE_POLICY%
%BLOCK_COUNTRY%
%BLOCK_USER_AGENT%
%BLOCK_TOR_EXIT_NODE%
%COOKIE_FLAGS%
%ERRORS%
include /confs/*.conf;
}

9
entrypoint.sh
View File

@ -1,5 +1,7 @@
#!/bin/sh
echo "[*] Starting bunkerized-nginx ..."
# replace pattern in file
function replace_in_file() {
# escape slashes
@ -56,6 +58,7 @@ PHP_DISABLE_FUNCTIONS="${PHP_DISABLE_FUNCTIONS:-system, exec, shell_exec, passth
USE_MODSECURITY="${USE_MODSECURITY:-yes}"
CONTENT_SECURITY_POLICY="${CONTENT_SECURITY_POLICY:-default-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts; reflected-xss block; base-uri 'self'; referrer no-referrer}"
COOKIE_FLAGS="${COOKIE_FLAGS:-* HttpOnly}"
SERVE_FILES="${SERVE_FILES:-yes}"
# replace values
replace_in_file "/etc/nginx/nginx.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE"
@ -229,6 +232,11 @@ if [ "$COOKIE_FLAGS" != "" ] ; then
else
replace_in_file "/etc/nginx/server.conf" "%COOKIE_FLAGS%" ""
fi
if [ "$SERVE_FILES" = "yes" ] ; then
replace_in_file "/etc/nginx/server.conf" "%SERVE_FILES%" "include /etc/nginx/serve-files.conf;"
else
replace_in_file "/etc/nginx/server.conf" "%SERVE_FILES%" ""
fi
# start PHP
@ -241,4 +249,5 @@ crond
# start nginx in foreground
# when nginx is killed, container get killed too
echo "[*] Running nginx ..."
exec /usr/sbin/nginx