Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

custom conf

Browse Source
This commit is contained in:
bunkerity 2020-01-03 10:21:37 +00:00
parent 5d16f6a8f2
commit 09e6b50e58
5 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@ -15,9 +15,8 @@ RUN apk --no-cache add php7-fpm php7-session certbot libstdc++ libmaxminddb geoi
mkdir /www && \ mkdir /www && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
VOLUME /www VOLUME /www /confs
EXPOSE 80 EXPOSE 80/tcp 443/tcp
EXPOSE 443
ENTRYPOINT ["/opt/entrypoint.sh"] ENTRYPOINT ["/opt/entrypoint.sh"]

2
README.md
View File

@ -87,7 +87,5 @@ Accepted value can be found [here](https://github.com/AirisX/nginx_cookie_flag_m
## TODO ## TODO
- File permissions hardening - File permissions hardening
- Custom nginx configuration
- Custom TLS certificates - Custom TLS certificates
- Documentation - Documentation
- Reverse proxy mode

5
confs/serve-files.conf Normal file
View File

@ -0,0 +1,5 @@
root /www;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}

9
confs/server.conf
View File

@ -2,12 +2,7 @@ server {
%LISTEN_HTTP% %LISTEN_HTTP%
%AUTO_LETS_ENCRYPT% %AUTO_LETS_ENCRYPT%
server_name %SERVER_NAME%; server_name %SERVER_NAME%;
root /www; %SERVE_FILES%
index index.html index.php;
location / {
try_files $uri $uri/ =404;
%BLOCK_TOR_EXIT_NODE%
}
if ($request_method !~ ^(%ALLOWED_METHODS%)$) if ($request_method !~ ^(%ALLOWED_METHODS%)$)
{ {
return 405; return 405;
@ -22,6 +17,8 @@ server {
%FEATURE_POLICY% %FEATURE_POLICY%
%BLOCK_COUNTRY% %BLOCK_COUNTRY%
%BLOCK_USER_AGENT% %BLOCK_USER_AGENT%
%BLOCK_TOR_EXIT_NODE%
%COOKIE_FLAGS% %COOKIE_FLAGS%
%ERRORS% %ERRORS%
include /confs/*.conf;
} }

9
entrypoint.sh
View File

@ -1,5 +1,7 @@
#!/bin/sh #!/bin/sh
echo "[*] Starting bunkerized-nginx ..."
# replace pattern in file # replace pattern in file
function replace_in_file() { function replace_in_file() {
# escape slashes # escape slashes
@ -56,6 +58,7 @@ PHP_DISABLE_FUNCTIONS="${PHP_DISABLE_FUNCTIONS:-system, exec, shell_exec, passth
USE_MODSECURITY="${USE_MODSECURITY:-yes}" USE_MODSECURITY="${USE_MODSECURITY:-yes}"
CONTENT_SECURITY_POLICY="${CONTENT_SECURITY_POLICY:-default-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts; reflected-xss block; base-uri 'self'; referrer no-referrer}" CONTENT_SECURITY_POLICY="${CONTENT_SECURITY_POLICY:-default-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts; reflected-xss block; base-uri 'self'; referrer no-referrer}"
COOKIE_FLAGS="${COOKIE_FLAGS:-* HttpOnly}" COOKIE_FLAGS="${COOKIE_FLAGS:-* HttpOnly}"
SERVE_FILES="${SERVE_FILES:-yes}"
# replace values # replace values
replace_in_file "/etc/nginx/nginx.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE" replace_in_file "/etc/nginx/nginx.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE"
@ -229,6 +232,11 @@ if [ "$COOKIE_FLAGS" != "" ] ; then
else else
replace_in_file "/etc/nginx/server.conf" "%COOKIE_FLAGS%" "" replace_in_file "/etc/nginx/server.conf" "%COOKIE_FLAGS%" ""
fi fi
if [ "$SERVE_FILES" = "yes" ] ; then
replace_in_file "/etc/nginx/server.conf" "%SERVE_FILES%" "include /etc/nginx/serve-files.conf;"
else
replace_in_file "/etc/nginx/server.conf" "%SERVE_FILES%" ""
fi
# start PHP # start PHP
@ -241,4 +249,5 @@ crond
# start nginx in foreground # start nginx in foreground
# when nginx is killed, container get killed too # when nginx is killed, container get killed too
echo "[*] Running nginx ..."
exec /usr/sbin/nginx exec /usr/sbin/nginx