From 2b3b4a5c3fe65429382197298cac014eeae08604 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Mon, 16 Aug 2021 15:21:44 +0200 Subject: [PATCH] linux - systemd support --- .github/workflows/linux-bunkerized-nginx.yml | 12 ++++++--- helpers/bunkerized-nginx | 7 ++--- helpers/install.sh | 26 ++++++++++++++++--- helpers/uninstall.sh | 27 ++++++++++++++------ tests/Dockerfile-debian | 3 +++ tests/Dockerfile-fedora | 3 +++ tests/Dockerfile-ubuntu | 3 +++ tests/linux-run.sh | 2 +- 8 files changed, 64 insertions(+), 19 deletions(-) create mode 100644 tests/Dockerfile-debian create mode 100644 tests/Dockerfile-fedora create mode 100644 tests/Dockerfile-ubuntu diff --git a/.github/workflows/linux-bunkerized-nginx.yml b/.github/workflows/linux-bunkerized-nginx.yml index f9f0da5..a5527a0 100644 --- a/.github/workflows/linux-bunkerized-nginx.yml +++ b/.github/workflows/linux-bunkerized-nginx.yml @@ -12,11 +12,17 @@ jobs: steps: - name: Checkout source code uses: actions/checkout@v2 + - name: Build Debian with systemd + run: docker build -t debian-systemd -f tests/Dockerfile-debian . + - name: Build Ubuntu with systemd + run: docker build -t ubuntu-systemd -f tests/Dockerfile-ubuntu . + - name: Build Fedora with systemd + run: docker build -t fedora-systemd -f tests/Dockerfile-fedora . - name: Debian test - run: ./tests/linux-run.sh debian:buster-slim test-debian + run: ./tests/linux-run.sh debian-systemd test-debian - name: Ubuntu test - run: ./tests/linux-run.sh ubuntu:focal test-ubuntu + run: ./tests/linux-run.sh ubuntu-systemd test-ubuntu - name: CentOS test run: ./tests/linux-run.sh centos:7 test-centos - name: Fedora test - run: ./tests/linux-run.sh fedora:34 test-fedora + run: ./tests/linux-run.sh fedora-systemd test-fedora diff --git a/helpers/bunkerized-nginx b/helpers/bunkerized-nginx index 02235aa..3523022 100755 --- a/helpers/bunkerized-nginx +++ b/helpers/bunkerized-nginx @@ -40,13 +40,14 @@ echo "[*] Run jobs" do_and_check_cmd "/opt/bunkerized-nginx/entrypoint/jobs.sh" # Reload nginx if it's running -if [ -f "/tmp/nginx.pid" ] ; then +status="$(systemctl status nginx 2>&1)" +if [ $? -eq 0 ] ; then echo "[*] Reload nginx" - AS_ROOT="yes" do_and_check_cmd nginx -s reload + AS_ROOT="yes" do_and_check_cmd systemctl reload nginx # Otherwise start it else echo "[*] Start nginx" - AS_ROOT="yes" do_and_check_cmd nginx -g 'daemon on; user nginx;' + AS_ROOT="yes" do_and_check_cmd systemctl start nginx fi # Done diff --git a/helpers/install.sh b/helpers/install.sh index a96471f..cdc44bd 100755 --- a/helpers/install.sh +++ b/helpers/install.sh @@ -360,6 +360,15 @@ if [ "$NGINX_VERSION" != "1.20.1" ] ; then echo "/!\\ Warning : we recommend you to use nginx v1.20.1, you should uninstall your nginx version and run this script again ! /!\\" fi +# Stop nginx on Linux +if [ "$OS" != "alpine" ] ; then + echo "[*] Stop nginx service" + systemctl status nginx > /dev/null 2>&1 + if [ $? -eq 0 ] ; then + do_and_check_cmd systemctl stop nginx + fi +fi + # Install dependencies echo "[*] Update packet list" if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then @@ -724,13 +733,19 @@ do_and_check_cmd cp /tmp/bunkerized-nginx/misc/variables.env /opt/bunkerized-ngi if [ "$OS" != "alpine" ] ; then echo "[*] Copy UI" do_and_check_cmd cp -r /tmp/bunkerized-nginx/ui /opt/bunkerized-nginx - do_and_check_cmd cp /tmp/bunkerized-nginx/ui/bunkerized-nginx-ui.service /etc/systemd/system + do_and_check_cmd cp /tmp/bunkerized-nginx/ui/bunkerized-nginx-ui.service /lib/systemd/system fi # Copy bunkerized-nginx echo "[*] Copy bunkerized-nginx" do_and_check_cmd cp /tmp/bunkerized-nginx/helpers/bunkerized-nginx /usr/local/bin +# Replace old nginx.service file +if [ "$OS" != "alpine" ] ; then + do_and_check_cmd mv /lib/systemd/system/nginx.service /lib/systemd/system/nginx.service.bak + do_and_check_cmd cp /tmp/bunkerized-nginx/misc/nginx.service /lib/systemd/system/ +fi + # Create nginx user if [ "$(grep "nginx:" /etc/passwd)" = "" ] ; then echo "[*] Add nginx user" @@ -811,10 +826,13 @@ do_and_check_cmd chmod u+rx /opt do_and_check_cmd chown -R nginx:nginx /etc/nginx do_and_check_cmd find /etc/nginx -type f -exec chmod 0774 {} \; do_and_check_cmd find /etc/nginx -type d -exec chmod 0775 {} \; -# Set permissions for /etc/systemd/system/bunkerized-nginx-ui.service +# Set permissions for systemd files and reload config if [ "$OS" != "alpine" ] ; then - do_and_check_cmd chown root:root /etc/systemd/system/bunkerized-nginx-ui.service - do_and_check_cmd chmod 744 /etc/systemd/system/bunkerized-nginx-ui.service + do_and_check_cmd chown root:root /lib/systemd/system/bunkerized-nginx-ui.service + do_and_check_cmd chmod 744 /lib/systemd/system/bunkerized-nginx-ui.service + do_and_check_cmd chown root:root /lib/systemd/system/nginx.service + do_and_check_cmd chmod 744 /lib/systemd/system/nginx.service + do_and_check_cmd systemctl daemon-reload fi # Prepare log files and folders diff --git a/helpers/uninstall.sh b/helpers/uninstall.sh index 6223ba4..9aaffce 100755 --- a/helpers/uninstall.sh +++ b/helpers/uninstall.sh @@ -30,14 +30,23 @@ elif [ "$(grep Ubuntu /etc/os-release)" != "" ] ; then OS="ubuntu" elif [ "$(grep CentOS /etc/os-release)" != "" ] ; then OS="centos" -elif [ "$(grep Alpine /etc/os-release)" != "" ] ; then - OS="alpine" fi if [ "$OS" = "" ] ; then echo "[!] Unsupported Operating System" exit 1 fi +# Stop nginx +systemctl status nginx > /dev/null 2>&1 +if [ $? -eq 0 ] ; then + echo "[*] Stop nginx service" + do_and_check_cmd systemctl stop nginx +fi + +# Reload old nginx.service file +do_and_check_cmd mv /lib/systemd/system/nginx.service.bak /lib/systemd/system/nginx.service +do_and_check_cmd systemctl daemon-reload + # Remove /opt/bunkerized-nginx if [ -e "/opt/bunkerized-nginx" ] ; then echo "[*] Remove /opt/bunkerized-nginx" @@ -45,14 +54,16 @@ if [ -e "/opt/bunkerized-nginx" ] ; then fi # Remove UI service -if [ -e "/etc/systemd/system/bunkerized-nginx-ui.service" ] ; then - echo "[*] Remove bunkerized-nginx-ui service" +systemctl status bunkerized-nginx-ui > /dev/null 2>&1 +if [ $? -eq 0 ] ; then + echo "[*] Stop bunkerized-nginx-ui service" + systemctl status nginx > /dev/null 2>&1 do_and_check_cmd systemctl stop bunkerized-nginx-ui - do_and_check_cmd systemctl disable bunkerized-nginx-ui - do_and_check_cmd rm -f /etc/systemd/system/bunkerized-nginx-ui.service - do_and_check_cmd systemctl daemon-reload - do_and_check_cmd systemctl reset-failed fi +do_and_check_cmd systemctl disable bunkerized-nginx-ui +do_and_check_cmd rm -f /lib/systemd/system/bunkerized-nginx-ui.service +do_and_check_cmd systemctl daemon-reload +do_and_check_cmd systemctl reset-failed # Remove cron echo "[*] Remove cron" diff --git a/tests/Dockerfile-debian b/tests/Dockerfile-debian new file mode 100644 index 0000000..e6911c2 --- /dev/null +++ b/tests/Dockerfile-debian @@ -0,0 +1,3 @@ +FROM debian:buster-slim + +RUN apt update && apt install -y systemd diff --git a/tests/Dockerfile-fedora b/tests/Dockerfile-fedora new file mode 100644 index 0000000..84746c9 --- /dev/null +++ b/tests/Dockerfile-fedora @@ -0,0 +1,3 @@ +FROM fedora:34 + +RUN dnf install -y systemd diff --git a/tests/Dockerfile-ubuntu b/tests/Dockerfile-ubuntu new file mode 100644 index 0000000..596736d --- /dev/null +++ b/tests/Dockerfile-ubuntu @@ -0,0 +1,3 @@ +FROM ubuntu:focal + +RUN apt update && apt install -y systemd diff --git a/tests/linux-run.sh b/tests/linux-run.sh index a0bfad2..5f747ee 100755 --- a/tests/linux-run.sh +++ b/tests/linux-run.sh @@ -12,7 +12,7 @@ if [ "$3" == "no" ] ; then fi echo "[*] Run $image" -id="$(docker run --rm -d -it -p 80:80 -p 443:443 --name "$name" "$image")" +id="$(docker run --rm -d -p 80:80 -p 443:443 --privileged=true --name "$name" "$image" /sbin/init)" if [ $? -ne 0 ] ; then echo "[!] docker run failed" cleanup "$name"