diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
index 4661133..7847f2c 100644
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@@ -158,9 +158,141 @@ jobs:
cache-from: type=registry,ref=bunkerity/cache:bw-ui-arm-cache
cache-to: type=registry,ref=bunkerity/cache:bw-ui-arm-cache,mode=min
+ # Build linux ubuntu
+ build-bw-ubuntu:
+ runs-on: ubuntu-latest
+ steps:
+ # Prepare
+ - name: Checkout source code
+ uses: actions/checkout@v3
+ - name: Setup Buildx
+ uses: docker/setup-buildx-action@v2
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_TOKEN }}
+ - name: Login to private repository
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ secrets.PRIVATE_REGISTRY }}
+ username: registry
+ password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+
+ # Build image
+ - name: Build BW ubuntu
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: linux/Dockerfile-ubuntu
+ platforms: linux/amd64
+ push: true
+ tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:latest
+ cache-from: type=registry,ref=bunkerity/cache:bw-ubuntu-cache
+ cache-to: type=registry,ref=bunkerity/cache:bw-ubuntu-cache,mode=min
+
+ # Build linux debian
+ build-bw-debian:
+ runs-on: ubuntu-latest
+ steps:
+ # Prepare
+ - name: Checkout source code
+ uses: actions/checkout@v3
+ - name: Setup Buildx
+ uses: docker/setup-buildx-action@v2
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_TOKEN }}
+ - name: Login to private repository
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ secrets.PRIVATE_REGISTRY }}
+ username: registry
+ password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+
+ # Build image
+ - name: Build BW debian
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: linux/Dockerfile-debian
+ platforms: linux/amd64
+ push: true
+ tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:latest
+ cache-from: type=registry,ref=bunkerity/cache:bw-debian-cache
+ cache-to: type=registry,ref=bunkerity/cache:bw-debian-cache,mode=min
+
+ # Build linux centos
+ build-bw-centos:
+ runs-on: ubuntu-latest
+ steps:
+ # Prepare
+ - name: Checkout source code
+ uses: actions/checkout@v3
+ - name: Setup Buildx
+ uses: docker/setup-buildx-action@v2
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_TOKEN }}
+ - name: Login to private repository
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ secrets.PRIVATE_REGISTRY }}
+ username: registry
+ password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+
+ # Build image
+ - name: Build BW centos
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: linux/Dockerfile-centos
+ platforms: linux/amd64
+ push: true
+ tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:latest
+ cache-from: type=registry,ref=bunkerity/cache:bw-centos-cache
+ cache-to: type=registry,ref=bunkerity/cache:bw-centos-cache,mode=min
+
+ # Build linux fedora
+ build-bw-fedora:
+ runs-on: ubuntu-latest
+ steps:
+ # Prepare
+ - name: Checkout source code
+ uses: actions/checkout@v3
+ - name: Setup Buildx
+ uses: docker/setup-buildx-action@v2
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_TOKEN }}
+ - name: Login to private repository
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ secrets.PRIVATE_REGISTRY }}
+ username: registry
+ password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+
+ # Build image
+ - name: Build BW fedora
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: linux/Dockerfile-fedora
+ platforms: linux/amd64
+ push: true
+ tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:latest
+ cache-from: type=registry,ref=bunkerity/cache:bw-fedora-cache
+ cache-to: type=registry,ref=bunkerity/cache:bw-fedora-cache,mode=min
+
# Run tests
tests:
- needs: build-bw-amd64
+ needs: [build-bw-amd64, build-bw-ubuntu, build-bw-debian, build-bw-centos, build-bw-fedora]
runs-on: [self-hosted, X64]
steps:
diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml
index 39dcfa3..538931d 100644
--- a/.github/workflows/prod.yml
+++ b/.github/workflows/prod.yml
@@ -149,9 +149,133 @@ jobs:
tags: bunkerweb-ui-tests-arm:latest
cache-to: type=registry,ref=bunkerity/cache:bw-ui-arm-cache,mode=min
+ # Build linux ubuntu
+ build-bw-ubuntu:
+ runs-on: ubuntu-latest
+ steps:
+ # Prepare
+ - name: Checkout source code
+ uses: actions/checkout@v3
+ - name: Setup Buildx
+ uses: docker/setup-buildx-action@v2
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_TOKEN }}
+ - name: Login to private repository
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ secrets.PRIVATE_REGISTRY }}
+ username: registry
+ password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+
+ # Build image
+ - name: Build BW ubuntu
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: linux/Dockerfile-ubuntu
+ platforms: linux/amd64
+ push: true
+ tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:latest
+
+ # Build linux debian
+ build-bw-debian:
+ runs-on: ubuntu-latest
+ steps:
+ # Prepare
+ - name: Checkout source code
+ uses: actions/checkout@v3
+ - name: Setup Buildx
+ uses: docker/setup-buildx-action@v2
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_TOKEN }}
+ - name: Login to private repository
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ secrets.PRIVATE_REGISTRY }}
+ username: registry
+ password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+
+ # Build image
+ - name: Build BW debian
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: linux/Dockerfile-debian
+ platforms: linux/amd64
+ push: true
+ tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:latest
+
+ # Build linux centos
+ build-bw-centos:
+ runs-on: ubuntu-latest
+ steps:
+ # Prepare
+ - name: Checkout source code
+ uses: actions/checkout@v3
+ - name: Setup Buildx
+ uses: docker/setup-buildx-action@v2
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_TOKEN }}
+ - name: Login to private repository
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ secrets.PRIVATE_REGISTRY }}
+ username: registry
+ password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+
+ # Build image
+ - name: Build BW centos
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: linux/Dockerfile-centos
+ platforms: linux/amd64
+ push: true
+ tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:latest
+
+ # Build linux fedora
+ build-bw-fedora:
+ runs-on: ubuntu-latest
+ steps:
+ # Prepare
+ - name: Checkout source code
+ uses: actions/checkout@v3
+ - name: Setup Buildx
+ uses: docker/setup-buildx-action@v2
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_TOKEN }}
+ - name: Login to private repository
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ secrets.PRIVATE_REGISTRY }}
+ username: registry
+ password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+
+ # Build image
+ - name: Build BW fedora
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ file: linux/Dockerfile-fedora
+ platforms: linux/amd64
+ push: true
+ tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:latest
+
# Run tests
tests:
- needs: build-bw-amd64
+ needs: [build-bw-amd64, build-bw-ubuntu, build-bw-debian, build-bw-centos, build-bw-fedora]
runs-on: [self-hosted, X64]
steps:
@@ -185,6 +309,14 @@ jobs:
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest 10.20.1.1:5000/bw-autoconf-tests:latest && docker push 10.20.1.1:5000/bw-autoconf-tests:latest
- name: Import BW UI image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest 10.20.1.1:5000/bw-ui-tests:latest && docker push 10.20.1.1:5000/bw-ui-tests:latest
+ - name: Import Ubuntu image
+ run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:latest bw-ubuntu-tests:latest
+ - name: Import Debian image
+ run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:latest bw-debian-tests:latest
+ - name: Import Centos image
+ run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:latest bw-centos-tests:latest
+ - name: Import Fedora image
+ run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:latest bw-fedora-tests:latest
# CVE check on OS
- name: Check security vulnerabilities for BW
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1f23997..93ec591 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,16 @@
# Changelog
+## v1.4.2 -
+
+- Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
+- Fix config files overwrite when using Docker autoconf
+- Add log_default() plugin hook
+- Add various certbot-dns examples
+- Force NGINX version dependencies in Linux packages DEB/RPM
+- Add Discord to supported plugins
+
## v1.4.1 - 2022/16/06
+
- Fix sending local IPs to BunkerNet when DISABLE_DEFAULT_SERVER=yes
- Fix certbot bug when AUTOCONF_MODE=yes
- Fix certbot bug when MULTISITE=no
diff --git a/README.md b/README.md
index 29f6d85..a0711d5 100644
--- a/README.md
+++ b/README.md
@@ -246,6 +246,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
| **ClamAV** | 0.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **CrowdSec** | 0.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
+| **Discord** | 0.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **VirusTotal** | 0.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
You will find more information in the [plugins section](https://docs.bunkerweb.io/latest/plugins) of the documentation.
@@ -280,7 +281,7 @@ This project is licensed under the terms of the [GNU Affero General Public Licen
# Contribute
-If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/tree/master/LICENSE.md) to get started.
+If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/tree/master/CONTRIBUTING.md) to get started.
# Security policy
diff --git a/autoconf/Config.py b/autoconf/Config.py
index ec861b5..27d4475 100644
--- a/autoconf/Config.py
+++ b/autoconf/Config.py
@@ -131,10 +131,11 @@ class Config(ApiCaller, ConfigCaller) :
self._set_apis(self.__get_apis())
# write configs
- ret = self.__write_configs()
- if not ret :
- success = False
- log("CONFIG", "❌", "saving custom configs failed, configuration will not work as expected...")
+ if configs != None :
+ ret = self.__write_configs()
+ if not ret :
+ success = False
+ log("CONFIG", "❌", "saving custom configs failed, configuration will not work as expected...")
# get env
env = self.__get_full_env()
diff --git a/autoconf/DockerController.py b/autoconf/DockerController.py
index 8b72b09..ea1d240 100644
--- a/autoconf/DockerController.py
+++ b/autoconf/DockerController.py
@@ -43,7 +43,7 @@ class DockerController(Controller) :
raise("get_configs is not supported with DockerController")
def apply_config(self) :
- return self._config.apply(self._instances, self._services, configs=self._configs)
+ return self._config.apply(self._instances, self._services)
def process_events(self) :
for event in self.__client.events(decode=True, filters={"type": "container"}) :
diff --git a/confs/default-server-http.conf b/confs/default-server-http.conf
index 7b31686..5cef586 100644
--- a/confs/default-server-http.conf
+++ b/confs/default-server-http.conf
@@ -12,4 +12,50 @@ server {
# include custom default-server configurations
include /opt/bunkerweb/configs/default-server-http/*.conf;
+
+ log_by_lua_block {
+
+ local utils = require "utils"
+ local logger = require "logger"
+ local datastore = require "datastore"
+ local plugins = require "plugins"
+
+ logger.log(ngx.INFO, "LOG", "Log phase started")
+
+ -- List all plugins
+ local list, err = plugins:list()
+ if not list then
+ logger.log(ngx.ERR, "LOG", "Can't list loaded plugins : " .. err)
+ list = {}
+ end
+
+ -- Call log_default method of plugins
+ for i, plugin in ipairs(list) do
+ local ret, plugin_lua = pcall(require, plugin.id .. "/" .. plugin.id)
+ if ret then
+ local plugin_obj = plugin_lua.new()
+ if plugin_obj.log_default ~= nil then
+ logger.log(ngx.INFO, "LOG", "Executing log_default() of " .. plugin.id)
+ local ok, err = plugin_obj:log_default()
+ if not ok then
+ logger.log(ngx.ERR, "LOG", "Error while calling log_default() on plugin " .. plugin.id .. " : " .. err)
+ else
+ logger.log(ngx.INFO, "LOG", "Return value from " .. plugin.id .. ".log_default() is : " .. err)
+ end
+ else
+ logger.log(ngx.INFO, "LOG", "log_default() method not found in " .. plugin.id .. ", skipped execution")
+ end
+ end
+ end
+
+ -- Display reason at info level
+ local reason = utils.get_reason()
+ if reason then
+ logger.log(ngx.INFO, "LOG", "Client was denied with reason : " .. reason)
+ end
+
+ logger.log(ngx.INFO, "LOG", "Log phase ended")
+
+ }
+
}
diff --git a/core/bunkernet/bunkernet.lua b/core/bunkernet/bunkernet.lua
index 8ee08b2..36467d2 100644
--- a/core/bunkernet/bunkernet.lua
+++ b/core/bunkernet/bunkernet.lua
@@ -141,11 +141,13 @@ function _M:report(ip, reason, method, url, headers)
return self:request("POST", "/report", data)
end
-function _M:log()
- -- Check if BunkerNet is activated
- local use_bunkernet = utils.get_variable("USE_BUNKERNET")
- if use_bunkernet ~= "yes" then
- return true, "bunkernet not activated"
+function _M:log(bypass_use_bunkernet)
+ if bypass_use_bunkernet then
+ -- Check if BunkerNet is activated
+ local use_bunkernet = utils.get_variable("USE_BUNKERNET")
+ if use_bunkernet ~= "yes" then
+ return true, "bunkernet not activated"
+ end
end
-- Check if BunkerNet ID is generated
if not self.id then
@@ -193,6 +195,27 @@ function _M:log()
return true, "created report timer"
end
+function _M:log_default()
+ -- Check if bunkernet is activated
+ local check, err = utils.has_variable("USE_BUNKERNET", "yes")
+ if check == nil then
+ return false, "error while checking variable USE_BUNKERNET (" .. err .. ")"
+ end
+ if not check then
+ return true, "bunkernet not enabled"
+ end
+ -- Check if default server is disabled
+ local check, err = utils.get_variable("DISABLE_DEFAULT_SERVER", false)
+ if check == nil then
+ return false, "error while getting variable DISABLE_DEFAULT_SERVER (" .. err .. ")"
+ end
+ if check ~= "yes" then
+ return true, "default server not disabled"
+ end
+ -- Call log method
+ return self:log(true)
+end
+
function _M:access()
local use_bunkernet = utils.get_variable("USE_BUNKERNET")
if use_bunkernet ~= "yes" then
diff --git a/core/bunkernet/confs/default-server-http/bunkernet.conf b/core/bunkernet/confs/default-server-http/bunkernet.conf
deleted file mode 100644
index 419090b..0000000
--- a/core/bunkernet/confs/default-server-http/bunkernet.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-log_by_lua_block {
- local bunkernet = require "bunkernet.bunkernet"
- local utils = require "utils"
- local datastore = require "datastore"
- local logger = require "logger"
- local disable_default_server = utils.get_variable("DISABLE_DEFAULT_SERVER", false)
- local use_bunkernet = utils.has_variable("USE_BUNKERNET", "yes")
-
- if disable_default_server == "yes" and use_bunkernet then
- -- Instantiate bunkernet
- local bnet, err = bunkernet.new()
- if not bnet then
- ngx.log(ngx.ERR, "BUNKERNET", "can't instantiate bunkernet " .. err)
- return
- end
- -- Check if BunkerNet ID is generated
- if not bnet.id then
- return
- end
- -- Check if IP has been blocked
- if ngx.status ~= ngx.HTTP_CLOSE then
- return
- end
- -- Check if IP is global
- local is_global, err = utils.ip_is_global(ngx.var.remote_addr)
- if is_global == nil then
- return
- end
- if not is_global then
- return
- end
- -- Only report if it hasn't been reported for the same reason recently
- local reported = datastore:get("plugin_bunkernet_cache_" .. ngx.var.remote_addr .. "default")
- if reported then
- return
- end
- -- report callback called in a light thread
- local function report_callback(premature, obj, ip, reason, method, url, headers)
- local ok, err, status, data = obj:report(ip, reason, method, url, headers)
- if not ok then
- logger.log(ngx.ERR, "BUNKERNET", "Can't report IP : " .. err)
- elseif status ~= 200 then
- logger.log(ngx.ERR, "BUNKERNET", "Error from remote server : " .. tostring(status))
- else
- logger.log(ngx.NOTICE, "BUNKERNET", "Successfully reported IP " .. ip .. " (reason : " .. reason .. ")")
- local ok, err = datastore:set("plugin_bunkernet_cache_" .. ip .. reason, true, 3600)
- if not ok then
- logger.log(ngx.ERR, "BUNKERNET", "Can't store cached report : " .. err)
- end
- end
- end
- -- Set a timer at the end of log()
- local hdr, err = ngx.timer.at(0, report_callback, bnet, ngx.var.remote_addr, "default", ngx.var.request_method, ngx.var.request_uri, ngx.req.get_headers())
- if not hdr then
- logger.log(ngx.ERR, "BUNKERNET", "can't create report timer : " .. err)
- end
- return
- end
-}
\ No newline at end of file
diff --git a/core/misc/confs/default-server-http/disable.conf b/core/misc/confs/default-server-http/disable.conf
index dc7b907..6868be9 100644
--- a/core/misc/confs/default-server-http/disable.conf
+++ b/core/misc/confs/default-server-http/disable.conf
@@ -1,5 +1,6 @@
{% if DISABLE_DEFAULT_SERVER == "yes" +%}
location / {
+ set $reason "default";
return 444;
}
{% endif %}
\ No newline at end of file
diff --git a/docs/plugins.md b/docs/plugins.md
index b9d59ad..bd99bb3 100644
--- a/docs/plugins.md
+++ b/docs/plugins.md
@@ -10,6 +10,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
| **ClamAV** | 0.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **CrowdSec** | 0.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
+| **Discord** | 0.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **VirusTotal** | 0.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
## How to use a plugin
@@ -242,16 +243,22 @@ function _M:log()
return true, "success"
end
+function _M:log_default()
+ logger.log(ngx.NOTICE, "MYPLUGIN", "log_default called")
+ return true, "success"
+end
+
return _M
```
-The 3 functions `init`, `access`, and `log` are automatically called during specific contexts. Here are the details of each function :
+The declared functions are automatically called during specific contexts. Here are the details of each function :
| Function | Context | Description | Return value |
| :------: | :--------------------------------------------------------------------------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `init` | [init_by_lua](https://github.com/openresty/lua-nginx-module#init_by_lua) | Called when NGINX just started or received a reload order. the typical use case is to prepare any data that will be used by your plugin. | `ret`, `err`- `ret` (boolean) : true if no error else false
- `err` (string) : success or error message
|
| `access` | [access_by_lua](https://github.com/openresty/lua-nginx-module#access_by_lua) | Called on each request received by the server. The typical use case is to do the security checks here and deny the request if needed. | `ret`, `err`, `return`, `status`- `ret` (boolean) : true if no error else false
- `err` (string) : success or error message
- `return` (boolean) : true if you want to stop the access phase and send a status to the client
- `status` (number) : the return value to set if `return` is set to true
|
| `log` | [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua) | Called when a request has finished (and before it gets logged to the access logs). The typical use case is to make stats or compute counters for example. | `ret`, `err`- `ret` (boolean) : true if no error else false
- `err` (string) : success or error message
|
+| `log_default` | [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua) | Same as `log` but only called on the default server. | `ret`, `err`- `ret` (boolean) : true if no error else false
- `err` (string) : success or error message
|
#### Libraries
diff --git a/examples/certbot-dns-cloudflare/README.md b/examples/certbot-dns-cloudflare/README.md
new file mode 100644
index 0000000..470e58c
--- /dev/null
+++ b/examples/certbot-dns-cloudflare/README.md
@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-cloudflare documentation](https://certbot-dns-cloudflare.readthedocs.io/en/stable/) first.
+
+Procedure :
+- Edit domains in the compose file
+- Edit CloudFlare credentials in cloudflare.ini file (generate using https://dash.cloudflare.com/?to=/:account/profile/api-tokens)
+- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
+- When certificates are generated, run your services : `docker-compose up -d`
diff --git a/examples/certbot-dns-cloudflare/cloudflare.ini b/examples/certbot-dns-cloudflare/cloudflare.ini
new file mode 100644
index 0000000..0fc4b1d
--- /dev/null
+++ b/examples/certbot-dns-cloudflare/cloudflare.ini
@@ -0,0 +1,5 @@
+# Cloudflare API token used by Certbot (recommended)
+dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef012345671
+# Cloudflare API credentials used by Certbot (not recommended)
+#dns_cloudflare_email = cloudflare@example.com
+#dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef012341
diff --git a/examples/certbot-dns-cloudflare/docker-compose.yml b/examples/certbot-dns-cloudflare/docker-compose.yml
new file mode 100644
index 0000000..bb20aed
--- /dev/null
+++ b/examples/certbot-dns-cloudflare/docker-compose.yml
@@ -0,0 +1,74 @@
+version: '3'
+
+services:
+
+ mybunker:
+ image: bunkerity/bunkerweb:1.4.1
+ ports:
+ - 80:8080
+ - 443:8443
+ # ⚠️ read this if you use local folders for volumes ⚠️
+ # bunkerweb runs as an unprivileged user with UID/GID 101
+ # don't forget to edit the permissions of the files and folders accordingly
+ # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
+ # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
+ # more info at https://docs.bunkerweb.io
+ volumes:
+ - bw_data:/data
+ - certs:/certs
+ environment:
+ - MULTISITE=yes
+ - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
+ - SERVE_FILES=no
+ - DISABLE_DEFAULT_SERVER=yes
+ - USE_CLIENT_CACHE=yes
+ - USE_GZIP=yes
+ - USE_REVERSE_PROXY=yes
+ - USE_CUSTOM_HTTPS=yes
+ - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
+ - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
+ - app1.example.com_REVERSE_PROXY_URL=/
+ - app1.example.com_REVERSE_PROXY_HOST=http://app1
+ - app2.example.com_REVERSE_PROXY_URL=/
+ - app2.example.com_REVERSE_PROXY_HOST=http://app2
+ - app3.example.com_REVERSE_PROXY_URL=/
+ - app3.example.com_REVERSE_PROXY_HOST=http://app3
+ networks:
+ - net_app1
+ - net_app2
+ - net_app3
+
+ mycertbot:
+ image: certbot/dns-cloudflare
+ environment:
+ - DOMAINS=*.example.com,example.com
+ - EMAIL=contact@example.com
+ volumes:
+ - certs:/etc/letsencrypt
+ - ./cloudflare.ini:/opt/cloudflare.ini
+ - ./entrypoint.sh:/opt/entrypoint.sh
+ entrypoint: /bin/sh /opt/entrypoint.sh
+
+ app1:
+ image: tutum/hello-world
+ networks:
+ - net_app1
+
+ app2:
+ image: tutum/hello-world
+ networks:
+ - net_app2
+
+ app3:
+ image: tutum/hello-world
+ networks:
+ - net_app3
+
+volumes:
+ bw_data:
+ certs:
+
+networks:
+ net_app1:
+ net_app2:
+ net_app3:
diff --git a/examples/certbot-dns-cloudflare/entrypoint.sh b/examples/certbot-dns-cloudflare/entrypoint.sh
new file mode 100644
index 0000000..7b57e76
--- /dev/null
+++ b/examples/certbot-dns-cloudflare/entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+echo "Certbot started, domains = $DOMAINS"
+
+first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
+if [ "$EMAIL" = "" ] ; then
+ EMAIL="contact@${first_domain}"
+fi
+
+if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
+ echo "Renewing certificates ..."
+ certbot renew
+else
+ echo "Asking for certificates ..."
+ certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /opt/cloudflare.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
+fi
+
+echo "Fixing permissions ..."
+chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
+
+echo "Certbot ended, sleeping for 24 hours"
+
+sleep 86400
diff --git a/examples/certbot-dns-digitalocean/README.md b/examples/certbot-dns-digitalocean/README.md
new file mode 100644
index 0000000..cb6723b
--- /dev/null
+++ b/examples/certbot-dns-digitalocean/README.md
@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-digitalocean documentation](https://certbot-dns-digitalocean.readthedocs.io/en/stable/) first.
+
+Procedure :
+- Edit domains in the compose file
+- Edit DigitalOcean credentials in digitalocean.ini file (generate using https://cloud.digitalocean.com/settings/api/tokens)
+- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
+- When certificates are generated, run your services : `docker-compose up -d`
diff --git a/examples/certbot-dns-digitalocean/digitalocean.ini b/examples/certbot-dns-digitalocean/digitalocean.ini
new file mode 100644
index 0000000..fb8e027
--- /dev/null
+++ b/examples/certbot-dns-digitalocean/digitalocean.ini
@@ -0,0 +1,2 @@
+# DigitalOcean API credentials used by Certbot
+dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff
diff --git a/examples/certbot-dns-digitalocean/docker-compose.yml b/examples/certbot-dns-digitalocean/docker-compose.yml
new file mode 100644
index 0000000..a1791f0
--- /dev/null
+++ b/examples/certbot-dns-digitalocean/docker-compose.yml
@@ -0,0 +1,74 @@
+version: '3'
+
+services:
+
+ mybunker:
+ image: bunkerity/bunkerweb:1.4.1
+ ports:
+ - 80:8080
+ - 443:8443
+ # ⚠️ read this if you use local folders for volumes ⚠️
+ # bunkerweb runs as an unprivileged user with UID/GID 101
+ # don't forget to edit the permissions of the files and folders accordingly
+ # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
+ # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
+ # more info at https://docs.bunkerweb.io
+ volumes:
+ - bw_data:/data
+ - certs:/certs
+ environment:
+ - MULTISITE=yes
+ - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
+ - SERVE_FILES=no
+ - DISABLE_DEFAULT_SERVER=yes
+ - USE_CLIENT_CACHE=yes
+ - USE_GZIP=yes
+ - USE_REVERSE_PROXY=yes
+ - USE_CUSTOM_HTTPS=yes
+ - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
+ - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
+ - app1.example.com_REVERSE_PROXY_URL=/
+ - app1.example.com_REVERSE_PROXY_HOST=http://app1
+ - app2.example.com_REVERSE_PROXY_URL=/
+ - app2.example.com_REVERSE_PROXY_HOST=http://app2
+ - app3.example.com_REVERSE_PROXY_URL=/
+ - app3.example.com_REVERSE_PROXY_HOST=http://app3
+ networks:
+ - net_app1
+ - net_app2
+ - net_app3
+
+ mycertbot:
+ image: certbot/dns-digitalocean
+ environment:
+ - DOMAINS=*.example.com,example.com
+ - EMAIL=contact@example.com
+ volumes:
+ - certs:/etc/letsencrypt
+ - ./digitalocean.ini:/opt/digitalocean.ini
+ - ./entrypoint.sh:/opt/entrypoint.sh
+ entrypoint: /bin/sh /opt/entrypoint.sh
+
+ app1:
+ image: tutum/hello-world
+ networks:
+ - net_app1
+
+ app2:
+ image: tutum/hello-world
+ networks:
+ - net_app2
+
+ app3:
+ image: tutum/hello-world
+ networks:
+ - net_app3
+
+volumes:
+ bw_data:
+ certs:
+
+networks:
+ net_app1:
+ net_app2:
+ net_app3:
diff --git a/examples/certbot-dns-digitalocean/entrypoint.sh b/examples/certbot-dns-digitalocean/entrypoint.sh
new file mode 100644
index 0000000..52f7abd
--- /dev/null
+++ b/examples/certbot-dns-digitalocean/entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+echo "Certbot started, domains = $DOMAINS"
+
+first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
+if [ "$EMAIL" = "" ] ; then
+ EMAIL="contact@${first_domain}"
+fi
+
+if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
+ echo "Renewing certificates ..."
+ certbot renew
+else
+ echo "Asking for certificates ..."
+ certbot certonly -n --dns-digitalocean --dns-digitalocean-credentials /opt/digitalocean.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
+fi
+
+echo "Fixing permissions ..."
+chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
+
+echo "Certbot ended, sleeping for 24 hours"
+
+sleep 86400
diff --git a/examples/certbot-dns-google/README.md b/examples/certbot-dns-google/README.md
new file mode 100644
index 0000000..7a5ef11
--- /dev/null
+++ b/examples/certbot-dns-google/README.md
@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-google documentation](https://certbot-dns-google.readthedocs.io/en/stable/) first.
+
+Procedure :
+- Edit domains in the compose file
+- Edit Google credentials in google.json file (generate using https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount)
+- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
+- When certificates are generated, run your services : `docker-compose up -d`
diff --git a/examples/certbot-dns-google/docker-compose.yml b/examples/certbot-dns-google/docker-compose.yml
new file mode 100644
index 0000000..9f1ff97
--- /dev/null
+++ b/examples/certbot-dns-google/docker-compose.yml
@@ -0,0 +1,74 @@
+version: '3'
+
+services:
+
+ mybunker:
+ image: bunkerity/bunkerweb:1.4.1
+ ports:
+ - 80:8080
+ - 443:8443
+ # ⚠️ read this if you use local folders for volumes ⚠️
+ # bunkerweb runs as an unprivileged user with UID/GID 101
+ # don't forget to edit the permissions of the files and folders accordingly
+ # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
+ # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
+ # more info at https://docs.bunkerweb.io
+ volumes:
+ - bw_data:/data
+ - certs:/certs
+ environment:
+ - MULTISITE=yes
+ - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
+ - SERVE_FILES=no
+ - DISABLE_DEFAULT_SERVER=yes
+ - USE_CLIENT_CACHE=yes
+ - USE_GZIP=yes
+ - USE_REVERSE_PROXY=yes
+ - USE_CUSTOM_HTTPS=yes
+ - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
+ - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
+ - app1.example.com_REVERSE_PROXY_URL=/
+ - app1.example.com_REVERSE_PROXY_HOST=http://app1
+ - app2.example.com_REVERSE_PROXY_URL=/
+ - app2.example.com_REVERSE_PROXY_HOST=http://app2
+ - app3.example.com_REVERSE_PROXY_URL=/
+ - app3.example.com_REVERSE_PROXY_HOST=http://app3
+ networks:
+ - net_app1
+ - net_app2
+ - net_app3
+
+ mycertbot:
+ image: certbot/dns-google
+ environment:
+ - DOMAINS=*.example.com,example.com
+ - EMAIL=contact@example.com
+ volumes:
+ - certs:/etc/letsencrypt
+ - ./google.json:/opt/google.json
+ - ./entrypoint.sh:/opt/entrypoint.sh
+ entrypoint: /bin/sh /opt/entrypoint.sh
+
+ app1:
+ image: tutum/hello-world
+ networks:
+ - net_app1
+
+ app2:
+ image: tutum/hello-world
+ networks:
+ - net_app2
+
+ app3:
+ image: tutum/hello-world
+ networks:
+ - net_app3
+
+volumes:
+ bw_data:
+ certs:
+
+networks:
+ net_app1:
+ net_app2:
+ net_app3:
diff --git a/examples/certbot-dns-google/entrypoint.sh b/examples/certbot-dns-google/entrypoint.sh
new file mode 100644
index 0000000..5efac7d
--- /dev/null
+++ b/examples/certbot-dns-google/entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+echo "Certbot started, domains = $DOMAINS"
+
+first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
+if [ "$EMAIL" = "" ] ; then
+ EMAIL="contact@${first_domain}"
+fi
+
+if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
+ echo "Renewing certificates ..."
+ certbot renew
+else
+ echo "Asking for certificates ..."
+ certbot certonly -n --dns-google --dns-google-credentials /opt/google.json --email "$EMAIL" --agree-tos -d "$DOMAINS"
+fi
+
+echo "Fixing permissions ..."
+chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
+
+echo "Certbot ended, sleeping for 24 hours"
+
+sleep 86400
diff --git a/examples/certbot-dns-google/google.json b/examples/certbot-dns-google/google.json
new file mode 100644
index 0000000..1cf0be4
--- /dev/null
+++ b/examples/certbot-dns-google/google.json
@@ -0,0 +1,12 @@
+{
+ "type": "service_account",
+ "project_id": "...",
+ "private_key_id": "...",
+ "private_key": "...",
+ "client_email": "...",
+ "client_id": "...",
+ "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+ "token_uri": "https://accounts.google.com/o/oauth2/token",
+ "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+ "client_x509_cert_url": "..."
+}
diff --git a/examples/certbot-dns-ovh/README.md b/examples/certbot-dns-ovh/README.md
new file mode 100644
index 0000000..8b68515
--- /dev/null
+++ b/examples/certbot-dns-ovh/README.md
@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-ovh documentation](https://certbot-dns-ovh.readthedocs.io/en/stable/) first.
+
+Procedure :
+- Edit domains in the compose file
+- Edit OVH credentials in ovh.ini file (generate using https://eu.api.ovh.com/createToken/)
+- Run certbot only and wait for certificate to be generated : `docker-compose up -d mycertbot`
+- When certificates are generated, run your services : `docker-compose up -d`
diff --git a/examples/certbot-dns-ovh/docker-compose.yml b/examples/certbot-dns-ovh/docker-compose.yml
new file mode 100644
index 0000000..5980a76
--- /dev/null
+++ b/examples/certbot-dns-ovh/docker-compose.yml
@@ -0,0 +1,74 @@
+version: '3'
+
+services:
+
+ mybunker:
+ image: bunkerity/bunkerweb:1.4.1
+ ports:
+ - 80:8080
+ - 443:8443
+ # ⚠️ read this if you use local folders for volumes ⚠️
+ # bunkerweb runs as an unprivileged user with UID/GID 101
+ # don't forget to edit the permissions of the files and folders accordingly
+ # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
+ # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
+ # more info at https://docs.bunkerweb.io
+ volumes:
+ - bw_data:/data
+ - certs:/certs
+ environment:
+ - MULTISITE=yes
+ - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
+ - SERVE_FILES=no
+ - DISABLE_DEFAULT_SERVER=yes
+ - USE_CLIENT_CACHE=yes
+ - USE_GZIP=yes
+ - USE_REVERSE_PROXY=yes
+ - USE_CUSTOM_HTTPS=yes
+ - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
+ - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
+ - app1.example.com_REVERSE_PROXY_URL=/
+ - app1.example.com_REVERSE_PROXY_HOST=http://app1
+ - app2.example.com_REVERSE_PROXY_URL=/
+ - app2.example.com_REVERSE_PROXY_HOST=http://app2
+ - app3.example.com_REVERSE_PROXY_URL=/
+ - app3.example.com_REVERSE_PROXY_HOST=http://app3
+ networks:
+ - net_app1
+ - net_app2
+ - net_app3
+
+ mycertbot:
+ image: certbot/dns-ovh
+ environment:
+ - DOMAINS=*.example.com,example.com
+ - EMAIL=contact@example.com
+ volumes:
+ - certs:/etc/letsencrypt
+ - ./ovh.ini:/opt/ovh.ini
+ - ./entrypoint.sh:/opt/entrypoint.sh
+ entrypoint: /bin/sh /opt/entrypoint.sh
+
+ app1:
+ image: tutum/hello-world
+ networks:
+ - net_app1
+
+ app2:
+ image: tutum/hello-world
+ networks:
+ - net_app2
+
+ app3:
+ image: tutum/hello-world
+ networks:
+ - net_app3
+
+volumes:
+ bw_data:
+ certs:
+
+networks:
+ net_app1:
+ net_app2:
+ net_app3:
diff --git a/examples/certbot-dns-ovh/entrypoint.sh b/examples/certbot-dns-ovh/entrypoint.sh
new file mode 100644
index 0000000..0283814
--- /dev/null
+++ b/examples/certbot-dns-ovh/entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+echo "Certbot started, domains = $DOMAINS"
+
+first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
+if [ "$EMAIL" = "" ] ; then
+ EMAIL="contact@${first_domain}"
+fi
+
+if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
+ echo "Renewing certificates ..."
+ certbot renew
+else
+ echo "Asking for certificates ..."
+ certbot certonly -n --dns-ovh --dns-ovh-credentials /opt/ovh.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
+fi
+
+echo "Fixing permissions ..."
+chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
+
+echo "Certbot ended, sleeping for 24 hours"
+
+sleep 86400
\ No newline at end of file
diff --git a/examples/certbot-dns-ovh/ovh.ini b/examples/certbot-dns-ovh/ovh.ini
new file mode 100644
index 0000000..4b280e3
--- /dev/null
+++ b/examples/certbot-dns-ovh/ovh.ini
@@ -0,0 +1,5 @@
+# OVH API credentials used by Certbot
+dns_ovh_endpoint = ovh-eu
+dns_ovh_application_key = MDAwMDAwMDAwMDAw
+dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
+dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
diff --git a/examples/certbot-dns-route53/README.md b/examples/certbot-dns-route53/README.md
new file mode 100644
index 0000000..48e4661
--- /dev/null
+++ b/examples/certbot-dns-route53/README.md
@@ -0,0 +1,7 @@
+Please have a look at the [certbot-dns-route53 documentation](https://certbot-dns-route53.readthedocs.io/en/stable/) first.
+
+Procedure :
+- Edit domains in the compose file
+- Edit AWS credentials in aws.ini file (generate using https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-overview.html)
+- Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
+- When certificates are generated, run your services : `docker-compose up -d`
diff --git a/examples/certbot-dns-route53/aws.ini b/examples/certbot-dns-route53/aws.ini
new file mode 100644
index 0000000..b3987ba
--- /dev/null
+++ b/examples/certbot-dns-route53/aws.ini
@@ -0,0 +1,3 @@
+[default]
+aws_access_key_id=AKIAIOSFODNN7EXAMPLE
+aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
diff --git a/examples/certbot-dns-route53/docker-compose.yml b/examples/certbot-dns-route53/docker-compose.yml
new file mode 100644
index 0000000..2a9d48c
--- /dev/null
+++ b/examples/certbot-dns-route53/docker-compose.yml
@@ -0,0 +1,74 @@
+version: '3'
+
+services:
+
+ mybunker:
+ image: bunkerity/bunkerweb:1.4.1
+ ports:
+ - 80:8080
+ - 443:8443
+ # ⚠️ read this if you use local folders for volumes ⚠️
+ # bunkerweb runs as an unprivileged user with UID/GID 101
+ # don't forget to edit the permissions of the files and folders accordingly
+ # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
+ # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
+ # more info at https://docs.bunkerweb.io
+ volumes:
+ - bw_data:/data
+ - certs:/certs
+ environment:
+ - MULTISITE=yes
+ - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
+ - SERVE_FILES=no
+ - DISABLE_DEFAULT_SERVER=yes
+ - USE_CLIENT_CACHE=yes
+ - USE_GZIP=yes
+ - USE_REVERSE_PROXY=yes
+ - USE_CUSTOM_HTTPS=yes
+ - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
+ - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
+ - app1.example.com_REVERSE_PROXY_URL=/
+ - app1.example.com_REVERSE_PROXY_HOST=http://app1
+ - app2.example.com_REVERSE_PROXY_URL=/
+ - app2.example.com_REVERSE_PROXY_HOST=http://app2
+ - app3.example.com_REVERSE_PROXY_URL=/
+ - app3.example.com_REVERSE_PROXY_HOST=http://app3
+ networks:
+ - net_app1
+ - net_app2
+ - net_app3
+
+ mycertbot:
+ image: certbot/dns-google
+ environment:
+ - DOMAINS=*.example.com,example.com
+ - EMAIL=contact@example.com
+ volumes:
+ - certs:/etc/letsencrypt
+ - ./aws.ini:/opt/aws.ini
+ - ./entrypoint.sh:/opt/entrypoint.sh
+ entrypoint: /bin/sh /opt/entrypoint.sh
+
+ app1:
+ image: tutum/hello-world
+ networks:
+ - net_app1
+
+ app2:
+ image: tutum/hello-world
+ networks:
+ - net_app2
+
+ app3:
+ image: tutum/hello-world
+ networks:
+ - net_app3
+
+volumes:
+ bw_data:
+ certs:
+
+networks:
+ net_app1:
+ net_app2:
+ net_app3:
diff --git a/examples/certbot-dns-route53/entrypoint.sh b/examples/certbot-dns-route53/entrypoint.sh
new file mode 100644
index 0000000..6036ef9
--- /dev/null
+++ b/examples/certbot-dns-route53/entrypoint.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+echo "Certbot started, domains = $DOMAINS"
+
+first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
+if [ "$EMAIL" = "" ] ; then
+ EMAIL="contact@${first_domain}"
+fi
+
+if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
+ echo "Renewing certificates ..."
+ certbot renew
+else
+ echo "Asking for certificates ..."
+ export AWS_CONFIG_FILE=/opt/aws.ini
+ certbot certonly -n --dns-route53 --email "$EMAIL" --agree-tos -d "$DOMAINS"
+fi
+
+echo "Fixing permissions ..."
+chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
+
+echo "Certbot ended, sleeping for 24 hours"
+
+sleep 86400
diff --git a/helpers/entrypoint.sh b/helpers/entrypoint.sh
index e6705e1..6dd13d7 100644
--- a/helpers/entrypoint.sh
+++ b/helpers/entrypoint.sh
@@ -77,6 +77,9 @@ fi
# generate final configuration
export TEMP_NGINX="no"
log "ENTRYPOINT" "ℹ️" "Generating configuration ..."
+if [ "$SWARM_MODE" = "yes" ] || [ "$KUBERNETES_MODE" = "yes" ] || [ "$AUTOCONF_MODE" = "yes" ] ; then
+ export SERVER_NAME=
+fi
env | grep -E -v "^(HOSTNAME|PWD|PKG_RELEASE|NJS_VERSION|SHLVL|PATH|_|NGINX_VERSION|HOME)=" > "/tmp/variables.env"
/opt/bunkerweb/gen/main.py --settings /opt/bunkerweb/settings.json --templates /opt/bunkerweb/confs --output /etc/nginx --variables /tmp/variables.env
if [ "$?" -ne 0 ] ; then
diff --git a/linux/Dockerfile-fedora b/linux/Dockerfile-fedora
index 163cf59..f74300a 100644
--- a/linux/Dockerfile-fedora
+++ b/linux/Dockerfile-fedora
@@ -10,7 +10,7 @@ RUN dnf install -y ruby ruby-devel make gcc redhat-rpm-config rpm-build && \
# Nginx
RUN dnf update -y && \
dnf install -y curl gnupg2 ca-certificates redhat-lsb-core && \
- dnf install nginx -y
+ dnf install nginx-1.20.2 -y
# Copy dependencies sources folder
COPY deps /tmp/bunkerweb/deps
diff --git a/linux/fpm-centos b/linux/fpm-centos
index 3b0fbca..026ad7e 100644
--- a/linux/fpm-centos
+++ b/linux/fpm-centos
@@ -3,7 +3,7 @@
--license agpl3
--version %VERSION%
--architecture x86_64
---depends bash --depends epel-release --depends python39 --depends 'nginx >= 1.20.2' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends GeoIP-devel --depends file-libs --depends net-tools --depends gd
+--depends bash --depends epel-release --depends python39 --depends 'nginx = 1:1.20.2-1.el8.ngx' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends GeoIP-devel --depends file-libs --depends net-tools --depends gd
--description "BunkerWeb %VERSION% for CentOS Stream 8"
--url "https://www.bunkerweb.io"
--maintainer "Bunkerity "
diff --git a/linux/fpm-debian b/linux/fpm-debian
index 651a919..222a9e2 100644
--- a/linux/fpm-debian
+++ b/linux/fpm-debian
@@ -3,7 +3,7 @@
--license agpl3
--version %VERSION%
--architecture amd64
---depends bash --depends python3 --depends python3-pip --depends 'nginx (>= 1.20.2)' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools
+--depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.20.2-1~bullseye' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools
--description "BunkerWeb %VERSION% for Debian 11"
--url "https://www.bunkerweb.io"
--maintainer "Bunkerity "
diff --git a/linux/fpm-fedora b/linux/fpm-fedora
index 4bc297e..976950c 100644
--- a/linux/fpm-fedora
+++ b/linux/fpm-fedora
@@ -3,7 +3,7 @@
--license agpl3
--version %VERSION%
--architecture x86_64
---depends bash --depends python3 --depends 'nginx >= 1.20.2' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends geoip-devel --depends gd
+--depends bash --depends python3 --depends 'nginx = 1:1.20.2-2.fc36' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends geoip-devel --depends gd
--description "BunkerWeb %VERSION% for Fedora 36"
--url "https://www.bunkerweb.io"
--maintainer "Bunkerity "
diff --git a/linux/fpm-ubuntu b/linux/fpm-ubuntu
index 9d7121d..f3eb6c7 100644
--- a/linux/fpm-ubuntu
+++ b/linux/fpm-ubuntu
@@ -3,7 +3,7 @@
--license agpl3
--version %VERSION%
--architecture amd64
---depends bash --depends python3 --depends python3-pip --depends 'nginx (>= 1.20.2)' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools
+--depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.20.2-1~jammy' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools
--description "BunkerWeb %VERSION% for Ubuntu 22.04"
--url "https://www.bunkerweb.io"
--maintainer "Bunkerity "
diff --git a/tests/linux.sh b/tests/linux.sh
index 746243e..4bf9f59 100755
--- a/tests/linux.sh
+++ b/tests/linux.sh
@@ -11,7 +11,7 @@ function gen_package() {
else
type="deb"
fi
- do_and_check_cmd docker run --rm -v "/tmp/packages/${linux}:/data" "bw-${linux}-tests:latest"
+ do_and_check_cmd docker run --rm -v "/tmp/packages/${linux}:/data" "bw-${linux}-tests:latest" "$type"
name="bunkerweb_${version}-1_amd64"
if [ "$type" = "rpm" ] ; then
name="bunkerweb-${version}-1.x86_64"