Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix /usr/local/lib/lua rights and multiple server_name support with autoconf

Browse Source
This commit is contained in:
bunkerity 2021-04-09 11:37:13 +02:00
parent b8105fc558
commit 31e72dce1c
3 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
entrypoint/multisite-config.sh
View File

@ -14,7 +14,8 @@ if [ "$MULTISITE" = "yes" ] ; then
fi fi
SERVER_PREFIX="/etc/nginx/${server}/" SERVER_PREFIX="/etc/nginx/${server}/"
if grep "/etc/letsencrypt/live" ${SERVER_PREFIX}https.conf > /dev/null && [ ! -f /etc/letsencrypt/live/${server}/fullchain.pem ] ; then if grep "/etc/letsencrypt/live" ${SERVER_PREFIX}https.conf > /dev/null && [ ! -f /etc/letsencrypt/live/${server}/fullchain.pem ] ; then
/opt/scripts/certbot-new.sh "$server" "$(cat ${SERVER_PREFIX}email-lets-encrypt.txt)" domains=$(cat ${SERVER_PREFIX}server.conf | sed -nE 's/^.*server_name (.*);$/\1/p' | sed "s/ /,/g")
/opt/scripts/certbot-new.sh "$domains" "$(cat ${SERVER_PREFIX}email-lets-encrypt.txt)"
fi fi
if grep "modsecurity.conf" ${SERVER_PREFIX}server.conf > /dev/null ; then if grep "modsecurity.conf" ${SERVER_PREFIX}server.conf > /dev/null ; then
modsec_custom="" modsec_custom=""

25
entrypoint/site-config.sh
View File

@ -9,16 +9,17 @@
# get nginx path and override multisite variables # get nginx path and override multisite variables
NGINX_PREFIX="/etc/nginx/" NGINX_PREFIX="/etc/nginx/"
if [ "$MULTISITE" = "yes" ] ; then if [ "$MULTISITE" = "yes" ] ; then
NGINX_PREFIX="${NGINX_PREFIX}${1}/" first_server="$1"
if [ ! -f "/usr/sbin/nginx" ] ; then
first_server=$(echo "$1" | cut -d ' ' -f 1)
fi
NGINX_PREFIX="${NGINX_PREFIX}${first_server}/"
if [ ! -d "$NGINX_PREFIX" ] ; then if [ ! -d "$NGINX_PREFIX" ] ; then
mkdir "$NGINX_PREFIX" mkdir "$NGINX_PREFIX"
fi fi
ROOT_FOLDER="${ROOT_FOLDER}/$1" ROOT_FOLDER="${ROOT_FOLDER}/$first_server"
fi for var in $(env | cut -d '=' -f 1 | grep -E "^${first_server}_") ; do
repl_name=$(echo "$var" | sed "s~${first_server}_~~")
if [ "$MULTISITE" = "yes" ] ; then
for var in $(env | cut -d '=' -f 1 | grep -E "^${1}_") ; do
repl_name=$(echo "$var" | sed "s~${1}_~~")
repl_value=$(env | grep -E "^${var}=" | sed "s~^${var}=~~") repl_value=$(env | grep -E "^${var}=" | sed "s~^${var}=~~")
read -r "$repl_name" <<< $repl_value read -r "$repl_name" <<< $repl_value
done done
@ -38,8 +39,8 @@ cp /opt/confs/site/* "$NGINX_PREFIX"
# replace paths # replace paths
replace_in_file "${NGINX_PREFIX}server.conf" "%MAIN_LUA%" "include ${NGINX_PREFIX}main-lua.conf;" replace_in_file "${NGINX_PREFIX}server.conf" "%MAIN_LUA%" "include ${NGINX_PREFIX}main-lua.conf;"
if [ "$MULTISITE" = "yes" ] ; then if [ "$MULTISITE" = "yes" ] ; then
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_CONF%" "include /server-confs/*.conf;\ninclude /server-confs/${1}/*.conf;" replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_CONF%" "include /server-confs/*.conf;\ninclude /server-confs/${first_server}/*.conf;"
replace_in_file "${NGINX_PREFIX}server.conf" "%PRE_SERVER_CONF%" "include /pre-server-confs/*.conf;\ninclude /pre-server-confs/${1}/*.conf;" replace_in_file "${NGINX_PREFIX}server.conf" "%PRE_SERVER_CONF%" "include /pre-server-confs/*.conf;\ninclude /pre-server-confs/${first_server}/*.conf;"
else else
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_CONF%" "include /server-confs/*.conf;" replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_CONF%" "include /server-confs/*.conf;"
replace_in_file "${NGINX_PREFIX}server.conf" "%PRE_SERVER_CONF%" "include /pre-server-confs/*.conf;" replace_in_file "${NGINX_PREFIX}server.conf" "%PRE_SERVER_CONF%" "include /pre-server-confs/*.conf;"
@ -351,8 +352,10 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GE
if [ "$MULTISITE" = "no" ] ; then if [ "$MULTISITE" = "no" ] ; then
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1) FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
else else
FIRST_SERVER_NAME="$1" FIRST_SERVER_NAME="$first_server"
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$1}" if [ "$EMAIL_LETS_ENCRYPT" == "" ] ; then
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$first_server}"
fi
echo -n "$EMAIL_LETS_ENCRYPT" > ${NGINX_PREFIX}email-lets-encrypt.txt echo -n "$EMAIL_LETS_ENCRYPT" > ${NGINX_PREFIX}email-lets-encrypt.txt
fi fi
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_CERT%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem" replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_CERT%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem"

3
prepare.sh
View File

@ -70,7 +70,8 @@ chmod -R 770 /var/run/fail2ban /var/lib/fail2ban
# prepare /usr/local/lib/lua # prepare /usr/local/lib/lua
chown root:nginx /usr/local/lib/lua chown root:nginx /usr/local/lib/lua
chmod 770 /usr/local/lib/lua chmod 770 /usr/local/lib/lua
find /usr/local/lib/lua -type f -exec chmod 0760 {} \; find /usr/local/lib/lua -type f -name "*.conf" -exec chmod 0760 {} \;
find /usr/local/lib/lua -type f -name "*.lua" -exec chmod 0760 {} \;
find /usr/local/lib/lua -type d -exec chmod 0770 {} \; find /usr/local/lib/lua -type d -exec chmod 0770 {} \;
# prepare /cache # prepare /cache