Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

jobs - SelfSignedCert, runner and reloader

Browse Source
This commit is contained in:
bunkerity
2021-07-20 22:52:01 +02:00
parent 71741b2d34
commit 366e39f591
10 changed files with 194 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jobs/CertbotNew.py
View File

@@ -6,4 +6,4 @@ class CertbotRenew(Job) :
name = "certbot-new"
data = ["certbot", "certonly", "--webroot", "-w", "/opt/bunkerized-nginx/acme-challenge", "-n", "-d", domain, "--email", email, "--agree-tos"]
type = "exec"
super().__init__(name, data, filename, redis_host=redis_host, type=type, copy_cache=copy_cache)
super().__init__(name, data, filename=None, redis_host=redis_host, type=type, copy_cache=copy_cache)

2
jobs/CertbotRenew.py
View File

@@ -6,4 +6,4 @@ class CertbotRenew(Job) :
name = "certbot-renew"
data = ["certbot", "renew", "--deploy-hook", "/opt/bunkerized-nginx/jobs/reload.py"]
type = "exec"
super().__init__(name, data, filename, redis_host=redis_host, type=type, copy_cache=copy_cache)
super().__init__(name, data, filename=None, redis_host=redis_host, type=type, copy_cache=copy_cache)

2
jobs/ExitNodes.py
View File

@@ -2,7 +2,7 @@ from Job import Job
class ExitNodes(Job) :
def __init__(self, redis_host=None, copy_cache=copy_cache) :
def __init__(self, redis_host=None, copy_cache=False) :
name = "exit-nodes"
data = ["https://iplists.firehol.org/files/tor_exits.ipset"]
filename = "tor-exit-nodes.list"

2
jobs/Job.py
View File

@@ -2,7 +2,7 @@ import abc, requests, redis, os, datetime, traceback
class Job(abc.ABC) :
def __init__(self, name, data, filename, redis_host=None, type="line", regex=r"^.+$", copy_cache=False) :
def __init__(self, name, data, filename=None, redis_host=None, type="line", regex=r"^.+$", copy_cache=False) :
self.__name = name
self.__data = data
self.__filename = filename

9
jobs/SelfSignedCert.py Normal file
View File

@@ -0,0 +1,9 @@
from Job import Job
class SelfSignedCert(Job) :
def __init__(self, redis_host=None, copy_cache=False, dst_cert="/etc/nginx/default-cert.pem", dst_key="/etc/nginx/default-key.pem", expiry="999", subj="CN=www.example.com") :
name = "self-signed-cert"
data = ["openssl", "req", "-nodes", "-x509", "-newkey", "rsa:4096", "-keyout", dst_key, "-out", dst_cert, "-days", expiry, "-subj", subj]
type = "exec"
super().__init__(name, data, filename=None, redis_host=redis_host, type=type, copy_cache=copy_cache)

53
jobs/main.py Normal file
View File

@@ -0,0 +1,53 @@
import argparse, sys
sys.path.append("/opt/bunkerized-nginx/jobs")
import Abusers, CertbotNew, CertbotRenew, ExitNodes, GeoIP, Proxies, Referrers, SelfSignedCert, UserAgents
JOBS = {
"abusers": Abusers.Abusers,
"certbot-new": CertbotNew.CertbotNew,
"certbot-renew": CertbotRenew.CertbotRenew,
"exit-nodes": ExitNodes.ExitNodes,
"geoip": GeoIP.GeoIP,
"proxies": Proxies.Proxies,
"referrers": Referrers.Referrers,
"self-signed-cert": SelfSignedCert.SelfSignedCert,
"user-agents": UserAgents.UserAgents
}
if __name__ == "__main__" :
# Parse arguments
parser = argparse.ArgumentParser(description="job runner for bunkerized-nginx")
parser.add_argument("--name", default="", type=str, help="job to run (e.g : abusers or certbot-new or certbot-renew ...)")
parser.add_argument("--redis", default=None, type=str, help="hostname of the redis server if any")
parser.add_argument("--cache", action="store_true", help="copy data from cache if available")
parser.add_argument("--domain", default="", type=str, help="domain(s) for certbot-new job (e.g. : www.example.com or app1.example.com,app2.example.com)")
parser.add_argument("--email", default="", type=str, help="email for certbot-new job (e.g. : contact@example.com)")
parser.add_argument("--dst_cert", default="", type=str, help="certificate path for self-signed-cert job (e.g. : /etc/nginx/default-cert.pem)")
parser.add_argument("--dst_key", default="", type=str, help="key path for self-signed-cert job (e.g. : /etc/nginx/default-key.pem)")
parser.add_argument("--expiry", default="", type=str, help="number of validity days for self-signed-cert job (e.g. : 365)")
parser.add_argument("--subj", default="", type=str, help="certificate subject for self-signed-cert job (e.g. : OU=X/CN=Y...)")
args = parser.parse_args()
# Check job name
if not args.name in JOBS :
print("[!] unknown job " + args.job)
sys.exit(1)
# Run job
ret = 0
if job == "certbot-new" :
instance = JOBS[job](redis_host=args.redis, copy_cache=args.cache, domain=args.domain, email=args.email)
elif job == "self-signed-cert" :
instance = JOBS[job](redis_host=args.redis, copy_cache=args.cache, dst_cert=args.dst_cert, dst_key=args.dst_key, expiry=args.expiry, subj=args.subj)
else :
instance = JOBS[job](redis_host=args.redis, copy_cache=args.cache)
if not instance.run() :
print("[!] error while running job " + job)
sys.exit(1)
print("[*] job " + job + " successfully executed")
sys.exit(0)
# TODO : reload

27
jobs/reload.py Normal file
View File

@@ -0,0 +1,27 @@
import docker, subprocess, os, stat, sys
if __name__ == "__main__" :
# Linux or single Docker use case
if os.path.isfile("/usr/sbin/nginx") :
proc = subprocess.run(["/usr/sbin/nginx", "-s", "reload"], capture_output=True)
if proc.returncode != 0 :
print("[!] can't reload nginx (status code = " + str(proc.returncode) + ")"
if len(proc.stdout.decode("ascii")) > 1 :
print(proc.stdout.decode("ascii"))
if len(proc.stderr.decode("ascii")) > 1 :
print(proc.stderr.decode("ascii"))
sys.exit(1)
# Autoconf case (Docker, Swarm and Ingress)
mode = os.stat("/tmp/autoconf.sock")
elif stat.S_ISSOCK(mode) :
client = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
client.connect("/tmp/autoconf.sock")
client.send("reload".encode("utf-8"))
data = client.recv(512)
client.close()
if not data or data.decode("utf-8") != "ok" :
sys.exit(2)
sys.exit(0)