From 3c721dc2a0ab84cddfc5b5c1c9afd97e2859aa2c Mon Sep 17 00:00:00 2001 From: bunkerity Date: Mon, 14 Jun 2021 20:54:36 +0200 Subject: [PATCH] add HEALTHCHECK to Dockerfile and append 10.0.0.0/8 to DNSBL whitelist --- Dockerfile | 2 ++ autoconf/AutoConf.py | 1 + lua/dnsbl.lua | 6 +++--- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 80d6cb4..484cc6c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,4 +35,6 @@ EXPOSE 8080/tcp 8443/tcp USER nginx:nginx +HEALTHCHECK --interval=30s --timeout=10s --start-period=120s --retries=3 CMD [ -f /tmp/nginx.pid ] || exit 1 + ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"] diff --git a/autoconf/AutoConf.py b/autoconf/AutoConf.py index 31efca2..42174e9 100644 --- a/autoconf/AutoConf.py +++ b/autoconf/AutoConf.py @@ -102,6 +102,7 @@ class AutoConf : del self.__instances[id] else : utils.log("[!] Initial config failed") + # TODO : wait while unhealthy if not swarm utils.log("[*] bunkerized-nginx instance created : " + name + " / " + id) elif event == "start" : diff --git a/lua/dnsbl.lua b/lua/dnsbl.lua index f9f78cb..67a9775 100644 --- a/lua/dnsbl.lua +++ b/lua/dnsbl.lua @@ -1,5 +1,5 @@ -local M = {} -local dns = require "dns" +local M = {} +local dns = require "dns" local logger = require "logger" local iputils = require "resty.iputils" @@ -12,7 +12,7 @@ function M.cached () end function M.check (dnsbls, resolvers) - local local_ips = iputils.parse_cidrs({"127.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"}) + local local_ips = iputils.parse_cidrs({"127.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "10.0.0.0/8"}) if iputils.ip_in_cidrs(ngx.var.remote_addr, local_ips) then ngx.shared.dnsbl_cache:set(ngx.var.remote_addr, "ok", 86400) return false