Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

disable default server

Browse Source
This commit is contained in:
bunkerity 2020-03-31 09:46:23 +02:00
parent 69ac95b29e
commit 43403f69ee
5 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -197,11 +197,10 @@ Default value : system, exec, shell_exec, passthru, phpinfo, show_source, highli
List of PHP functions blacklisted. They can't be used anywhere in PHP code. List of PHP functions blacklisted. They can't be used anywhere in PHP code.
## TODO ## TODO
- Block country alternative as maxmind db
- Test with default wordpress install - Test with default wordpress install
- Test with custom confs reverse proxy - Test with custom confs reverse proxy
- Edit CONTENT_SECURITY_POLICY default value ?
- Custom TLS certificates
- Documentation - Documentation
- Certificate Transparency - Fail2Ban
- Custom TLS certificates
- HSTS preload - HSTS preload
- Web UI

3
confs/disable-default-server.conf
View File

@ -1,4 +1,3 @@
server { if ($host !~ ^(%SERVER_NAME%)$) {
listen 0.0.0.0:80 default_server;
return 444; return 444;
} }

9
confs/nginx.conf
View File

@ -67,15 +67,12 @@ http {
# server config # server config
include /etc/nginx/server.conf; include /etc/nginx/server.conf;
# disable default server # list of blocked country
%DISABLE_DEFAULT_SERVER%
# check if country is blocked
%BLOCK_COUNTRY% %BLOCK_COUNTRY%
# check if user agent is blocked # list of blocker user agents
%BLOCK_USER_AGENT% %BLOCK_USER_AGENT%
# enable ModSecurity # enable/disable ModSecurity
%USE_MODSECURITY% %USE_MODSECURITY%
} }

1
confs/server.conf
View File

@ -3,6 +3,7 @@ server {
%AUTO_LETS_ENCRYPT% %AUTO_LETS_ENCRYPT%
%REDIRECT_HTTP_TO_HTTPS% %REDIRECT_HTTP_TO_HTTPS%
server_name %SERVER_NAME%; server_name %SERVER_NAME%;
%DISABLE_DEFAULT_SERVER%
%SERVE_FILES% %SERVE_FILES%
if ($request_method !~ ^(%ALLOWED_METHODS%)$) if ($request_method !~ ^(%ALLOWED_METHODS%)$)
{ {

6
entrypoint.sh
View File

@ -149,9 +149,11 @@ else
replace_in_file "/etc/nginx/server.conf" "%FEATURE_POLICY%" "" replace_in_file "/etc/nginx/server.conf" "%FEATURE_POLICY%" ""
fi fi
if [ "$DISABLE_DEFAULT_SERVER" = "yes" ] ; then if [ "$DISABLE_DEFAULT_SERVER" = "yes" ] ; then
replace_in_file "/etc/nginx/nginx.conf" "%DISABLE_DEFAULT_SERVER%" "include /etc/nginx/disable-default-server.conf;" replace_in_file "/etc/nginx/server.conf" "%DISABLE_DEFAULT_SERVER%" "include /etc/nginx/disable-default-server.conf;"
SERVER_NAME_PIPE=$(echo $SERVER_NAME | sed "s/ /|/g")
replace_in_file "/etc/nginx/disable-default-server.conf" "%SERVER_NAME%" "$SERVER_NAME_PIPE"
else else
replace_in_file "/etc/nginx/nginx.conf" "%DISABLE_DEFAULT_SERVER%" "" replace_in_file "/etc/nginx/server.conf" "%DISABLE_DEFAULT_SERVER%" ""
fi fi
replace_in_file "/etc/nginx/server.conf" "%SERVER_NAME%" "$SERVER_NAME" replace_in_file "/etc/nginx/server.conf" "%SERVER_NAME%" "$SERVER_NAME"
replace_in_file "/etc/nginx/server.conf" "%ALLOWED_METHODS%" "$ALLOWED_METHODS" replace_in_file "/etc/nginx/server.conf" "%ALLOWED_METHODS%" "$ALLOWED_METHODS"