various bug fixes on templates and nginx update to 1.20.1

Dockerfile

@@ -1,4 +1,4 @@
-FROM nginx:1.20.0-alpine
+FROM nginx:1.20.1-alpine
 
 COPY nginx-keys/ /tmp/nginx-keys
 COPY compile.sh /tmp/compile.sh
@@ -25,9 +25,6 @@ RUN chmod +x /tmp/prepare.sh && \
     /tmp/prepare.sh && \
     rm -f /tmp/prepare.sh
 
-# fix CVE-2021-20205
-RUN apk add "libjpeg-turbo>=2.1.0-r0"
-
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
 
 EXPOSE 8080/tcp 8443/tcp

Dockerfile-amd64

@@ -1,4 +1,4 @@
-FROM amd64/nginx:1.20.0-alpine
+FROM amd64/nginx:1.20.1-alpine
 
 COPY nginx-keys/ /tmp/nginx-keys
 COPY compile.sh /tmp/compile.sh
@@ -25,9 +25,6 @@ RUN chmod +x /tmp/prepare.sh && \
     /tmp/prepare.sh && \
     rm -f /tmp/prepare.sh
 
-# fix CVE-2021-20205
-RUN apk add "libjpeg-turbo>=2.1.0-r0"
-
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
 
 EXPOSE 8080/tcp 8443/tcp

Dockerfile-arm32v7

@@ -3,7 +3,7 @@ FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 
-FROM arm32v7/nginx:1.20.0-alpine
+FROM arm32v7/nginx:1.20.1-alpine
 
 COPY --from=builder qemu-arm-static /usr/bin
 
@@ -32,9 +32,6 @@ RUN chmod +x /tmp/prepare.sh && \
     /tmp/prepare.sh && \
     rm -f /tmp/prepare.sh
 
-# fix CVE-2021-20205
-RUN apk add "libjpeg-turbo>=2.1.0-r0"
-
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
 
 EXPOSE 8080/tcp 8443/tcp

Dockerfile-arm64v8

@@ -3,7 +3,7 @@ FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 
-FROM arm64v8/nginx:1.20.0-alpine
+FROM arm64v8/nginx:1.20.1-alpine
 
 COPY --from=builder qemu-aarch64-static /usr/bin
 
@@ -32,9 +32,6 @@ RUN chmod +x /tmp/prepare.sh && \
     /tmp/prepare.sh && \
     rm -f /tmp/prepare.sh
 
-# fix CVE-2021-20205
-RUN apk add "libjpeg-turbo>=2.1.0-r0"
-
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
 
 EXPOSE 8080/tcp 8443/tcp

Dockerfile-i386

@@ -1,4 +1,4 @@
-FROM i386/nginx:1.20.0-alpine
+FROM i386/nginx:1.20.1-alpine
 
 COPY nginx-keys/ /tmp/nginx-keys
 COPY compile.sh /tmp/compile.sh
@@ -25,9 +25,6 @@ RUN chmod +x /tmp/prepare.sh && \
     /tmp/prepare.sh && \
     rm -f /tmp/prepare.sh
 
-# fix CVE-2021-20205
-RUN apk add "libjpeg-turbo>=2.1.0-r0"
-
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge
 
 EXPOSE 8080/tcp 8443/tcp

autoconf/Dockerfile

@@ -1,4 +1,4 @@
-FROM nginx:1.20.0-alpine AS builder
+FROM nginx:1.20.1-alpine AS builder
 
 FROM alpine
 

autoconf/Dockerfile-amd64

@@ -1,44 +1,26 @@
-FROM nginx:stable-alpine AS builder
+FROM nginx:1.20.1-alpine AS builder
 
 FROM amd64/alpine
 
 COPY --from=builder /etc/nginx/ /opt/confs/nginx
 
-RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
+COPY autoconf/dependencies.sh /tmp
-    pip3 install docker requests && \
+RUN chmod +x /tmp/dependencies.sh && \
-    mkdir /opt/entrypoint && \
+    /tmp/dependencies.sh && \
-    mkdir -p /opt/confs/site && \
+    rm -f /tmp/dependencies.sh
-    mkdir -p /opt/confs/global && \
-    mkdir /opt/scripts && \
-    addgroup -g 101 nginx && \
-    adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
-    mkdir /etc/letsencrypt && \
-    chown root:nginx /etc/letsencrypt && \
-    chmod 770 /etc/letsencrypt && \
-    mkdir /var/log/letsencrypt && \
-    chown root:nginx /var/log/letsencrypt && \
-    chmod 770 /var/log/letsencrypt && \
-    mkdir /var/lib/letsencrypt && \
-    chown root:nginx /var/lib/letsencrypt && \
-    chmod 770 /var/lib/letsencrypt && \
-    mkdir /cache && \
-    chown root:nginx /cache && \
-    chmod 770 /cache && \
-    touch /var/log/jobs.log && \
-    chown root:nginx /var/log/jobs.log && \
-    chmod 770 /var/log/jobs.log && \
-    chown -R root:nginx /opt/confs/nginx && \
-    chmod -R 770 /opt/confs/nginx && \
-    mkdir /acme-challenge && \
-    chown root:nginx /acme-challenge && \
-    chmod 770 /acme-challenge
 
-COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
+COPY gen/ /opt/gen
-COPY scripts/* /opt/scripts/
+COPY entrypoint/ /opt/entrypoint
 COPY confs/global/ /opt/confs/global
 COPY confs/site/ /opt/confs/site
-COPY entrypoint/* /opt/entrypoint/
+COPY scripts/ /opt/scripts
+COPY settings.json /opt
+COPY misc/cron /etc/crontabs/nginx
 COPY autoconf/* /opt/entrypoint/
-RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
+
+COPY autoconf/prepare.sh /tmp
+RUN chmod +x /tmp/prepare.sh && \
+    /tmp/prepare.sh && \
+    rm -f /tmp/prepare.sh
 
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

autoconf/Dockerfile-arm32v7

@@ -3,48 +3,30 @@ FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 
-FROM nginx:stable-alpine AS builder2
+FROM nginx:1.20.1-alpine AS builder2
 
 FROM arm32v7/alpine
 
 COPY --from=builder qemu-arm-static /usr/bin
 COPY --from=builder2 /etc/nginx/ /opt/confs/nginx
 
-RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
+COPY autoconf/dependencies.sh /tmp
-    pip3 install docker requests && \
+RUN chmod +x /tmp/dependencies.sh && \
-    mkdir /opt/entrypoint && \
+    /tmp/dependencies.sh && \
-    mkdir -p /opt/confs/site && \
+    rm -f /tmp/dependencies.sh
-    mkdir -p /opt/confs/global && \
-    mkdir /opt/scripts && \
-    addgroup -g 101 nginx && \
-    adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
-    mkdir /etc/letsencrypt && \
-    chown root:nginx /etc/letsencrypt && \
-    chmod 770 /etc/letsencrypt && \
-    mkdir /var/log/letsencrypt && \
-    chown root:nginx /var/log/letsencrypt && \
-    chmod 770 /var/log/letsencrypt && \
-    mkdir /var/lib/letsencrypt && \
-    chown root:nginx /var/lib/letsencrypt && \
-    chmod 770 /var/lib/letsencrypt && \
-    mkdir /cache && \
-    chown root:nginx /cache && \
-    chmod 770 /cache && \
-    touch /var/log/jobs.log && \
-    chown root:nginx /var/log/jobs.log && \
-    chmod 770 /var/log/jobs.log && \
-    chown -R root:nginx /opt/confs/nginx && \
-    chmod -R 770 /opt/confs/nginx && \
-    mkdir /acme-challenge && \
-    chown root:nginx /acme-challenge && \
-    chmod 770 /acme-challenge
 
-COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
+COPY gen/ /opt/gen
-COPY scripts/* /opt/scripts/
+COPY entrypoint/ /opt/entrypoint
 COPY confs/global/ /opt/confs/global
 COPY confs/site/ /opt/confs/site
-COPY entrypoint/* /opt/entrypoint/
+COPY scripts/ /opt/scripts
+COPY settings.json /opt
+COPY misc/cron /etc/crontabs/nginx
 COPY autoconf/* /opt/entrypoint/
-RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
+
+COPY autoconf/prepare.sh /tmp
+RUN chmod +x /tmp/prepare.sh && \
+    /tmp/prepare.sh && \
+    rm -f /tmp/prepare.sh
 
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

autoconf/Dockerfile-arm64v8

@@ -3,48 +3,30 @@ FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 
-FROM nginx:stable-alpine AS builder2
+FROM nginx:1.20.1-alpine AS builder2
 
 FROM arm64v8/alpine
 
 COPY --from=builder qemu-aarch64-static /usr/bin
 COPY --from=builder2 /etc/nginx/ /opt/confs/nginx
 
-RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
+COPY autoconf/dependencies.sh /tmp
-    pip3 install docker requests && \
+RUN chmod +x /tmp/dependencies.sh && \
-    mkdir /opt/entrypoint && \
+    /tmp/dependencies.sh && \
-    mkdir -p /opt/confs/site && \
+    rm -f /tmp/dependencies.sh
-    mkdir -p /opt/confs/global && \
-    mkdir /opt/scripts && \
-    addgroup -g 101 nginx && \
-    adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
-    mkdir /etc/letsencrypt && \
-    chown root:nginx /etc/letsencrypt && \
-    chmod 770 /etc/letsencrypt && \
-    mkdir /var/log/letsencrypt && \
-    chown root:nginx /var/log/letsencrypt && \
-    chmod 770 /var/log/letsencrypt && \
-    mkdir /var/lib/letsencrypt && \
-    chown root:nginx /var/lib/letsencrypt && \
-    chmod 770 /var/lib/letsencrypt && \
-    mkdir /cache && \
-    chown root:nginx /cache && \
-    chmod 770 /cache && \
-    touch /var/log/jobs.log && \
-    chown root:nginx /var/log/jobs.log && \
-    chmod 770 /var/log/jobs.log && \
-    chown -R root:nginx /opt/confs/nginx && \
-    chmod -R 770 /opt/confs/nginx && \
-    mkdir /acme-challenge && \
-    chown root:nginx /acme-challenge && \
-    chmod 770 /acme-challenge
 
-COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
+COPY gen/ /opt/gen
-COPY scripts/* /opt/scripts/
+COPY entrypoint/ /opt/entrypoint
 COPY confs/global/ /opt/confs/global
 COPY confs/site/ /opt/confs/site
-COPY entrypoint/* /opt/entrypoint/
+COPY scripts/ /opt/scripts
+COPY settings.json /opt
+COPY misc/cron /etc/crontabs/nginx
 COPY autoconf/* /opt/entrypoint/
-RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
+
+COPY autoconf/prepare.sh /tmp
+RUN chmod +x /tmp/prepare.sh && \
+    /tmp/prepare.sh && \
+    rm -f /tmp/prepare.sh
 
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

autoconf/Dockerfile-i386

@@ -1,44 +1,26 @@
-FROM nginx:stable-alpine AS builder
+FROM nginx:1.20.1-alpine AS builder
 
 FROM i386/alpine
 
 COPY --from=builder /etc/nginx/ /opt/confs/nginx
 
-RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
+COPY autoconf/dependencies.sh /tmp
-    pip3 install docker requests && \
+RUN chmod +x /tmp/dependencies.sh && \
-    mkdir /opt/entrypoint && \
+    /tmp/dependencies.sh && \
-    mkdir -p /opt/confs/site && \
+    rm -f /tmp/dependencies.sh
-    mkdir -p /opt/confs/global && \
-    mkdir /opt/scripts && \
-    addgroup -g 101 nginx && \
-    adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
-    mkdir /etc/letsencrypt && \
-    chown root:nginx /etc/letsencrypt && \
-    chmod 770 /etc/letsencrypt && \
-    mkdir /var/log/letsencrypt && \
-    chown root:nginx /var/log/letsencrypt && \
-    chmod 770 /var/log/letsencrypt && \
-    mkdir /var/lib/letsencrypt && \
-    chown root:nginx /var/lib/letsencrypt && \
-    chmod 770 /var/lib/letsencrypt && \
-    mkdir /cache && \
-    chown root:nginx /cache && \
-    chmod 770 /cache && \
-    touch /var/log/jobs.log && \
-    chown root:nginx /var/log/jobs.log && \
-    chmod 770 /var/log/jobs.log && \
-    chown -R root:nginx /opt/confs/nginx && \
-    chmod -R 770 /opt/confs/nginx && \
-    mkdir /acme-challenge && \
-    chown root:nginx /acme-challenge && \
-    chmod 770 /acme-challenge
 
-COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
+COPY gen/ /opt/gen
-COPY scripts/* /opt/scripts/
+COPY entrypoint/ /opt/entrypoint
 COPY confs/global/ /opt/confs/global
 COPY confs/site/ /opt/confs/site
-COPY entrypoint/* /opt/entrypoint/
+COPY scripts/ /opt/scripts
+COPY settings.json /opt
+COPY misc/cron /etc/crontabs/nginx
 COPY autoconf/* /opt/entrypoint/
-RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
+
+COPY autoconf/prepare.sh /tmp
+RUN chmod +x /tmp/prepare.sh && \
+    /tmp/prepare.sh && \
+    rm -f /tmp/prepare.sh
 
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

confs/global/api-temp.conf

@@ -1,15 +1,14 @@
-# todo : if api_uri == "random"
+location ~ ^%API_URI%/ping {
-location ~ ^{{ API_URI }}/ping {
 	return 444;
 }
 
-location ~ {{ API_URI }} {
+location ~ %API_URI% {
 
 rewrite_by_lua_block {
 	
 	local api		= require "api"
-	local api_whitelist_ip  = {% raw %}{{% endraw %}{% set elements = API_WHITELIST_IP.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+	local api_whitelist_ip  = { %API_WHITELIST_IP% }
-	local api_uri		= "{{ API_URI }}"
+	local api_uri		= "%API_URI%"
 	local logger		= require "logger"
 
 	if api.is_api_call(api_uri, api_whitelist_ip) then

confs/global/api.conf

@@ -2,7 +2,7 @@
 rewrite_by_lua_block {
 	
 	local api		= require "api"
-	local api_whitelist_ip	= {% raw %}{{% endraw %}{% set elements = API_WHITELIST_IP.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+	local api_whitelist_ip	= {% raw %}{{% endraw %}{% if API_WHITELIST_IP != ""%}{% set elements = API_WHITELIST_IP.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
 	local api_uri		= "{{ API_URI }}"
 	local logger		= require "logger"
 

confs/global/geoip.conf

@@ -6,10 +6,14 @@ geoip2 /etc/nginx/geoip.mmdb {
 
 map $geoip2_data_country_code $allowed_country {
 	default {% if WHITELIST_COUNTRY != "" %}no{% else %}yes{% endif %};
+	{% if WHITELIST_COUNTRY != "" %}
 		{% for country in WHITELIST_COUNTRY.split(" ") %}
 	{{ country }} yes;
 		{% endfor %}
+	{% endif %}
+	{% if BLACKLIST_COUNTRY != "" %}
 		{% for country in BLACKLIST_COUNTRY.split(" ") %}
 	{{ country }} no;
 		{% endfor %}
+	{% endif %}
 }

confs/site/log-lua.conf

@@ -3,7 +3,7 @@ log_by_lua_block {
 -- bad behavior
 local use_bad_behavior		= {% if USE_BAD_BEHAVIOR == "yes" %}true{% else %}false{% endif %}
 local behavior			= require "behavior"
-local bad_behavior_status_codes = {% raw %}{{% endraw %}{% set elements = BAD_BEHAVIOR_STATUS_CODES.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+local bad_behavior_status_codes = {% raw %}{{% endraw %}{% if BAD_BEHAVIOR_STATUS_CODES != "" %}{% set elements = BAD_BEHAVIOR_STATUS_CODES.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
 local bad_behavior_threshold    = {{ BAD_BEHAVIOR_THRESHOLD }}
 local bad_behavior_count_time   = {{ BAD_BEHAVIOR_COUNT_TIME }}
 local bad_behavior_ban_time     = {{ BAD_BEHAVIOR_BAN_TIME }}

confs/site/main-lua.conf

@@ -30,23 +30,23 @@ local use_antibot_captcha	= {% if USE_ANTIBOT == "captcha" %}true{% else %}false
 local use_antibot_recaptcha	= {% if USE_ANTIBOT == "recaptcha" %}true{% else %}false{% endif %}
 
 -- resolvers
-local dns_resolvers		= {% raw %}{{% endraw %}{% set elements = DNS_RESOLVERS.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+local dns_resolvers		= {% raw %}{{% endraw %}{% if DNS_RESOLVERS != "" %}{% set elements = DNS_RESOLVERS.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
 
 -- whitelist
 local use_whitelist_ip		= {% if USE_WHITELIST_IP == "yes" %}true{% else %}false{% endif %}
 local use_whitelist_reverse	= {% if USE_WHITELIST_REVERSE == "yes" %}true{% else %}false{% endif %}
-local whitelist_ip_list		= {% raw %}{{% endraw %}{% set elements = WHITELIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+local whitelist_ip_list		= {% raw %}{{% endraw %}{% if WHITELIST_IP_LIST != "" %}{% set elements = WHITELIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
-local whitelist_reverse_list	= {% raw %}{{% endraw %}{% set elements = WHITELIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+local whitelist_reverse_list	= {% raw %}{{% endraw %}{% if WHITELIST_REVERSE_LIST != "" %}{% set elements = WHITELIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
 
 -- blacklist
 local use_blacklist_ip		= {% if USE_BLACKLIST_IP == "yes" %}true{% else %}false{% endif %}
 local use_blacklist_reverse	= {% if USE_BLACKLIST_REVERSE == "yes" %}true{% else %}false{% endif %}
-local blacklist_ip_list		= {% raw %}{{% endraw %}{% set elements = BLACKLIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+local blacklist_ip_list		= {% raw %}{{% endraw %}{% if BLACKLIST_IP_LIST != "" %}{% set elements = BLACKLIST_IP_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
-local blacklist_reverse_list	= {% raw %}{{% endraw %}{% set elements = BLACKLIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+local blacklist_reverse_list	= {% raw %}{{% endraw %}{% if BLACKLIST_REVERSE_LIST != "" %}{% set elements = BLACKLIST_REVERSE_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
 
 -- dnsbl
 local use_dnsbl			= {% if USE_DNSBL == "yes" %}true{% else %}false{% endif %}
-local dnsbl_list		= {% raw %}{{% endraw %}{% set elements = DNSBL_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+local dnsbl_list		= {% raw %}{{% endraw %}{% if DNSBL_LIST != "" %}{% set elements = DNSBL_LIST.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
 
 -- bad behavior
 local use_bad_behavior		= {% if USE_BAD_BEHAVIOR == "yes" %}true{% else %}false{% endif %}
@@ -65,8 +65,8 @@ local logger			= require "logger"
 
 -- user variables
 local antibot_uri		= "{{ ANTIBOT_URI }}"
-local whitelist_user_agent	= {% raw %}{{% endraw %}{% set elements = WHITELIST_USER_AGENT.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+local whitelist_user_agent	= {% raw %}{{% endraw %}{% if WHITELIST_USER_AGENT != "" %}{% set elements = WHITELIST_USER_AGENT.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
-local whitelist_uri		= {% raw %}{{% endraw %}{% set elements = WHITELIST_URI.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% raw %}}{% endraw %}
+local whitelist_uri		= {% raw %}{{% endraw %}{% if WHITELIST_URI != "" %}{% set elements = WHITELIST_URI.split(" ") %}{% for i in range(0, elements|length) %}"{{ elements[i] }}"{% if i < elements|length-1 %},{% endif %}{% endfor %}{% endif %}{% raw %}}{% endraw %}
 
 -- check if already in whitelist cache
 if use_whitelist_ip and whitelist.ip_cached_ok() then

confs/site/serve-files.conf

@@ -1,3 +1,3 @@
-root {{ ROOT_FOLDER }}/{{ FIRST_SERVER }};
+root {{ ROOT_FOLDER }};
 index index.html index.php;
 try_files $uri $uri/ =404;

entrypoint/entrypoint.sh

@@ -94,7 +94,7 @@ pid="$!"
 if [ "$1" == "test" ] ; then
 	sleep 10
 	echo -n "autotest" > /www/index.html
-	check=$(curl "http://localhost:8080")
+	check=$(curl -H "User-Agent: legit" "http://localhost:8080")
 	if [ "$check" == "autotest" ] ; then
 		exit 0
 	fi

entrypoint/nginx-temp.sh

@@ -10,11 +10,13 @@ if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$SWARM_MODE" = "yes" ] ;
 	if [ "$SWARM_MODE" = "yes" ] ; then
 		replace_in_file "/tmp/nginx-temp.conf" "%USE_API%" "include /tmp/api.conf;"
 		replace_in_file "/tmp/api.conf" "%API_URI%" "$API_URI"
+		API_WHITELIST_IP="${API_WHITELIST_IP-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}"
 		list=$(spaces_to_lua "$API_WHITELIST_IP")
 		replace_in_file "/tmp/api.conf" "%API_WHITELIST_IP%" "$list"
 	else
 		replace_in_file "/tmp/nginx-temp.conf" "%USE_API%" ""
 	fi
+	HTTP_PORT="${HTTP_PORT-8080}"
 	replace_in_file "/tmp/nginx-temp.conf" "%HTTP_PORT%" "$HTTP_PORT"
 	nginx -c /tmp/nginx-temp.conf
 	if [ "$?" -eq 0 ] ; then