From 75c69c8105fa84791a3d36a4cb563d1a49a2d3c4 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Mon, 7 Dec 2020 16:53:00 +0100 Subject: [PATCH] last fixes before next release ? --- Dockerfile-arm32v7 | 1 + Dockerfile-arm64v8 | 1 + Dockerfile-i386 | 1 + confs/site/lets-encrypt-webroot.conf | 2 +- entrypoint/site-config.sh | 3 --- scripts/abusers.sh | 2 +- scripts/certbot-renew.sh | 2 +- scripts/exit-nodes.sh | 2 +- scripts/geoip.sh | 2 +- scripts/logrotate.sh | 2 +- scripts/proxies.sh | 2 +- scripts/referrers.sh | 2 +- scripts/user-agents.sh | 2 +- 13 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Dockerfile-arm32v7 b/Dockerfile-arm32v7 index de25a51..f239b12 100644 --- a/Dockerfile-arm32v7 +++ b/Dockerfile-arm32v7 @@ -36,6 +36,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c chmod 750 /var/log/nginx && \ touch /var/log/nginx/error.log /var/log/nginx/modsec_audit.log && \ chown nginx:nginx /var/log/nginx/*.log && \ + mkdir /acme-challenge && \ chown root:nginx /acme-challenge && \ chmod 750 /acme-challenge diff --git a/Dockerfile-arm64v8 b/Dockerfile-arm64v8 index ccd928d..114ff7e 100644 --- a/Dockerfile-arm64v8 +++ b/Dockerfile-arm64v8 @@ -36,6 +36,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c chmod 750 /var/log/nginx && \ touch /var/log/nginx/error.log /var/log/nginx/modsec_audit.log && \ chown nginx:nginx /var/log/nginx/*.log && \ + mkdir /acme-challenge && \ chown root:nginx /acme-challenge && \ chmod 750 /acme-challenge diff --git a/Dockerfile-i386 b/Dockerfile-i386 index 1ccff06..b0207c7 100644 --- a/Dockerfile-i386 +++ b/Dockerfile-i386 @@ -29,6 +29,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c chmod 750 /var/log/nginx && \ touch /var/log/nginx/error.log /var/log/nginx/modsec_audit.log && \ chown nginx:nginx /var/log/nginx/*.log && \ + mkdir /acme-challenge && \ chown root:nginx /acme-challenge && \ chmod 750 /acme-challenge diff --git a/confs/site/lets-encrypt-webroot.conf b/confs/site/lets-encrypt-webroot.conf index a5b14a9..5b8e707 100644 --- a/confs/site/lets-encrypt-webroot.conf +++ b/confs/site/lets-encrypt-webroot.conf @@ -1,3 +1,3 @@ -location ^~ ^/.well-known/acme-challenge/ { +location ~ ^/.well-known/acme-challenge/ { root /acme-challenge; } diff --git a/entrypoint/site-config.sh b/entrypoint/site-config.sh index 41968a7..a89a345 100644 --- a/entrypoint/site-config.sh +++ b/entrypoint/site-config.sh @@ -22,9 +22,6 @@ if [ "$MULTISITE" = "yes" ] ; then ROOT_FOLDER="${ROOT_FOLDER}/$1" fi -# generate Let's Encrypt certificate before copying configs -# in case we are in autoconf mode and nginx is already running - # copy stub confs if [ "$MULTISITE" = "yes" ] ; then mkdir "$NGINX_PREFIX" diff --git a/scripts/abusers.sh b/scripts/abusers.sh index 1f40ebe..bcf3895 100755 --- a/scripts/abusers.sh +++ b/scripts/abusers.sh @@ -10,5 +10,5 @@ while read entry ; do done cp /etc/nginx/block-abusers.conf /cache if [ -f /tmp/nginx.pid ] ; then - /usr/sbin/nginx -s reload + /usr/sbin/nginx -s reload > /dev/null 2>&1 fi diff --git a/scripts/certbot-renew.sh b/scripts/certbot-renew.sh index 2176d18..dc596c7 100644 --- a/scripts/certbot-renew.sh +++ b/scripts/certbot-renew.sh @@ -10,5 +10,5 @@ find /etc/letsencrypt -type d -exec chmod 750 {} \; # reload nginx if [ -f /tmp/nginx.pid ] ; then - /usr/sbin/nginx -s reload + /usr/sbin/nginx -s reload > /dev/null 2>&1 fi diff --git a/scripts/exit-nodes.sh b/scripts/exit-nodes.sh index 91f60c4..9ea575f 100644 --- a/scripts/exit-nodes.sh +++ b/scripts/exit-nodes.sh @@ -10,5 +10,5 @@ while read entry ; do done cp /etc/nginx/block-tor-exit-node.conf /cache if [ -f /tmp/nginx.pid ] ; then - /usr/sbin/nginx -s reload + /usr/sbin/nginx -s reload > /dev/null 2>&1 fi diff --git a/scripts/geoip.sh b/scripts/geoip.sh index f8c29b5..1000680 100644 --- a/scripts/geoip.sh +++ b/scripts/geoip.sh @@ -7,6 +7,6 @@ if [ -f /etc/nginx/geoip.mmdb.gz ] ; then gunzip -f /etc/nginx/geoip.mmdb.gz cp /etc/nginx/geoip.mmdb /cache if [ -f /tmp/nginx.pid ] ; then - /usr/sbin/nginx -s reload + /usr/sbin/nginx -s reload > /dev/null 2>&1 fi fi diff --git a/scripts/logrotate.sh b/scripts/logrotate.sh index 0730d4c..0a6eb84 100644 --- a/scripts/logrotate.sh +++ b/scripts/logrotate.sh @@ -7,5 +7,5 @@ pkill -HUP rsyslogd fail2ban-client flushlogs if [ -f /tmp/nginx.pid ] ; then - /usr/sbin/nginx -s reload + /usr/sbin/nginx -s reload > /dev/null 2>&1 fi diff --git a/scripts/proxies.sh b/scripts/proxies.sh index d5d551b..1d3dc9f 100755 --- a/scripts/proxies.sh +++ b/scripts/proxies.sh @@ -10,5 +10,5 @@ while read entry ; do done cp /etc/nginx/block-proxies.conf /cache if [ -f /tmp/nginx.pid ] ; then - /usr/sbin/nginx -s reload + /usr/sbin/nginx -s reload > /dev/null 2>&1 fi diff --git a/scripts/referrers.sh b/scripts/referrers.sh index a49b987..6f4359f 100755 --- a/scripts/referrers.sh +++ b/scripts/referrers.sh @@ -11,5 +11,5 @@ echo -e "map \$http_referer \$bad_referrer { hostnames; default no; $DATA }" > / cp /etc/nginx/map-referrer.conf /cache if [ -f /tmp/nginx.pid ] ; then - /usr/sbin/nginx -s reload + /usr/sbin/nginx -s reload > /dev/null 2>&1 fi diff --git a/scripts/user-agents.sh b/scripts/user-agents.sh index 17b5fd5..097c648 100755 --- a/scripts/user-agents.sh +++ b/scripts/user-agents.sh @@ -13,5 +13,5 @@ echo -e "map \$http_user_agent \$bad_user_agent { default no; $DATA_ESCAPED }" > cp /etc/nginx/map-user-agent.conf /cache if [ -f /tmp/nginx.pid ] ; then - /usr/sbin/nginx -s reload + /usr/sbin/nginx -s reload > /dev/null 2>&1 fi