Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

custom HTTP and HTTPS ports

Browse Source
This commit is contained in:
bunkerity 2020-11-06 17:11:27 +01:00
parent 4a07eca696
commit 761c14a0b8
No known key found for this signature in database
GPG Key ID: 654FFF51CEF7CC47
3 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
confs/https.conf
View File

@ -1,4 +1,4 @@
listen 0.0.0.0:8443 ssl %HTTP2%; listen 0.0.0.0:%HTTPS_PORT% ssl %HTTP2%;
ssl_certificate %HTTPS_CERT%; ssl_certificate %HTTPS_CERT%;
ssl_certificate_key %HTTPS_KEY%; ssl_certificate_key %HTTPS_KEY%;
ssl_protocols %HTTPS_PROTOCOLS%; ssl_protocols %HTTPS_PROTOCOLS%;

7
entrypoint.sh
View File

@ -54,6 +54,8 @@ cp -r /opt/lua/* /usr/local/lib/lua
echo "" > /etc/crontabs/root echo "" > /etc/crontabs/root
# set default values # set default values
HTTP_PORT="${HTTP_PORT-8080}"
HTTPS_PORT="${HTTPS_PORT-8443}"
MAX_CLIENT_SIZE="${MAX_CLIENT_SIZE-10m}" MAX_CLIENT_SIZE="${MAX_CLIENT_SIZE-10m}"
SERVER_TOKENS="${SERVER_TOKENS-off}" SERVER_TOKENS="${SERVER_TOKENS-off}"
CACHE="${CACHE-max=1000 inactive=60s}" CACHE="${CACHE-max=1000 inactive=60s}"
@ -258,6 +260,7 @@ fi
# HTTPS config # HTTPS config
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GENERATE_SELF_SIGNED_SSL" = "yes" ] ; then if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GENERATE_SELF_SIGNED_SSL" = "yes" ] ; then
replace_in_file "/etc/nginx/server.conf" "%USE_HTTPS%" "include /etc/nginx/https.conf;" replace_in_file "/etc/nginx/server.conf" "%USE_HTTPS%" "include /etc/nginx/https.conf;"
replace_in_file "/etc/nginx/https.conf" "%HTTPS_PORT%" "$HTTPS_PORT"
if [ "$HTTP2" = "yes" ] ; then if [ "$HTTP2" = "yes" ] ; then
replace_in_file "/etc/nginx/https.conf" "%HTTP2%" "http2" replace_in_file "/etc/nginx/https.conf" "%HTTP2%" "http2"
else else
@ -285,7 +288,7 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GE
if [ -f /etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem ] ; then if [ -f /etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem ] ; then
/opt/scripts/certbot-renew.sh /opt/scripts/certbot-renew.sh
else else
certbot certonly --standalone -n --preferred-challenges http -d "$DOMAINS_LETS_ENCRYPT" --email "$EMAIL_LETS_ENCRYPT" --agree-tos --http-01-port 8080 certbot certonly --standalone -n --preferred-challenges http -d "$DOMAINS_LETS_ENCRYPT" --email "$EMAIL_LETS_ENCRYPT" --agree-tos --http-01-port $HTTP_PORT
fi fi
echo "0 0 * * * /opt/scripts/certbot-renew.sh" >> /etc/crontabs/root echo "0 0 * * * /opt/scripts/certbot-renew.sh" >> /etc/crontabs/root
elif [ "$USE_CUSTOM_HTTPS" = "yes" ] ; then elif [ "$USE_CUSTOM_HTTPS" = "yes" ] ; then
@ -302,7 +305,7 @@ else
fi fi
if [ "$LISTEN_HTTP" = "yes" ] ; then if [ "$LISTEN_HTTP" = "yes" ] ; then
replace_in_file "/etc/nginx/server.conf" "%LISTEN_HTTP%" "listen 0.0.0.0:8080;" replace_in_file "/etc/nginx/server.conf" "%LISTEN_HTTP%" "listen 0.0.0.0:${HTTP_PORT};"
else else
replace_in_file "/etc/nginx/server.conf" "%LISTEN_HTTP%" "" replace_in_file "/etc/nginx/server.conf" "%LISTEN_HTTP%" ""
fi fi

8
scripts/certbot-renew.sh
View File

@ -9,8 +9,8 @@ function replace_in_file() {
# check if HTTP enabled # check if HTTP enabled
# and disable it temporarily if needed # and disable it temporarily if needed
if grep -q "listen 0.0.0.0:8080;" "/etc/nginx/server.conf" ; then if grep -q "listen" "/etc/nginx/server.conf" ; then
replace_in_file "/etc/nginx/server.conf" "listen 0.0.0.0:8080;" "#listen 0.0.0.0:8080;" replace_in_file "/etc/nginx/server.conf" "listen" "#listen"
if [ -f /tmp/nginx.pid ] ; then if [ -f /tmp/nginx.pid ] ; then
/usr/sbin/nginx -s reload /usr/sbin/nginx -s reload
sleep 10 sleep 10
@ -21,8 +21,8 @@ fi
certbot renew certbot renew
# enable HTTP again if needed # enable HTTP again if needed
if grep -q "#listen 0.0.0.0:8080;" "/etc/nginx/server.conf" ; then if grep -q "#listen" "/etc/nginx/server.conf" ; then
replace_in_file "/etc/nginx/server.conf" "#listen 0.0.0.0:8080;" "listen 0.0.0.0:8080;" replace_in_file "/etc/nginx/server.conf" "#listen" "listen"
fi fi
chown -R root:nginx /etc/letsencrypt chown -R root:nginx /etc/letsencrypt