Reduce memory usage : set cron tasks at different hours.
This commit is contained in:
thelittlefireman
@@ -45,11 +45,17 @@ DISABLE_DEFAULT_SERVER="${DISABLE_DEFAULT_SERVER-no}"
|
||||
SERVER_NAME="${SERVER_NAME-www.bunkerity.com}"
|
||||
ALLOWED_METHODS="${ALLOWED_METHODS-GET|POST|HEAD}"
|
||||
BLOCK_USER_AGENT="${BLOCK_USER_AGENT-yes}"
|
||||
BLOCK_USER_AGENT_CRON="${BLOCK_USER_AGENT_CRON-5 0 * * *}"
|
||||
BLOCK_REFERRER="${BLOCK_REFERRER-yes}"
|
||||
BLOCK_REFERRER_CRON="${BLOCK_REFERRER_CRON-10 0 * * *}"
|
||||
BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-yes}"
|
||||
BLOCK_TOR_EXIT_NODE_CRON="${BLOCK_TOR_EXIT_NODE_CRON-15 * * * *}"
|
||||
BLOCK_PROXIES="${BLOCK_PROXIES-yes}"
|
||||
BLOCK_PROXIES_CRON="${BLOCK_PROXIES_CRON-20 0 * * *}"
|
||||
BLOCK_ABUSERS="${BLOCK_ABUSERS-yes}"
|
||||
BLOCK_ABUSERS_CRON="${BLOCK_ABUSERS_CRON-30 0 * * *}"
|
||||
AUTO_LETS_ENCRYPT="${AUTO_LETS_ENCRYPT-no}"
|
||||
AUTO_LETS_ENCRYPT_CRON="${AUTO_LETS_ENCRYPT_CRON-0 2 * * *}"
|
||||
HTTP2="${HTTP2-yes}"
|
||||
HTTPS_PROTOCOLS="${HTTPS_PROTOCOLS-TLSv1.2 TLSv1.3}"
|
||||
STRICT_TRANSPORT_SECURITY="${STRICT_TRANSPORT_SECURITY-max-age=31536000}"
|
||||
@@ -70,6 +76,8 @@ FAIL2BAN_MAXRETRY="${FAIL2BAN_MAXRETRY-15}"
|
||||
FAIL2BAN_IGNOREIP="${FAIL2BAN_IGNOREIP-127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}"
|
||||
USE_CLAMAV_UPLOAD="${USE_CLAMAV_UPLOAD-yes}"
|
||||
USE_CLAMAV_SCAN="${USE_CLAMAV_SCAN-yes}"
|
||||
USE_CLAMAV_SCAN_CRON="${USE_CLAMAV_SCAN_CRON-40 */1 * * *}"
|
||||
CLAMAV_UPDATE_CRON="${CLAMAV_UPDATE_CRON-0 3 * * *}"
|
||||
CLAMAV_SCAN_REMOVE="${CLAMAV_SCAN_REMOVE-yes}"
|
||||
USE_AUTH_BASIC="${USE_AUTH_BASIC-no}"
|
||||
AUTH_BASIC_TEXT="${AUTH_BASIC_TEXT-Restricted area}"
|
||||
@@ -80,6 +88,7 @@ USE_CUSTOM_HTTPS="${USE_CUSTOM_HTTPS-no}"
|
||||
ROOT_FOLDER="${ROOT_FOLDER-/www}"
|
||||
LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
|
||||
LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
|
||||
LOGROTATE_CRON="${LOGROTATE_CRON-0 4 * * *}"
|
||||
DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11}"
|
||||
USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
|
||||
WHITELIST_IP_LIST="${WHITELIST_IP_LIST-127.0.0.1 23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
|
||||
@@ -99,6 +108,7 @@ PROXY_REAL_IP="${PROXY_REAL_IP-no}"
|
||||
PROXY_REAL_IP_FROM="${PROXY_REAL_IP_FROM-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}"
|
||||
PROXY_REAL_IP_HEADER="${PROXY_REAL_IP_HEADER-X-Forwarded-For}"
|
||||
PROXY_REAL_IP_RECURSIVE="${PROXY_REAL_IP_RECURSIVE-on}"
|
||||
GEOIP_CRON="${GEOIP_CRON-30 2 2 * *}"
|
||||
GENERATE_SELF_SIGNED_SSL="${GENERATE_SELF_SIGNED_SSL-no}"
|
||||
SELF_SIGNED_SSL_EXPIRY="${SELF_SIGNED_SSL_EXPIRY-365}"
|
||||
SELF_SIGNED_SSL_COUNTRY="${SELF_SIGNED_SSL_COUNTRY-CH}"
|
||||
|
||||
@@ -100,7 +100,7 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
||||
/opt/scripts/certbot-new.sh "$DOMAINS_LETS_ENCRYPT" "$EMAIL_LETS_ENCRYPT"
|
||||
fi
|
||||
fi
|
||||
echo "0 0 * * * /opt/scripts/certbot-renew.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
echo "$AUTO_LETS_ENCRYPT_CRON /opt/scripts/certbot-renew.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
fi
|
||||
|
||||
# self-signed certificate
|
||||
@@ -119,7 +119,7 @@ if [ "$BLACKLIST_COUNTRY" != "" ] || [ "$WHITELIST_COUNTRY" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%DEFAULT%" "yes"
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%COUNTRY%" "$(echo $BLACKLIST_COUNTRY | sed 's/ / no;\\n/g') no;"
|
||||
fi
|
||||
echo "0 0 2 * * /opt/scripts/geoip.sh" >> /etc/crontabs/root
|
||||
echo "$GEOIP_CRON /opt/scripts/geoip.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/geoip.mmdb" ] ; then
|
||||
echo "[*] Copying cached geoip.mmdb ..."
|
||||
cp /cache/geoip.mmdb /etc/nginx/geoip.mmdb
|
||||
@@ -134,7 +134,7 @@ fi
|
||||
# block bad UA
|
||||
if [ "$(has_value BLOCK_USER_AGENT yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_USER_AGENT%" "include /etc/nginx/map-user-agent.conf;"
|
||||
echo "0 0 * * * /opt/scripts/user-agents.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_USER_AGENT_CRON /opt/scripts/user-agents.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/map-user-agent.conf" ] ; then
|
||||
echo "[*] Copying cached map-user-agent.conf ..."
|
||||
cp /cache/map-user-agent.conf /etc/nginx/map-user-agent.conf
|
||||
@@ -149,7 +149,7 @@ fi
|
||||
# block bad refferer
|
||||
if [ "$(has_value BLOCK_REFERRER yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_REFERRER%" "include /etc/nginx/map-referrer.conf;"
|
||||
echo "0 0 * * * /opt/scripts/referrers.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_REFERRER_CRON /opt/scripts/referrers.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/map-referrer.conf" ] ; then
|
||||
echo "[*] Copying cached map-referrer.conf ..."
|
||||
cp /cache/map-referrer.conf /etc/nginx/map-referrer.conf
|
||||
@@ -163,7 +163,7 @@ fi
|
||||
|
||||
# block TOR exit nodes
|
||||
if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] ; then
|
||||
echo "0 * * * * /opt/scripts/exit-nodes.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_TOR_EXIT_NODE_CRON /opt/scripts/exit-nodes.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/block-tor-exit-node.conf" ] ; then
|
||||
echo "[*] Copying cached block-tor-exit-node.conf ..."
|
||||
cp /cache/block-tor-exit-node.conf /etc/nginx/block-tor-exit-node.conf
|
||||
@@ -175,7 +175,7 @@ fi
|
||||
|
||||
# block proxies
|
||||
if [ "$(has_value BLOCK_PROXIES yes)" != "" ] ; then
|
||||
echo "0 0 * * * /opt/scripts/proxies.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_PROXIES_CRON /opt/scripts/proxies.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/block-proxies.conf" ] ; then
|
||||
echo "[*] Copying cached block-proxies.conf ..."
|
||||
cp /cache/block-proxies.conf /etc/nginx/block-proxies.conf
|
||||
@@ -187,7 +187,7 @@ fi
|
||||
|
||||
# block abusers
|
||||
if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
|
||||
echo "0 0 * * * /opt/scripts/abusers.sh" >> /etc/crontabs/root
|
||||
echo "$BLOCK_ABUSERS_CRON /opt/scripts/abusers.sh" >> /etc/crontabs/root
|
||||
if [ -f "/cache/block-abusers.conf" ] ; then
|
||||
echo "[*] Copying cached block-abusers.conf ..."
|
||||
cp /cache/block-abusers.conf /etc/nginx/block-abusers.conf
|
||||
@@ -279,13 +279,13 @@ fi
|
||||
if [ "$(has_value USE_CLAMAV_UPLOAD yes)" != "" ] || [ "$USE_CLAMAV_SCAN" = "yes" ] ; then
|
||||
echo "[*] Updating clamav (in background) ..."
|
||||
freshclam > /dev/null 2>&1 &
|
||||
echo "0 0 * * * /usr/bin/freshclam > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
echo "$CLAMAV_UPDATE_CRON /usr/bin/freshclam > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
fi
|
||||
if [ "$USE_CLAMAV_SCAN" = "yes" ] ; then
|
||||
if [ "$USE_CLAMAV_SCAN_REMOVE" = "yes" ] ; then
|
||||
echo "0 */1 * * * /usr/bin/clamscan -r -i --no-summary --remove / >> /var/log/clamav.log 2>&1" >> /etc/crontabs/root
|
||||
echo "$USE_CLAMAV_SCAN_CRON /usr/bin/clamscan -r -i --no-summary --remove / >> /var/log/clamav.log 2>&1" >> /etc/crontabs/root
|
||||
else
|
||||
echo "0 */1 * * * /usr/bin/clamscan -r -i --no-summary / >> /var/log/clamav.log 2>&1" >> /etc/crontabs/root
|
||||
echo "$USE_CLAMAV_SCAN_CRON /usr/bin/clamscan -r -i --no-summary / >> /var/log/clamav.log 2>&1" >> /etc/crontabs/root
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -305,4 +305,4 @@ touch /var/log/error.log
|
||||
# setup logrotate
|
||||
replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MAXAGE%" "$LOGROTATE_MAXAGE"
|
||||
replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MINSIZE%" "$LOGROTATE_MINSIZE"
|
||||
echo "0 0 * * * /opt/scripts/logrotate.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
echo "$LOGROTATE_CRON /opt/scripts/logrotate.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
|
||||
Reference in New Issue
Block a user