templating - started integration into docker image
This commit is contained in:
bunkerity
28
entrypoint/certbot.sh
Normal file
28
entrypoint/certbot.sh
Normal file
@@ -0,0 +1,28 @@
|
||||
#!/bin/sh
|
||||
|
||||
# load some functions
|
||||
. /opt/entrypoint/utils.sh
|
||||
|
||||
if [ "$MULTISITE" != "yes" ] && [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
||||
first_server_name=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
||||
domains_lets_encrypt=$(echo "$SERVER_NAME" | sed "s/ /,/g")
|
||||
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$first_server_name}"
|
||||
if [ ! -f /etc/letsencrypt/live/${first_server_name}/fullchain.pem ] ; then
|
||||
echo "[*] Performing Let's Encrypt challenge for $domains_lets_encrypt ..."
|
||||
/opt/scripts/certbot-new.sh "$domains_lets_encrypt" "$EMAIL_LETS_ENCRYPT"
|
||||
fi
|
||||
elif [ "$MULTISITE" = "yes" ] ; then
|
||||
servers=$(find /etc/nginx -name "site.env" | cut -d '/' -f 4)
|
||||
for server in $servers ; do
|
||||
lets_encrypt=$(grep "^AUTO_LETS_ENCRYPT=yes$" /etc/nginx/${server}/site.env)
|
||||
if [ "$lets_encrypt" != "" ] && [ ! -f /etc/letsencrypt/live/${server}/fullchain.pem ] ; then
|
||||
server_name=$(grep "^SERVER_NAME=.*$" /etc/nginx/${server}/site.env | sed "s/SERVER_NAME=//" | sed "s/ /,/g")
|
||||
echo "[*] Performing Let's Encrypt challenge for $server_name ..."
|
||||
EMAIL_LETS_ENCRYPT=$(grep "^EMAIL_LETS_ENCRYPT=.*$" /etc/nginx/${server}/site.env | sed "s/EMAIL_LETS_ENCRYPT=//")
|
||||
if [ "$EMAIL_LETS_ENCRYPT" = "" ] ; then
|
||||
EMAIL_LETS_ENCRYPT="contact@${server}"
|
||||
fi
|
||||
/opt/scripts/certbot-new.sh "$domains" "EMAIL_LETS_ENCRYPT"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
@@ -1,8 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
# load default values
|
||||
. /opt/entrypoint/defaults.sh
|
||||
|
||||
# load some functions
|
||||
. /opt/entrypoint/utils.sh
|
||||
|
||||
|
||||
@@ -1,133 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
MULTISITE="${MULTISITE-no}"
|
||||
LOG_FORMAT="${LOG_FORMAT-\$host \$remote_addr - \$remote_user [\$time_local] \"\$request\" \$status \$body_bytes_sent \"\$http_referer\" \"\$http_user_agent\"}"
|
||||
LOG_LEVEL="${LOG_LEVEL-info}"
|
||||
HTTP_PORT="${HTTP_PORT-8080}"
|
||||
HTTPS_PORT="${HTTPS_PORT-8443}"
|
||||
MAX_CLIENT_SIZE="${MAX_CLIENT_SIZE-10m}"
|
||||
SERVER_TOKENS="${SERVER_TOKENS-off}"
|
||||
WORKER_CONNECTIONS="${WORKER_CONNECTIONS-1024}"
|
||||
WORKER_RLIMIT_NOFILE="${WORKER_RLIMIT_NOFILE-2048}"
|
||||
USE_CLIENT_CACHE="${USE_CLIENT_CACHE-no}"
|
||||
CLIENT_CACHE_EXTENSIONS="${CLIENT_CACHE_EXTENSIONS-jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2}"
|
||||
CLIENT_CACHE_CONTROL="${CLIENT_CACHE_CONTROL-public, max-age=15552000}"
|
||||
CLIENT_CACHE_ETAG="${CLIENT_CACHE_ETAG-on}"
|
||||
USE_OPEN_FILE_CACHE="${USE_OPEN_FILE_CACHE-no}"
|
||||
OPEN_FILE_CACHE="${OPEN_FILE_CACHE-max=1000 inactive=20s}"
|
||||
OPEN_FILE_CACHE_ERRORS="${OPEN_FILE_CACHE_ERRORS-on}"
|
||||
OPEN_FILE_CACHE_MIN_USES="${OPEN_FILE_CACHE_MIN_USES-2}"
|
||||
OPEN_FILE_CACHE_VALID="${OPEN_FILE_CACHE_VALID-30s}"
|
||||
USE_PROXY_CACHE="${USE_PROXY_CACHE-no}"
|
||||
PROXY_CACHE_PATH_ZONE_SIZE="${PROXY_CACHE_PATH_ZONE_SIZE-10m}"
|
||||
PROXY_CACHE_PATH_PARAMS="${PROXY_CACHE_PATH_PARAMS-max_size=100m}"
|
||||
PROXY_CACHE_METHODS="${PROXY_CACHE_METHODS-GET HEAD}"
|
||||
PROXY_CACHE_MIN_USES="${PROXY_CACHE_MIN_USES-2}"
|
||||
PROXY_CACHE_KEY="${PROXY_CACHE_KEY-\$scheme\$host\$request_uri}"
|
||||
PROXY_CACHE_VALID="${PROXY_CACHE_VALID-200=10m 301=10m 302=1h}"
|
||||
PROXY_NO_CACHE="${PROXY_NO_CACHE-\$http_authorization}"
|
||||
PROXY_CACHE_BYPASS="${PROXY_CACHE_BYPASS-\$http_authorization}"
|
||||
USE_GZIP="${USE_GZIP-no}"
|
||||
GZIP_COMP_LEVEL="${GZIP_COMP_LEVEL-5}"
|
||||
GZIP_MIN_LENGTH="${GZIP_MIN_LENGTH-1000}"
|
||||
GZIP_TYPES="${GZIP_TYPES-application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml}"
|
||||
USE_BROTLI="${USE_BROTLI-no}"
|
||||
BROTLI_COMP_LEVEL="${BROTLI_COMP_LEVEL-6}"
|
||||
BROTLI_MIN_LENGTH="${BROTLI_MIN_LENGTH-1000}"
|
||||
BROTLI_TYPES="${BROTLI_TYPES-application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml}"
|
||||
REMOTE_PHP_PATH="${REMOTE_PHP_PATH-/app}"
|
||||
USE_REVERSE_PROXY="${USE_REVERSE_PROXY-no}"
|
||||
REMOVE_HEADERS="${REMOVE_HEADERS-Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version}"
|
||||
X_FRAME_OPTIONS="${X_FRAME_OPTIONS-DENY}"
|
||||
X_XSS_PROTECTION="${X_XSS_PROTECTION-1; mode=block}"
|
||||
X_CONTENT_TYPE_OPTIONS="${X_CONTENT_TYPE_OPTIONS-nosniff}"
|
||||
REFERRER_POLICY="${REFERRER_POLICY-no-referrer}"
|
||||
PERMISSIONS_POLICY="${PERMISSIONS_POLICY-accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), sync-xhr=(), usb=(), vibrate=(), vr=()}"
|
||||
FEATURE_POLICY="${FEATURE_POLICY-accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vibrate 'none'; vr 'none'}"
|
||||
DISABLE_DEFAULT_SERVER="${DISABLE_DEFAULT_SERVER-no}"
|
||||
SERVER_NAME="${SERVER_NAME-www.bunkerity.com}"
|
||||
ALLOWED_METHODS="${ALLOWED_METHODS-GET|POST|HEAD}"
|
||||
BLOCK_USER_AGENT="${BLOCK_USER_AGENT-yes}"
|
||||
WHITELIST_USER_AGENT="${WHITELIST_USER_AGENT-}"
|
||||
BLOCK_USER_AGENT_CRON="${BLOCK_USER_AGENT_CRON-30 0 * * *}"
|
||||
BLOCK_REFERRER="${BLOCK_REFERRER-yes}"
|
||||
BLOCK_REFERRER_CRON="${BLOCK_REFERRER_CRON-45 0 * * *}"
|
||||
BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-yes}"
|
||||
BLOCK_TOR_EXIT_NODE_CRON="${BLOCK_TOR_EXIT_NODE_CRON-0 */1 * * *}"
|
||||
BLOCK_PROXIES="${BLOCK_PROXIES-yes}"
|
||||
BLOCK_PROXIES_CRON="${BLOCK_PROXIES_CRON-0 3 * * *}"
|
||||
BLOCK_ABUSERS="${BLOCK_ABUSERS-yes}"
|
||||
BLOCK_ABUSERS_CRON="${BLOCK_ABUSERS_CRON-0 2 * * *}"
|
||||
AUTO_LETS_ENCRYPT="${AUTO_LETS_ENCRYPT-no}"
|
||||
AUTO_LETS_ENCRYPT_CRON="${AUTO_LETS_ENCRYPT_CRON-15 0 * * *}"
|
||||
HTTP2="${HTTP2-yes}"
|
||||
HTTPS_PROTOCOLS="${HTTPS_PROTOCOLS-TLSv1.2 TLSv1.3}"
|
||||
STRICT_TRANSPORT_SECURITY="${STRICT_TRANSPORT_SECURITY-max-age=31536000}"
|
||||
USE_MODSECURITY="${USE_MODSECURITY-yes}"
|
||||
USE_MODSECURITY_CRS="${USE_MODSECURITY_CRS-yes}"
|
||||
MODSECURITY_SEC_AUDIT_ENGINE="${MODSECURITY_SEC_AUDIT_ENGINE-RelevantOnly}"
|
||||
CONTENT_SECURITY_POLICY="${CONTENT_SECURITY_POLICY-object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self';}"
|
||||
COOKIE_FLAGS="${COOKIE_FLAGS-* HttpOnly SameSite=Lax}"
|
||||
COOKIE_AUTO_SECURE_FLAG="${COOKIE_AUTO_SECURE_FLAG-yes}"
|
||||
SERVE_FILES="${SERVE_FILES-yes}"
|
||||
REDIRECT_HTTP_TO_HTTPS="${REDIRECT_HTTP_TO_HTTPS-no}"
|
||||
LISTEN_HTTP="${LISTEN_HTTP-yes}"
|
||||
USE_BAD_BEHAVIOR="${USE_BAD_BEHAVIOR-yes}"
|
||||
BAD_BEHAVIOR_STATUS_CODES="${BAD_BEHAVIOR_STATUS_CODES-400 401 403 404 405 429 444}"
|
||||
BAD_BEHAVIOR_THRESHOLD="${BAD_BEHAVIOR_THRESHOLD-10}"
|
||||
BAD_BEHAVIOR_BAN_TIME="${BAD_BEHAVIOR_BAN_TIME-86400}"
|
||||
BAD_BEHAVIOR_COUNT_TIME="${BAD_BEHAVIOR_COUNT_TIME-60}"
|
||||
USE_CLAMAV_UPLOAD="${USE_CLAMAV_UPLOAD-yes}"
|
||||
USE_CLAMAV_SCAN="${USE_CLAMAV_SCAN-yes}"
|
||||
USE_CLAMAV_SCAN_CRON="${USE_CLAMAV_SCAN_CRON-30 1 * * *}"
|
||||
CLAMAV_UPDATE_CRON="${CLAMAV_UPDATE_CRON-0 1 * * *}"
|
||||
CLAMAV_SCAN_REMOVE="${CLAMAV_SCAN_REMOVE-yes}"
|
||||
USE_AUTH_BASIC="${USE_AUTH_BASIC-no}"
|
||||
AUTH_BASIC_TEXT="${AUTH_BASIC_TEXT-Restricted area}"
|
||||
AUTH_BASIC_LOCATION="${AUTH_BASIC_LOCATION-sitewide}"
|
||||
AUTH_BASIC_USER="${AUTH_BASIC_USER-changeme}"
|
||||
AUTH_BASIC_PASSWORD="${AUTH_BASIC_PASSWORD-changeme}"
|
||||
USE_CUSTOM_HTTPS="${USE_CUSTOM_HTTPS-no}"
|
||||
ROOT_FOLDER="${ROOT_FOLDER-/www}"
|
||||
ROOT_SITE_SUBFOLDER="${ROOT_SITE_SUBFOLDER-}"
|
||||
DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11}"
|
||||
USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
|
||||
WHITELIST_IP_LIST="${WHITELIST_IP_LIST-127.0.0.1 23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
|
||||
USE_WHITELIST_REVERSE="${USE_WHITELIST_REVERSE-yes}"
|
||||
WHITELIST_REVERSE_LIST="${WHITELIST_REVERSE_LIST-.googlebot.com .google.com .search.msn.com .crawl.yahoot.net .crawl.baidu.jp .crawl.baidu.com .yandex.com .yandex.ru .yandex.net}"
|
||||
USE_BLACKLIST_IP="${USE_BLACKLIST_IP-yes}"
|
||||
BLACKLIST_IP_LIST="${BLACKLIST_IP_LIST-}"
|
||||
USE_BLACKLIST_REVERSE="${USE_BLACKLIST_REVERSE-yes}"
|
||||
BLACKLIST_REVERSE_LIST="${BLACKLIST_REVERSE_LIST-.shodan.io}"
|
||||
USE_DNSBL="${USE_DNSBL-yes}"
|
||||
DNSBL_LIST="${DNSBL_LIST-bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org}"
|
||||
USE_LIMIT_REQ="${USE_LIMIT_REQ-yes}"
|
||||
LIMIT_REQ_RATE="${LIMIT_REQ_RATE-1r/s}"
|
||||
LIMIT_REQ_BURST="${LIMIT_REQ_BURST-2}"
|
||||
LIMIT_REQ_CACHE="${LIMIT_REQ_CACHE-10m}"
|
||||
USE_LIMIT_CONN="${USE_LIMIT_CONN-yes}"
|
||||
LIMIT_CONN_MAX="${LIMIT_CONN_MAX-50}"
|
||||
LIMIT_CONN_CACHE="${LIMIT_CONN_CACHE-10m}"
|
||||
PROXY_REAL_IP="${PROXY_REAL_IP-no}"
|
||||
PROXY_REAL_IP_FROM="${PROXY_REAL_IP_FROM-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}"
|
||||
PROXY_REAL_IP_HEADER="${PROXY_REAL_IP_HEADER-X-Forwarded-For}"
|
||||
PROXY_REAL_IP_RECURSIVE="${PROXY_REAL_IP_RECURSIVE-on}"
|
||||
GEOIP_CRON="${GEOIP_CRON-0 4 2 * *}"
|
||||
GENERATE_SELF_SIGNED_SSL="${GENERATE_SELF_SIGNED_SSL-no}"
|
||||
SELF_SIGNED_SSL_EXPIRY="${SELF_SIGNED_SSL_EXPIRY-365}"
|
||||
SELF_SIGNED_SSL_COUNTRY="${SELF_SIGNED_SSL_COUNTRY-CH}"
|
||||
SELF_SIGNED_SSL_STATE="${SELF_SIGNED_SSL_STATE-Switzerland}"
|
||||
SELF_SIGNED_SSL_CITY="${SELF_SIGNED_SSL_CITY-Bern}"
|
||||
SELF_SIGNED_SSL_ORG="${SELF_SIGNED_SSL_ORG-AcmeInc}"
|
||||
SELF_SIGNED_SSL_OU="${SELF_SIGNED_SSL_OU-IT}"
|
||||
SELF_SIGNED_SSL_CN="${SELF_SIGNED_SSL_CN-web}"
|
||||
ANTIBOT_URI="${ANTIBOT_URI-/challenge}"
|
||||
USE_ANTIBOT="${USE_ANTIBOT-no}"
|
||||
ANTIBOT_RECAPTCHA_SCORE="${ANTIBOT_RECAPTCHA_SCORE-0.7}"
|
||||
ANTIBOT_SESSION_SECRET="${ANTIBOT_SESSION_SECRET-random}"
|
||||
USE_CROWDSEC="${USE_CROWDSEC-no}"
|
||||
USE_API="${USE_API-no}"
|
||||
API_URI="${API_URI-random}"
|
||||
API_WHITELIST_IP="${API_WHITELIST_IP-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}"
|
||||
SWARM_MODE="${SWARM_MODE-no}"
|
||||
|
||||
@@ -1,8 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
# load default values
|
||||
. ./opt/entrypoint/defaults.sh
|
||||
|
||||
echo "[*] Starting bunkerized-nginx ..."
|
||||
|
||||
# trap SIGTERM and SIGINT
|
||||
@@ -19,7 +16,7 @@ trap "trap_exit" TERM INT QUIT
|
||||
function trap_reload() {
|
||||
echo "[*] Catched reload operation"
|
||||
if [ "$MULTISITE" = "yes" ] && [ "$SWARM_MODE" != "yes" ] ; then
|
||||
/opt/entrypoint/multisite-config.sh
|
||||
/opt/entrypoint/certbot.sh
|
||||
fi
|
||||
if [ -f /tmp/nginx.pid ] ; then
|
||||
echo "[*] Reloading nginx ..."
|
||||
@@ -41,7 +38,7 @@ if [ ! -f "/opt/installed" ] ; then
|
||||
echo "[*] Configuring bunkerized-nginx ..."
|
||||
|
||||
# check permissions
|
||||
if [ "$SWARM_MODE" = "no" ] ; then
|
||||
if [ "$SWARM_MODE" != "yes" ] ; then
|
||||
/opt/entrypoint/permissions.sh
|
||||
else
|
||||
/opt/entrypoint/permissions-swarm.sh
|
||||
@@ -57,23 +54,18 @@ if [ ! -f "/opt/installed" ] ; then
|
||||
/opt/entrypoint/nginx-temp.sh
|
||||
|
||||
# only do config if we are not in swarm mode
|
||||
if [ "$SWARM_MODE" = "no" ] ; then
|
||||
# global config
|
||||
/opt/entrypoint/global-config.sh
|
||||
if [ "$SWARM_MODE" != "yes" ] ; then
|
||||
# export the variables
|
||||
env | grep -E -v "^(HOSTNAME|PWD|PKG_RELEASE|NJS_VERSION|SHLVL|PATH|_|NGINX_VERSION|HOME)=" > "/tmp/variables.env"
|
||||
|
||||
# call the generator
|
||||
/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables /tmp/variables.env
|
||||
|
||||
# background jobs
|
||||
/opt/entrypoint/jobs.sh
|
||||
# multisite configs
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
for server in $SERVER_NAME ; do
|
||||
/opt/entrypoint/site-config.sh "$server"
|
||||
echo "[*] Multi site - $server configuration done"
|
||||
done
|
||||
/opt/entrypoint/multisite-config.sh
|
||||
# singlesite config
|
||||
else
|
||||
/opt/entrypoint/site-config.sh
|
||||
echo "[*] Single site - $SERVER_NAME configuration done"
|
||||
fi
|
||||
|
||||
# certbot
|
||||
/opt/entrypoint/certbot.sh
|
||||
fi
|
||||
|
||||
touch /opt/installed
|
||||
|
||||
@@ -1,257 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# load default values
|
||||
. /opt/entrypoint/defaults.sh
|
||||
|
||||
# load some functions
|
||||
. /opt/entrypoint/utils.sh
|
||||
|
||||
# copy stub confs
|
||||
cp /opt/confs/global/* /etc/nginx/
|
||||
|
||||
# include server block(s)
|
||||
if [ "$SWARM_MODE" = "no" ] ; then
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
includes=""
|
||||
for server in $SERVER_NAME ; do
|
||||
includes="${includes}include /etc/nginx/${server}/server.conf;\n"
|
||||
done
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%INCLUDE_SERVER%" "$includes"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%INCLUDE_SERVER%" "include /etc/nginx/server.conf;"
|
||||
fi
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%INCLUDE_SERVER%" ""
|
||||
fi
|
||||
|
||||
# setup default server block if multisite
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%MULTISITE_DEFAULT_SERVER%" "include /etc/nginx/multisite-default-server.conf;"
|
||||
if [ "$(has_value LISTEN_HTTP yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/multisite-default-server.conf" "%LISTEN_HTTP%" "listen 0.0.0.0:${HTTP_PORT} default_server;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/multisite-default-server.conf" "%LISTEN_HTTP%" ""
|
||||
fi
|
||||
if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$(has_value USE_CUSTOM_HTTPS yes)" != "" ] || [ "$(has_value GENERATE_SELF_SIGNED_SSL yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/multisite-default-server.conf" "%USE_HTTPS%" "include /etc/nginx/multisite-default-server-https.conf;"
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%HTTPS_PORT%" "$HTTPS_PORT"
|
||||
if [ "$(has_value HTTP2 yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%HTTP2%" "http2"
|
||||
else
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%HTTP2%" ""
|
||||
fi
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%HTTPS_PROTOCOLS%" "$HTTPS_PROTOCOLS"
|
||||
if [ "$(echo $HTTPS_PROTOCOLS | grep TLSv1.2)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%SSL_DHPARAM%" "ssl_dhparam /etc/nginx/dhparam;"
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%SSL_CIPHERS%" "ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%SSL_DHPARAM%" ""
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%SSL_CIPHERS%" ""
|
||||
fi
|
||||
openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/default-key.pem -out /etc/nginx/default-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
|
||||
if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%LETS_ENCRYPT_WEBROOT%" "include /etc/nginx/multisite-default-server-lets-encrypt-webroot.conf;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/multisite-default-server-https.conf" "%LETS_ENCRYPT_WEBROOT%" ""
|
||||
fi
|
||||
else
|
||||
replace_in_file "/etc/nginx/multisite-default-server.conf" "%USE_HTTPS%" ""
|
||||
fi
|
||||
if [ "$DISABLE_DEFAULT_SERVER" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/multisite-default-server.conf" "%MULTISITE_DISABLE_DEFAULT_SERVER%" "include /etc/nginx/multisite-disable-default-server.conf;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/multisite-default-server.conf" "%MULTISITE_DISABLE_DEFAULT_SERVER%" ""
|
||||
fi
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%MULTISITE_DEFAULT_SERVER%" ""
|
||||
fi
|
||||
|
||||
# logging
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%LOG_FORMAT%" "$LOG_FORMAT"
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%LOG_LEVEL%" "$LOG_LEVEL"
|
||||
|
||||
# proxy_cache zone
|
||||
if [ "$(has_value USE_PROXY_CACHE yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%PROXY_CACHE_PATH%" "proxy_cache_path /tmp/proxy_cache keys_zone=proxycache:${PROXY_CACHE_PATH_ZONE_SIZE} ${PROXY_CACHE_PATH_PARAMS};"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%PROXY_CACHE_PATH%" ""
|
||||
fi
|
||||
|
||||
# let's encrypt setup
|
||||
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
||||
if [ "$MULTISITE" = "no" ] ; then
|
||||
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
||||
DOMAINS_LETS_ENCRYPT=$(echo "$SERVER_NAME" | sed "s/ /,/g")
|
||||
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$FIRST_SERVER_NAME}"
|
||||
if [ ! -f /etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem ] ; then
|
||||
echo "[*] Performing Let's Encrypt challenge for $SERVER_NAME ..."
|
||||
/opt/scripts/certbot-new.sh "$DOMAINS_LETS_ENCRYPT" "$EMAIL_LETS_ENCRYPT"
|
||||
fi
|
||||
fi
|
||||
echo "$AUTO_LETS_ENCRYPT_CRON /opt/scripts/certbot-renew.sh > /dev/null 2>&1" >> /etc/crontabs/nginx
|
||||
fi
|
||||
|
||||
# self-signed certificate
|
||||
if [ "$GENERATE_SELF_SIGNED_SSL" = "yes" ] ; then
|
||||
mkdir /etc/nginx/self-signed-ssl/
|
||||
openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/self-signed-ssl/key.pem -out /etc/nginx/self-signed-ssl/cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
|
||||
fi
|
||||
|
||||
# country ban/whitelist
|
||||
if [ "$BLACKLIST_COUNTRY" != "" ] || [ "$WHITELIST_COUNTRY" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%USE_COUNTRY%" "include /etc/nginx/geoip.conf;"
|
||||
if [ "$WHITELIST_COUNTRY" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%DEFAULT%" "no"
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%COUNTRY%" "$(echo $WHITELIST_COUNTRY | sed 's/ / yes;\\n/g') yes;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%DEFAULT%" "yes"
|
||||
replace_in_file "/etc/nginx/geoip.conf" "%COUNTRY%" "$(echo $BLACKLIST_COUNTRY | sed 's/ / no;\\n/g') no;"
|
||||
fi
|
||||
echo "$GEOIP_CRON /opt/scripts/geoip.sh" >> /etc/crontabs/nginx
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%USE_COUNTRY%" ""
|
||||
fi
|
||||
|
||||
# block bad UA
|
||||
if [ "$(has_value BLOCK_USER_AGENT yes)" != "" ] ; then
|
||||
echo "$BLOCK_USER_AGENT_CRON /opt/scripts/user-agents.sh" >> /etc/crontabs/nginx
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_USER_AGENTS%" "lua_shared_dict user_agents_data 1m; lua_shared_dict user_agents_cache 10m;"
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_USER_AGENTS%" "true"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_USER_AGENTS%" ""
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_USER_AGENTS%" "false"
|
||||
fi
|
||||
|
||||
# block bad refferer
|
||||
if [ "$(has_value BLOCK_REFERRER yes)" != "" ] ; then
|
||||
echo "$BLOCK_REFERRER_CRON /opt/scripts/referrers.sh" >> /etc/crontabs/nginx
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_REFERRERS%" "lua_shared_dict referrers_data 1m; lua_shared_dict referrers_cache 10m;"
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_REFERRERS%" "true"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_REFERRERS%" ""
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_REFERRERS%" "false"
|
||||
fi
|
||||
|
||||
# block TOR exit nodes
|
||||
if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] ; then
|
||||
echo "$BLOCK_TOR_EXIT_NODE_CRON /opt/scripts/exit-nodes.sh" >> /etc/crontabs/nginx
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_TOR_EXIT_NODES%" "lua_shared_dict tor_exit_nodes_data 1m;"
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_TOR_EXIT_NODES%" "true"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_TOR_EXIT_NODES%" ""
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_TOR_EXIT_NODES%" "false"
|
||||
fi
|
||||
|
||||
# block proxies
|
||||
if [ "$(has_value BLOCK_PROXIES yes)" != "" ] ; then
|
||||
echo "$BLOCK_PROXIES_CRON /opt/scripts/proxies.sh" >> /etc/crontabs/nginx
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_PROXIES%" "lua_shared_dict proxies_data 250m;"
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_PROXIES%" "true"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_PROXIES%" ""
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_PROXIES%" "false"
|
||||
fi
|
||||
|
||||
# block abusers
|
||||
if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
|
||||
echo "$BLOCK_ABUSERS_CRON /opt/scripts/abusers.sh" >> /etc/crontabs/nginx
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_ABUSERS%" "lua_shared_dict abusers_data 50m;"
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_ABUSERS%" "true"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_ABUSERS%" ""
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_ABUSERS%" "false"
|
||||
fi
|
||||
|
||||
# DNS resolvers
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%DNS_RESOLVERS%" "$DNS_RESOLVERS"
|
||||
|
||||
# whitelist IP
|
||||
if [ "$(has_value USE_WHITELIST_IP yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%WHITELIST_IP_CACHE%" "lua_shared_dict whitelist_ip_cache 10m;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%WHITELIST_IP_CACHE%" ""
|
||||
fi
|
||||
|
||||
# whitelist rDNS
|
||||
if [ "$(has_value USE_WHITELIST_REVERSE yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%WHITELIST_REVERSE_CACHE%" "lua_shared_dict whitelist_reverse_cache 10m;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%WHITELIST_REVERSE_CACHE%" ""
|
||||
fi
|
||||
|
||||
# blacklist IP
|
||||
if [ "$(has_value USE_BLACKLIST_IP yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLACKLIST_IP_CACHE%" "lua_shared_dict blacklist_ip_cache 10m;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLACKLIST_IP_CACHE%" ""
|
||||
fi
|
||||
|
||||
# blacklist rDNS
|
||||
if [ "$(has_value USE_BLACKLIST_REVERSE yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLACKLIST_REVERSE_CACHE%" "lua_shared_dict blacklist_reverse_cache 10m;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BLACKLIST_REVERSE_CACHE%" ""
|
||||
fi
|
||||
|
||||
# request limiting
|
||||
if [ "$(has_value USE_LIMIT_REQ yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%LIMIT_REQ_ZONE%" "limit_req_zone \$binary_remote_addr\$uri zone=limit:${LIMIT_REQ_CACHE} rate=${LIMIT_REQ_RATE};"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%LIMIT_REQ_ZONE%" ""
|
||||
fi
|
||||
|
||||
# connection limiting
|
||||
if [ "$(has_value USE_LIMIT_CONN yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%LIMIT_CONN_ZONE%" "limit_conn_zone \$binary_remote_addr zone=ddos:${LIMIT_CONN_CACHE};"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%LIMIT_CONN_ZONE%" ""
|
||||
fi
|
||||
|
||||
# DNSBL
|
||||
if [ "$(has_value USE_DNSBL yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%DNSBL_CACHE%" "lua_shared_dict dnsbl_cache 10m;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%DNSBL_CACHE%" "lua_shared_dict dnsbl_cache 10m;"
|
||||
fi
|
||||
|
||||
# disable default site
|
||||
if [ "$DISABLE_DEFAULT_SERVER" = "yes" ] && [ "$MULTISITE" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/multisite-default-server.conf" "%MULTISITE_DISABLE_DEFAULT_SERVER%" "include /etc/nginx/multisite-disable-default-server.conf;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/multisite-default-server.conf" "%MULTISITE_DISABLE_DEFAULT_SERVER%" ""
|
||||
fi
|
||||
|
||||
# bad behavior
|
||||
if [ "$(has_value USE_BAD_BEHAVIOR yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BAD_BEHAVIOR%" "lua_shared_dict behavior_ban 10m;\nlua_shared_dict behavior_count 10m;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%BAD_BEHAVIOR%" ""
|
||||
fi
|
||||
|
||||
# CrowdSec setup
|
||||
if [ "$(has_value USE_CROWDSEC yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_CROWDSEC%" "true"
|
||||
cp /opt/crowdsec/crowdsec.conf /etc/nginx
|
||||
replace_in_file "/etc/nginx/crowdsec.conf" "%CROWDSEC_HOST%" "$CROWDSEC_HOST"
|
||||
replace_in_file "/etc/nginx/crowdsec.conf" "%CROWDSEC_KEY%" "$CROWDSEC_KEY"
|
||||
else
|
||||
replace_in_file "/etc/nginx/init-lua.conf" "%USE_CROWDSEC%" "false"
|
||||
fi
|
||||
|
||||
# API
|
||||
if [ "$USE_API" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%USE_API%" "include /etc/nginx/api.conf;"
|
||||
if [ "$API_URI" = "random" ] ; then
|
||||
API_URI="/$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
|
||||
echo "[*] Generated API URI : $API_URI"
|
||||
fi
|
||||
replace_in_file "/etc/nginx/api.conf" "%API_URI%" "$API_URI"
|
||||
list=$(spaces_to_lua "$API_WHITELIST_IP")
|
||||
replace_in_file "/etc/nginx/api.conf" "%API_WHITELIST_IP%" "$list"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%USE_API%" ""
|
||||
fi
|
||||
|
||||
# performance tuning
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%WORKER_CONNECTIONS%" "$WORKER_CONNECTIONS"
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%WORKER_RLIMIT_NOFILE%" "$WORKER_RLIMIT_NOFILE"
|
||||
@@ -1,8 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
# load default values
|
||||
. ./opt/entrypoint/defaults.sh
|
||||
|
||||
# load some functions
|
||||
. /opt/entrypoint/utils.sh
|
||||
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# load default values
|
||||
. /opt/entrypoint/defaults.sh
|
||||
|
||||
# load some functions
|
||||
. /opt/entrypoint/utils.sh
|
||||
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
servers=$(find /etc/nginx -name "server.conf" | cut -d '/' -f 4)
|
||||
for server in $servers ; do
|
||||
if [ "$server" = "server.conf" ] ; then
|
||||
continue
|
||||
fi
|
||||
SERVER_PREFIX="/etc/nginx/${server}/"
|
||||
if grep "/etc/letsencrypt/live" ${SERVER_PREFIX}https.conf > /dev/null && [ ! -f /etc/letsencrypt/live/${server}/fullchain.pem ] ; then
|
||||
domains=$(cat ${SERVER_PREFIX}server.conf | sed -nE 's/^.*server_name (.*);$/\1/p' | sed "s/ /,/g")
|
||||
/opt/scripts/certbot-new.sh "$domains" "$(cat ${SERVER_PREFIX}email-lets-encrypt.txt)"
|
||||
fi
|
||||
if grep "modsecurity.conf" ${SERVER_PREFIX}server.conf > /dev/null ; then
|
||||
modsec_custom=""
|
||||
if ls /modsec-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_custom="include /modsec-confs/*.conf\n"
|
||||
fi
|
||||
if ls /modsec-confs/${server}/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_custom="${modsec_custom}include /modsec-confs/${server}/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${SERVER_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "$modsec_custom"
|
||||
if grep "owasp/crs.conf" ${SERVER_PREFIX}modsecurity-rules.conf > /dev/null ; then
|
||||
modsec_crs_custom=""
|
||||
if ls /modsec-crs-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_crs_custom="include /modsec-crs-confs/*.conf\n"
|
||||
fi
|
||||
if ls /modsec-crs-confs/${server}/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_crs_custom="${modsec_crs_custom}include /modsec-crs-confs/${server}/*.conf\n"
|
||||
fi
|
||||
fi
|
||||
replace_in_file "${SERVER_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "$modsec_crs_custom"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
@@ -1,8 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
# load default values
|
||||
. /opt/entrypoint/defaults.sh
|
||||
|
||||
# load some functions
|
||||
. /opt/entrypoint/utils.sh
|
||||
|
||||
|
||||
@@ -1,621 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# load default values
|
||||
. /opt/entrypoint/defaults.sh
|
||||
|
||||
# load some functions
|
||||
. /opt/entrypoint/utils.sh
|
||||
|
||||
# get nginx path and override multisite variables
|
||||
NGINX_PREFIX="/etc/nginx/"
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
first_server=$(echo "$1" | cut -d ' ' -f 1)
|
||||
NGINX_PREFIX="${NGINX_PREFIX}${first_server}/"
|
||||
if [ ! -d "$NGINX_PREFIX" ] ; then
|
||||
mkdir "$NGINX_PREFIX"
|
||||
fi
|
||||
ROOT_FOLDER="${ROOT_FOLDER}/$first_server"
|
||||
for var in $(env | cut -d '=' -f 1 | grep -E "^${first_server}_") ; do
|
||||
repl_name=$(echo "$var" | sed "s~${first_server}_~~")
|
||||
repl_value=$(env | grep -E "^${var}=" | sed "s~^${var}=~~")
|
||||
read -r "$repl_name" <<< $repl_value
|
||||
done
|
||||
fi
|
||||
|
||||
if [ "$ROOT_SITE_SUBFOLDER" != "" ] ; then
|
||||
ROOT_FOLDER="${ROOT_FOLDER}/${ROOT_SITE_SUBFOLDER}"
|
||||
fi
|
||||
|
||||
set | grep -E -v "^(HOSTNAME|PWD|PKG_RELEASE|NJS_VERSION|SHLVL|PATH|_|NGINX_VERSION|HOME)=" > "${NGINX_PREFIX}nginx.env"
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
for server in $SERVER_NAME ; do
|
||||
sed -i "/^${server}_.*=.*/d" "${NGINX_PREFIX}nginx.env"
|
||||
done
|
||||
sed -i "s~^SERVER_NAME=.*~SERVER_NAME=${1}~" "${NGINX_PREFIX}nginx.env"
|
||||
fi
|
||||
|
||||
# copy stub confs
|
||||
cp /opt/confs/site/* "$NGINX_PREFIX"
|
||||
|
||||
# replace paths
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%INCLUDE_LUA%" "include ${NGINX_PREFIX}main-lua.conf;\ninclude ${NGINX_PREFIX}log-lua.conf;"
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_CONF%" "include /server-confs/*.conf;\ninclude /server-confs/${first_server}/*.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%PRE_SERVER_CONF%" "include /pre-server-confs/*.conf;\ninclude /pre-server-confs/${first_server}/*.conf;"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_CONF%" "include /server-confs/*.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%PRE_SERVER_CONF%" "include /pre-server-confs/*.conf;"
|
||||
fi
|
||||
|
||||
# max body size
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE"
|
||||
|
||||
# server tokens
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS"
|
||||
|
||||
# reverse proxy
|
||||
if [ "$USE_REVERSE_PROXY" = "yes" ] ; then
|
||||
i=1
|
||||
for var in $(set | cut -d '=' -f 1 | grep "^REVERSE_PROXY_URL") ; do
|
||||
url=$(echo "$var")
|
||||
url_value=$(echo "${!var}")
|
||||
host=$(echo "$var" | sed "s/URL/HOST/")
|
||||
host_value=$(echo "${!host}")
|
||||
custom_headers=$(echo "$var" | sed "s/URL/HEADERS/")
|
||||
custom_headers_value=$(echo "${!custom_headers}")
|
||||
ws=$(echo "$var" | sed "s/URL/WS/")
|
||||
ws_value=$(echo "${!ws}")
|
||||
cp "${NGINX_PREFIX}reverse-proxy.conf" "${NGINX_PREFIX}reverse-proxy-${i}.conf"
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_URL%" "$url_value"
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HOST%" "$host_value"
|
||||
if [ "$custom_headers_value" != "" ] ; then
|
||||
IFS_=$IFS
|
||||
IFS=';'
|
||||
for header_value in $(echo $custom_headers_value) ; do
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" "proxy_set_header $header_value;\n%REVERSE_PROXY_CUSTOM_HEADERS%"
|
||||
done
|
||||
IFS=$IFS_
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" ""
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HEADERS%" "include ${NGINX_PREFIX}reverse-proxy-headers.conf;"
|
||||
if [ "$ws_value" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" "proxy_http_version 1.1;\nproxy_set_header Upgrade \$http_upgrade;\nproxy_set_header Connection \"Upgrade\";\n"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" ""
|
||||
fi
|
||||
i=$(($i + 1))
|
||||
done
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "include ${NGINX_PREFIX}reverse-proxy-*.conf;"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" ""
|
||||
fi
|
||||
|
||||
# proxy caching
|
||||
if [ "$USE_PROXY_CACHE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PROXY_CACHE%" "include ${NGINX_PREFIX}proxy-cache.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}proxy-cache.conf" "%PROXY_CACHE_METHODS%" "$PROXY_CACHE_METHODS"
|
||||
replace_in_file "${NGINX_PREFIX}proxy-cache.conf" "%PROXY_CACHE_MIN_USES%" "$PROXY_CACHE_MIN_USES"
|
||||
replace_in_file "${NGINX_PREFIX}proxy-cache.conf" "%PROXY_CACHE_KEY%" "$PROXY_CACHE_KEY"
|
||||
replace_in_file "${NGINX_PREFIX}proxy-cache.conf" "%PROXY_NO_CACHE%" "$PROXY_NO_CACHE"
|
||||
replace_in_file "${NGINX_PREFIX}proxy-cache.conf" "%PROXY_CACHE_BYPASS%" "$PROXY_CACHE_BYPASS"
|
||||
valids=""
|
||||
for valid in $PROXY_CACHE_VALID ; do
|
||||
code="$(echo $valid | cut -d '=' -f 1)"
|
||||
timing="$(echo $valid | cut -d '=' -f 2)"
|
||||
valids="${valids}\nproxy_cache_valid ${code} ${timing};"
|
||||
done
|
||||
replace_in_file "${NGINX_PREFIX}proxy-cache.conf" "%PROXY_CACHE_VALID%" "$valids"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PROXY_CACHE%" ""
|
||||
fi
|
||||
|
||||
# file metadata caching
|
||||
if [ "$USE_OPEN_FILE_CACHE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_OPEN_FILE_CACHE%" "include ${NGINX_PREFIX}open-file-cache.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}open-file-cache.conf" "%OPEN_FILE_CACHE%" "$OPEN_FILE_CACHE"
|
||||
replace_in_file "${NGINX_PREFIX}open-file-cache.conf" "%OPEN_FILE_CACHE_ERRORS%" "$OPEN_FILE_CACHE_ERRORS"
|
||||
replace_in_file "${NGINX_PREFIX}open-file-cache.conf" "%OPEN_FILE_CACHE_MIN_USES%" "$OPEN_FILE_CACHE_MIN_USES"
|
||||
replace_in_file "${NGINX_PREFIX}open-file-cache.conf" "%OPEN_FILE_CACHE_VALID%" "$OPEN_FILE_CACHE_VALID"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_OPEN_FILE_CACHE%" ""
|
||||
fi
|
||||
|
||||
# client caching
|
||||
if [ "$USE_CLIENT_CACHE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_CLIENT_CACHE%" "include ${NGINX_PREFIX}client-cache.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_EXTENSIONS%" "$CLIENT_CACHE_EXTENSIONS"
|
||||
replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_ETAG%" "$CLIENT_CACHE_ETAG"
|
||||
replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_CONTROL%" "$CLIENT_CACHE_CONTROL"
|
||||
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_CLIENT_CACHE%" ""
|
||||
fi
|
||||
|
||||
# gzip compression
|
||||
if [ "$USE_GZIP" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_GZIP%" "include ${NGINX_PREFIX}gzip.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}gzip.conf" "%GZIP_COMP_LEVEL%" "$GZIP_COMP_LEVEL"
|
||||
replace_in_file "${NGINX_PREFIX}gzip.conf" "%GZIP_MIN_LENGTH%" "$GZIP_MIN_LENGTH"
|
||||
replace_in_file "${NGINX_PREFIX}gzip.conf" "%GZIP_TYPES%" "$GZIP_TYPES"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_GZIP%" ""
|
||||
fi
|
||||
|
||||
# brotli compression
|
||||
if [ "$USE_BROTLI" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_BROTLI%" "include ${NGINX_PREFIX}brotli.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}brotli.conf" "%BROTLI_COMP_LEVEL%" "$BROTLI_COMP_LEVEL"
|
||||
replace_in_file "${NGINX_PREFIX}brotli.conf" "%BROTLI_MIN_LENGTH%" "$BROTLI_MIN_LENGTH"
|
||||
replace_in_file "${NGINX_PREFIX}brotli.conf" "%BROTLI_TYPES%" "$BROTLI_TYPES"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_BROTLI%" ""
|
||||
fi
|
||||
|
||||
# remote PHP
|
||||
if [ "$REMOTE_PHP" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" "include ${NGINX_PREFIX}php.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%FASTCGI_PATH%" "include ${NGINX_PREFIX}fastcgi.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}php.conf" "%REMOTE_PHP%" "$REMOTE_PHP"
|
||||
replace_in_file "${NGINX_PREFIX}fastcgi.conf" "\$document_root" "${REMOTE_PHP_PATH}/"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" ""
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%FASTCGI_PATH%" ""
|
||||
fi
|
||||
|
||||
# serve files
|
||||
if [ "$SERVE_FILES" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVE_FILES%" "include ${NGINX_PREFIX}serve-files.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}serve-files.conf" "%ROOT_FOLDER%" "$ROOT_FOLDER"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVE_FILES%" ""
|
||||
fi
|
||||
|
||||
# remove headers
|
||||
if [ "$REMOVE_HEADERS" != "" ] ; then
|
||||
remove=""
|
||||
for header in $REMOVE_HEADERS ; do
|
||||
remove="${remove}more_clear_headers '$header';\n"
|
||||
done
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%REMOVE_HEADERS%" "$remove"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%REMOVE_HEADERS%" ""
|
||||
fi
|
||||
|
||||
# X-Frame-Options header
|
||||
if [ "$X_FRAME_OPTIONS" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%X_FRAME_OPTIONS%" "include ${NGINX_PREFIX}x-frame-options.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}x-frame-options.conf" "%X_FRAME_OPTIONS%" "$X_FRAME_OPTIONS"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%X_FRAME_OPTIONS%" ""
|
||||
fi
|
||||
|
||||
# X-XSS-Protection header
|
||||
if [ "$X_XSS_PROTECTION" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%X_XSS_PROTECTION%" "include ${NGINX_PREFIX}x-xss-protection.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}x-xss-protection.conf" "%X_XSS_PROTECTION%" "$X_XSS_PROTECTION"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%X_XSS_PROTECTION%" ""
|
||||
fi
|
||||
|
||||
# X-Content-Type-Options header
|
||||
if [ "$X_CONTENT_TYPE_OPTIONS" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%X_CONTENT_TYPE_OPTIONS%" "include ${NGINX_PREFIX}x-content-type-options.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}x-content-type-options.conf" "%X_CONTENT_TYPE_OPTIONS%" "$X_CONTENT_TYPE_OPTIONS"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%X_CONTENT_TYPE_OPTIONS%" ""
|
||||
fi
|
||||
|
||||
# Referrer-Policy header
|
||||
if [ "$REFERRER_POLICY" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%REFERRER_POLICY%" "include ${NGINX_PREFIX}referrer-policy.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}referrer-policy.conf" "%REFERRER_POLICY%" "$REFERRER_POLICY"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%REFERRER_POLICY%" ""
|
||||
fi
|
||||
|
||||
# Feature-Policy header
|
||||
if [ "$FEATURE_POLICY" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%FEATURE_POLICY%" "include ${NGINX_PREFIX}feature-policy.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}feature-policy.conf" "%FEATURE_POLICY%" "$FEATURE_POLICY"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%FEATURE_POLICY%" ""
|
||||
fi
|
||||
|
||||
# Permissions-Policy header
|
||||
if [ "$PERMISSIONS_POLICY" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%PERMISSIONS_POLICY%" "include ${NGINX_PREFIX}permissions-policy.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}permissions-policy.conf" "%PERMISSIONS_POLICY%" "$PERMISSIONS_POLICY"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%PERMISSIONS_POLICY%" ""
|
||||
fi
|
||||
|
||||
# Content-Security-Policy header
|
||||
if [ "$CONTENT_SECURITY_POLICY" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%CONTENT_SECURITY_POLICY%" "include ${NGINX_PREFIX}content-security-policy.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}content-security-policy.conf" "%CONTENT_SECURITY_POLICY%" "$CONTENT_SECURITY_POLICY"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%CONTENT_SECURITY_POLICY%" ""
|
||||
fi
|
||||
|
||||
# cookie flags
|
||||
if [ "$COOKIE_FLAGS" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%COOKIE_FLAGS%" "include ${NGINX_PREFIX}cookie-flags.conf;"
|
||||
if [ "$COOKIE_AUTO_SECURE_FLAG" = "yes" ] ; then
|
||||
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GENERATE_SELF_SIGNED_SSL" = "yes" ] ; then
|
||||
COOKIE_FLAGS="${COOKIE_FLAGS} Secure"
|
||||
fi
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}cookie-flags.conf" "%COOKIE_FLAGS%" "$COOKIE_FLAGS"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%COOKIE_FLAGS%" ""
|
||||
fi
|
||||
|
||||
# disable default server
|
||||
if [ "$DISABLE_DEFAULT_SERVER" = "yes" ] && [ "$MULTISITE" != "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%DISABLE_DEFAULT_SERVER%" "include ${NGINX_PREFIX}disable-default-server.conf;"
|
||||
SERVER_NAME_PIPE=$(echo $SERVER_NAME | sed "s/ /|/g")
|
||||
replace_in_file "${NGINX_PREFIX}disable-default-server.conf" "%SERVER_NAME%" "$SERVER_NAME_PIPE"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%DISABLE_DEFAULT_SERVER%" ""
|
||||
fi
|
||||
|
||||
# set the server host name
|
||||
if [ "$MULTISITE" == "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_NAME%" "$1"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_NAME%" "$SERVER_NAME"
|
||||
fi
|
||||
|
||||
# allowed HTTP methods
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%ALLOWED_METHODS%" "$ALLOWED_METHODS"
|
||||
|
||||
# country ban
|
||||
if [ "$BLACKLIST_COUNTRY" != "" ] || [ "$WHITELIST_COUNTRY" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_COUNTRY%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_COUNTRY%" "false"
|
||||
fi
|
||||
|
||||
# block bad UA
|
||||
if [ "$BLOCK_USER_AGENT" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENTS%" "true"
|
||||
if [ "$WHITELIST_USER_AGENT" != "" ] ; then
|
||||
list=$(spaces_to_lua "$WHITELIST_USER_AGENT")
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_USER_AGENT%" "$list"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_USER_AGENT%" ""
|
||||
fi
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_USER_AGENTS%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_USER_AGENT%" ""
|
||||
fi
|
||||
|
||||
# whitelist URI
|
||||
if [ "$WHITELIST_URI" != "" ] ; then
|
||||
list=$(spaces_to_lua "$WHITELIST_URI")
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_URI%" "$list"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_URI%" ""
|
||||
fi
|
||||
|
||||
# block bad referrer
|
||||
if [ "$BLOCK_REFERRER" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_REFERRERS%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_REFERRER%" "false"
|
||||
fi
|
||||
|
||||
# block TOR exit nodes
|
||||
if [ "$BLOCK_TOR_EXIT_NODE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_TOR_EXIT_NODES%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_TOR_EXIT_NODES%" "false"
|
||||
fi
|
||||
|
||||
# block proxies
|
||||
if [ "$BLOCK_PROXIES" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_PROXIES%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_PROXIES%" "false"
|
||||
fi
|
||||
|
||||
# block abusers
|
||||
if [ "$BLOCK_ABUSERS" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ABUSERS%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ABUSERS%" "false"
|
||||
fi
|
||||
|
||||
# HTTPS config
|
||||
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GENERATE_SELF_SIGNED_SSL" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_HTTPS%" "include ${NGINX_PREFIX}https.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_PORT%" "$HTTPS_PORT"
|
||||
if [ "$HTTP2" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTP2%" "http2"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTP2%" ""
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_PROTOCOLS%" "$HTTPS_PROTOCOLS"
|
||||
if [ "$(echo $HTTPS_PROTOCOLS | grep TLSv1.2)" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%SSL_DHPARAM%" "ssl_dhparam /etc/nginx/dhparam;"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%SSL_CIPHERS%" "ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%SSL_DHPARAM%" ""
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%SSL_CIPHERS%" ""
|
||||
fi
|
||||
if [ "$STRICT_TRANSPORT_SECURITY" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%STRICT_TRANSPORT_SECURITY%" "more_set_headers 'Strict-Transport-Security: $STRICT_TRANSPORT_SECURITY';"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%STRICT_TRANSPORT_SECURITY%" ""
|
||||
fi
|
||||
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_LETS_ENCRYPT%" "true"
|
||||
if [ "$MULTISITE" = "no" ] ; then
|
||||
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
||||
else
|
||||
FIRST_SERVER_NAME="$first_server"
|
||||
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$first_server}"
|
||||
echo -n "$EMAIL_LETS_ENCRYPT" > ${NGINX_PREFIX}email-lets-encrypt.txt
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_CERT%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_KEY%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/privkey.pem"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%LETS_ENCRYPT_WEBROOT%" "include ${NGINX_PREFIX}lets-encrypt-webroot.conf;"
|
||||
elif [ "$USE_CUSTOM_HTTPS" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_LETS_ENCRYPT%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_CERT%" "$CUSTOM_HTTPS_CERT"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_KEY%" "$CUSTOM_HTTPS_KEY"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%LETS_ENCRYPT_WEBROOT%" ""
|
||||
elif [ "$GENERATE_SELF_SIGNED_SSL" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_LETS_ENCRYPT%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_CERT%" "/etc/nginx/self-signed-ssl/cert.pem"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_KEY%" "/etc/nginx/self-signed-ssl/key.pem"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%LETS_ENCRYPT_WEBROOT%" ""
|
||||
fi
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_LETS_ENCRYPT%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_HTTPS%" ""
|
||||
fi
|
||||
|
||||
# listen on HTTP_PORT
|
||||
if [ "$LISTEN_HTTP" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%LISTEN_HTTP%" "listen 0.0.0.0:${HTTP_PORT};"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%LISTEN_HTTP%" ""
|
||||
fi
|
||||
|
||||
# HTTP to HTTPS redirect
|
||||
if [ "$REDIRECT_HTTP_TO_HTTPS" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%REDIRECT_HTTP_TO_HTTPS%" "include ${NGINX_PREFIX}redirect-http-to-https.conf;"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%REDIRECT_HTTP_TO_HTTPS%" ""
|
||||
fi
|
||||
|
||||
# ModSecurity config
|
||||
if [ "$USE_MODSECURITY" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity.conf" "%MODSEC_RULES_FILE%" "${NGINX_PREFIX}modsecurity-rules.conf"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_MODSECURITY%" "include ${NGINX_PREFIX}modsecurity.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_SEC_AUDIT_ENGINE%" "$MODSECURITY_SEC_AUDIT_ENGINE"
|
||||
if [ "$MULTISITE" != "yes" ] ; then
|
||||
modsec_custom=""
|
||||
if ls /modsec-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_custom="include /modsec-confs/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "$modsec_custom"
|
||||
fi
|
||||
if [ "$USE_MODSECURITY_CRS" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" "include /opt/owasp/crs.conf"
|
||||
if [ "$MULTISITE" != "yes" ] ; then
|
||||
modsec_crs_custom=""
|
||||
if ls /modsec-crs-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_crs_custom="include /modsec-crs-confs/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "$modsec_crs_custom"
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS_RULES%" "include /opt/owasp/crs/*.conf"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" ""
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" ""
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS_RULES%" ""
|
||||
fi
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_MODSECURITY%" ""
|
||||
fi
|
||||
|
||||
# real IP behind reverse proxy
|
||||
if [ "$PROXY_REAL_IP" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%PROXY_REAL_IP%" "include ${NGINX_PREFIX}proxy-real-ip.conf;"
|
||||
froms=""
|
||||
for from in $PROXY_REAL_IP_FROM ; do
|
||||
froms="${froms}set_real_ip_from ${from};\n"
|
||||
done
|
||||
replace_in_file "${NGINX_PREFIX}proxy-real-ip.conf" "%PROXY_REAL_IP_FROM%" "$froms"
|
||||
replace_in_file "${NGINX_PREFIX}proxy-real-ip.conf" "%PROXY_REAL_IP_HEADER%" "$PROXY_REAL_IP_HEADER"
|
||||
replace_in_file "${NGINX_PREFIX}proxy-real-ip.conf" "%PROXY_REAL_IP_RECURSIVE%" "$PROXY_REAL_IP_RECURSIVE"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%PROXY_REAL_IP%" ""
|
||||
fi
|
||||
|
||||
# custom errors
|
||||
ERRORS=""
|
||||
for var in $(compgen -e) ; do
|
||||
var_name=$(echo "$var" | cut -d '_' -f 1)
|
||||
if [ "z${var_name}" = "zERROR" ] ; then
|
||||
err_code=$(echo "$var" | cut -d '_' -f 2)
|
||||
err_page=$(echo "${!var}")
|
||||
cp /opt/confs/error.conf ${NGINX_PREFIX}error-${err_code}.conf
|
||||
replace_in_file "${NGINX_PREFIX}error-${err_code}.conf" "%CODE%" "$err_code"
|
||||
replace_in_file "${NGINX_PREFIX}error-${err_code}.conf" "%PAGE%" "$err_page"
|
||||
replace_in_file "${NGINX_PREFIX}error-${err_code}.conf" "%ROOT_FOLDER%" "$ROOT_FOLDER"
|
||||
ERRORS="${ERRORS}include ${NGINX_PREFIX}error-${err_code}.conf;\n"
|
||||
fi
|
||||
done
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%ERRORS%" "$ERRORS"
|
||||
|
||||
# auth basic
|
||||
if [ "$USE_AUTH_BASIC" = "yes" ] ; then
|
||||
if [ "$AUTH_BASIC_LOCATION" = "sitewide" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%AUTH_BASIC%" "include ${NGINX_PREFIX}auth-basic-sitewide.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}auth-basic-sitewide.conf" "%AUTH_BASIC_TEXT%" "$AUTH_BASIC_TEXT"
|
||||
replace_in_file "${NGINX_PREFIX}auth-basic-sitewide.conf" "%NGINX_PREFIX%" "$NGINX_PREFIX"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%AUTH_BASIC%" "include ${NGINX_PREFIX}auth-basic.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}auth-basic.conf" "%AUTH_BASIC_LOCATION%" "$AUTH_BASIC_LOCATION"
|
||||
replace_in_file "${NGINX_PREFIX}auth-basic.conf" "%AUTH_BASIC_TEXT%" "$AUTH_BASIC_TEXT"
|
||||
replace_in_file "${NGINX_PREFIX}auth-basic.conf" "%NGINX_PREFIX%" "$NGINX_PREFIX"
|
||||
fi
|
||||
htpasswd -b -B -c ${NGINX_PREFIX}.htpasswd "$AUTH_BASIC_USER" "$AUTH_BASIC_PASSWORD"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%AUTH_BASIC%" ""
|
||||
fi
|
||||
|
||||
# whitelist IP
|
||||
if [ "$USE_WHITELIST_IP" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_WHITELIST_IP%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_WHITELIST_IP%" "false"
|
||||
fi
|
||||
list=$(spaces_to_lua "$WHITELIST_IP_LIST")
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_IP_LIST%" "$list"
|
||||
|
||||
# whitelist rDNS
|
||||
if [ "$USE_WHITELIST_REVERSE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_WHITELIST_REVERSE%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_WHITELIST_REVERSE%" "false"
|
||||
fi
|
||||
list=$(spaces_to_lua "$WHITELIST_REVERSE_LIST")
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%WHITELIST_REVERSE_LIST%" "$list"
|
||||
|
||||
# blacklist IP
|
||||
if [ "$USE_BLACKLIST_IP" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_BLACKLIST_IP%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_BLACKLIST_IP%" "false"
|
||||
fi
|
||||
list=$(spaces_to_lua "$BLACKLIST_IP_LIST")
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%BLACKLIST_IP_LIST%" "$list"
|
||||
|
||||
# blacklist rDNS
|
||||
if [ "$USE_BLACKLIST_REVERSE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_BLACKLIST_REVERSE%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_BLACKLIST_REVERSE%" "false"
|
||||
fi
|
||||
list=$(spaces_to_lua "$BLACKLIST_REVERSE_LIST")
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%BLACKLIST_REVERSE_LIST%" "$list"
|
||||
|
||||
# DNSBL
|
||||
if [ "$USE_DNSBL" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_DNSBL%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_DNSBL%" "false"
|
||||
fi
|
||||
list=$(spaces_to_lua "$DNSBL_LIST")
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%DNSBL_LIST%" "$list"
|
||||
|
||||
# antibot uri and session secret
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%ANTIBOT_URI%" "$ANTIBOT_URI"
|
||||
if [ "$ANTIBOT_SESSION_SECRET" = "random" ] ; then
|
||||
ANTIBOT_SESSION_SECRET=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%ANTIBOT_SESSION_SECRET%" "$ANTIBOT_SESSION_SECRET"
|
||||
|
||||
# antibot via cookie
|
||||
if [ "$USE_ANTIBOT" = "cookie" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_COOKIE%" "true"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_JAVASCRIPT%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_CAPTCHA%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_RECAPTCHA%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_JAVASCRIPT%" ""
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_CAPTCHA%" ""
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_RECAPTCHA%" ""
|
||||
# antibot via javascript
|
||||
elif [ "$USE_ANTIBOT" = "javascript" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_COOKIE%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_JAVASCRIPT%" "true"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_CAPTCHA%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_RECAPTCHA%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_JAVASCRIPT%" "include ${NGINX_PREFIX}antibot-javascript.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_CAPTCHA%" ""
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_RECAPTCHA%" ""
|
||||
replace_in_file "${NGINX_PREFIX}antibot-javascript.conf" "%ANTIBOT_URI%" "$ANTIBOT_URI"
|
||||
# antibot via captcha
|
||||
elif [ "$USE_ANTIBOT" = "captcha" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_COOKIE%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_JAVASCRIPT%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_CAPTCHA%" "true"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_RECAPTCHA%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_JAVASCRIPT%" ""
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_CAPTCHA%" "include ${NGINX_PREFIX}antibot-captcha.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_RECAPTCHA%" ""
|
||||
replace_in_file "${NGINX_PREFIX}antibot-captcha.conf" "%ANTIBOT_URI%" "$ANTIBOT_URI"
|
||||
# antibot via recaptcha
|
||||
elif [ "$USE_ANTIBOT" = "recaptcha" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_COOKIE%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_JAVASCRIPT%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_CAPTCHA%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_RECAPTCHA%" "true"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_JAVASCRIPT%" ""
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_CAPTCHA%" ""
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_RECAPTCHA%" "include ${NGINX_PREFIX}antibot-recaptcha.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}antibot-recaptcha.conf" "%ANTIBOT_URI%" "$ANTIBOT_URI"
|
||||
replace_in_file "${NGINX_PREFIX}antibot-recaptcha.conf" "%ANTIBOT_RECAPTCHA_SITEKEY%" "$ANTIBOT_RECAPTCHA_SITEKEY"
|
||||
replace_in_file "${NGINX_PREFIX}antibot-recaptcha.conf" "%ANTIBOT_RECAPTCHA_SECRET%" "$ANTIBOT_RECAPTCHA_SECRET"
|
||||
replace_in_file "${NGINX_PREFIX}antibot-recaptcha.conf" "%ANTIBOT_RECAPTCHA_SCORE%" "$ANTIBOT_RECAPTCHA_SCORE"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_COOKIE%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_JAVASCRIPT%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_CAPTCHA%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ANTIBOT_RECAPTCHA%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_JAVASCRIPT%" ""
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_CAPTCHA%" ""
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%INCLUDE_ANTIBOT_RECAPTCHA%" ""
|
||||
fi
|
||||
|
||||
# bad behavior
|
||||
if [ "$USE_BAD_BEHAVIOR" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_BAD_BEHAVIOR%" "true"
|
||||
replace_in_file "${NGINX_PREFIX}log-lua.conf" "%USE_BAD_BEHAVIOR%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_BAD_BEHAVIOR%" "false"
|
||||
replace_in_file "${NGINX_PREFIX}log-lua.conf" "%USE_BAD_BEHAVIOR%" "false"
|
||||
fi
|
||||
list=$(spaces_to_lua "$BAD_BEHAVIOR_STATUS_CODES")
|
||||
replace_in_file "${NGINX_PREFIX}log-lua.conf" "%BAD_BEHAVIOR_STATUS_CODES%" "$list"
|
||||
replace_in_file "${NGINX_PREFIX}log-lua.conf" "%BAD_BEHAVIOR_THRESHOLD%" "$BAD_BEHAVIOR_THRESHOLD"
|
||||
replace_in_file "${NGINX_PREFIX}log-lua.conf" "%BAD_BEHAVIOR_BAN_TIME%" "$BAD_BEHAVIOR_BAN_TIME"
|
||||
replace_in_file "${NGINX_PREFIX}log-lua.conf" "%BAD_BEHAVIOR_COUNT_TIME%" "$BAD_BEHAVIOR_COUNT_TIME"
|
||||
|
||||
# request limiting
|
||||
if [ "$USE_LIMIT_REQ" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%LIMIT_REQ%" "include ${NGINX_PREFIX}limit-req.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}limit-req.conf" "%LIMIT_REQ_BURST%" "$LIMIT_REQ_BURST"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%LIMIT_REQ%" ""
|
||||
fi
|
||||
|
||||
# connection limiting
|
||||
if [ "$USE_LIMIT_CONN" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%LIMIT_CONN%" "include ${NGINX_PREFIX}limit-conn.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}limit-conn.conf" "%LIMIT_CONN_MAX%" "$LIMIT_CONN_MAX"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%LIMIT_CONN%" ""
|
||||
fi
|
||||
|
||||
# clamav scan uploaded files
|
||||
if [ "$USE_CLAMAV_UPLOAD" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%USE_CLAMAV_UPLOAD%" "include ${NGINX_PREFIX}modsecurity-clamav.conf"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%USE_CLAMAV_UPLOAD%" ""
|
||||
fi
|
||||
|
||||
# CrowdSec
|
||||
if [ "$USE_CROWDSEC" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_CROWDSEC%" "true"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_CROWDSEC%" "false"
|
||||
fi
|
||||
|
||||
# DNS resolvers
|
||||
resolvers=$(spaces_to_lua "$DNS_RESOLVERS")
|
||||
replace_in_file "${NGINX_PREFIX}main-lua.conf" "%DNS_RESOLVERS%" "$resolvers"
|
||||
@@ -24,18 +24,20 @@ function spaces_to_lua() {
|
||||
|
||||
# check if at least one env var (global or multisite) has a specific value
|
||||
function has_value() {
|
||||
if [ "${!1}" == "$2" ] ; then
|
||||
echo "ok"
|
||||
return 0
|
||||
fi
|
||||
for var in $(env | grep -E "^.*_${1}=") ; do
|
||||
domain=$(echo "$var" | cut -d '_' -f 1)
|
||||
value=$(echo "$var" | sed "s~^${domain}_${1}=~~")
|
||||
if [ "$value" == "$2" ] ; then
|
||||
if [ -f "/etc/nginx/site.env" ] ; then
|
||||
if [ $(grep "^${1}=${2}$" /etc/nginx/site.env) != "" ] ; then
|
||||
echo "ok"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
else
|
||||
servers=$(find /etc/nginx -name "site.env" | cut -d '/' -f 4)
|
||||
for server in $servers ; do
|
||||
if [ $(grep "^${1}=${2}$" /etc/nginx/$server/site.env) != "" ] ; then
|
||||
echo "ok"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
# log to jobs.log
|
||||
|
||||
Reference in New Issue
Block a user