bunkerweb 1.4.0

2022-06-03 17:24:14 +02:00
parent 3a078326c5
commit a9f886804a
5245 changed files with 1432051 additions and 27894 deletions
--- a/core/customcert/confs/server-http/custom-cert.conf
+++ b/core/customcert/confs/server-http/custom-cert.conf
@@ -0,0 +1,19 @@
+{% if USE_CUSTOM_HTTPS == "yes" +%}
+
+# listen on HTTPS PORT
+listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %};
+
+# TLS config
+ssl_certificate {{ CUSTOM_HTTPS_CERT }};
+ssl_certificate_key {{ CUSTOM_HTTPS_KEY }};
+ssl_protocols {{ HTTPS_PROTOCOLS }};
+ssl_prefer_server_ciphers on;
+ssl_session_tickets off;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;
+{% if "TLSv1.2" in HTTPS_PROTOCOLS +%}
+ssl_dhparam /etc/nginx/dhparam;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+{% endif %}
+
+{% endif %}
--- a/core/customcert/jobs/custom-cert.py
+++ b/core/customcert/jobs/custom-cert.py
@@ -0,0 +1,66 @@
+#!/usr/bin/python3
+
+import sys, os, subprocess, traceback
+
+sys.path.append("/opt/bunkerweb/deps/python")
+sys.path.append("/opt/bunkerweb/utils")
+
+import logger, jobs
+
+def check_cert(cert_path) :
+    try :
+        cache_path = "/opt/bunkerweb/cache/customcert/" + cert_path.replace("/", "_") + ".hash"
+        current_hash = jobs.file_hash(cert_path)
+        if not os.path.isfile(cache_path) :
+            with open(cache_path, "w") as f :
+                f.write(current_hash)
+        old_hash = jobs.file_hash(cache_path)
+        if old_hash == current_hash :
+            return False
+        with open(cache_path, "w") as f :
+            f.write(current_hash)
+        return True
+    except :
+        logger.log("CUSTOM-CERT", "❌", "Exception while running custom-cert.py (check_cert) :")
+        print(traceback.format_exc())
+    return False
+
+status = 0
+
+try :
+
+    os.makedirs("/opt/bunkerweb/cache/customcert/", exist_ok=True)
+
+    # Multisite case
+    if os.getenv("MULTISITE") == "yes" :
+        for first_server in os.getenv("SERVER_NAME").split(" ") :
+            if os.getenv(first_server + "_USE_CUSTOM_HTTPS", os.getenv("USE_CUSTOM_HTTPS")) != "yes" :
+                continue
+            if first_server == "" :
+                continue
+            cert_path = os.getenv(first_server + "_CUSTOM_HTTPS_CERT")
+            logger.log("CUSTOM-CERT", "ℹ️", "Checking if certificate " + cert_path + " changed ...")
+            need_reload = check_cert(cert_path)
+            if need_reload :
+                logger.log("CUSTOM-CERT", "ℹ️", "Detected change for certificate " + cert_path)
+                status = 1
+            else :
+                logger.log("CUSTOM-CERT", "ℹ️", "No change for certificate " + cert_path)
+
+    # Singlesite case
+    elif os.getenv("USE_CUSTOM_HTTPS") == "yes" and os.getenv("SERVER_NAME") != "" :
+        cert_path = os.getenv("CUSTOM_HTTPS_CERT")
+        logger.log("CUSTOM-CERT", "ℹ️", "Checking if certificate " + cert_path + " changed ...")
+        need_reload = check_cert(cert_path)
+        if need_reload :
+            logger.log("CUSTOM-CERT", "ℹ️", "Detected change for certificate " + cert_path)
+            status = 1
+        else :
+            logger.log("CUSTOM-CERT", "ℹ️", "No change for certificate " + cert_path)
+
+except :
+    status = 2
+    logger.log("CUSTOM-CERT", "❌", "Exception while running custom-cert.py :")
+    print(traceback.format_exc())
+
+sys.exit(status)
--- a/core/customcert/plugin.json
+++ b/core/customcert/plugin.json
@@ -0,0 +1,44 @@
+{
+	"id": "customcert",
+	"order": 999,
+	"name": "Custom HTTPS certificate",
+	"description": "Choose custom certificate for HTTPS.",
+	"version": "0.1",
+	"settings": {
+		"USE_CUSTOM_HTTPS": {
+			"context": "multisite",
+			"default": "no",
+			"help": "Use custom HTTPS certificate.",
+			"id": "use-custom-https",
+			"label": "Use custom certificate",
+			"regex": "^(yes|no)$",
+			"type": "check"
+		},
+		"CUSTOM_HTTPS_CERT": {
+			"context": "multisite",
+			"default": "",
+			"help": "Full path of the certificate or bundle file.",
+			"id": "custom-https-cert",
+			"label": "Certificate path",
+			"regex": "^.*$",
+			"type": "text"
+		},
+		"CUSTOM_HTTPS_KEY": {
+			"context": "multisite",
+			"default": "",
+			"help": "Full path of the key file.",
+			"id": "custom-https-key",
+			"label": "Key path",
+			"regex": "^.*$",
+			"type": "text"
+		}
+	},
+	"jobs": [
+		{
+			"name": "custom-cert",
+			"file": "custom-cert.py",
+			"every": "day",
+			"reload": true
+		}
+	]
+}