linux - started work on bunkerized-nginx command

2021-06-22 21:19:12 +02:00 · 2021-06-22 21:19:12 +02:00 · d0366fcc0d
commit d0366fcc0d
parent b448d91ca8
10 changed files with 100 additions and 6 deletions
--- a/confs/global/init-lua.conf
+++ b/confs/global/init-lua.conf
@ -43,7 +43,7 @@ end
 -- Load plugins
 ngx.shared.plugins_data:safe_set("plugins", nil, 0)
-local p = io.popen("find /plugins -maxdepth 1 -type d ! -path /plugins")
+local p = io.popen("find /opt/bunkerized-nginx/plugins -maxdepth 1 -type d ! -path /opt/bunkerized-nginx/plugins")
 for dir in p:lines() do
 	-- read JSON
 	local file = io.open(dir .. "/plugin.json")
--- a/confs/global/multisite-default-server-lets-encrypt-webroot.conf
+++ b/confs/global/multisite-default-server-lets-encrypt-webroot.conf
@ -1,3 +1,3 @@
 location ~ ^/.well-known/acme-challenge/ {
-	root /acme-challenge;
+	root /opt/bunkerized-nginx/acme-challenge;
 }
--- a/confs/global/nginx-temp.conf
+++ b/confs/global/nginx-temp.conf
@ -20,7 +20,7 @@ http {
 		listen 0.0.0.0:%HTTP_PORT% default_server;
 		server_name _;
 		location ~ ^/.well-known/acme-challenge/ {
-			root /acme-challenge;
+			root /opt/bunkerized-nginx/acme-challenge;
 		}
 		%USE_API%
 		location / {
--- a/confs/global/nginx.conf
+++ b/confs/global/nginx.conf
@ -78,7 +78,7 @@ http {
 	port_in_redirect off;
 	# lua path and dicts
-	lua_package_path "/usr/local/lib/lua/?.lua;/plugins/?.lua;;";
+	lua_package_path "/usr/local/lib/lua/?.lua;/opt/bunkerized-nginx/plugins/?.lua;;";
 	{% if has_value("USE_WHITELIST_IP", "yes") %}lua_shared_dict whitelist_ip_cache 10m;{% endif %}
 	{% if has_value("USE_WHITELIST_REVERSE", "yes") %}lua_shared_dict whitelist_reverse_cache 10m;{% endif %}
 	{% if has_value("USE_BLACKLIST_IP", "yes") %}lua_shared_dict blacklist_ip_cache 10m;{% endif %}
--- a/confs/site/lets-encrypt-webroot.conf
+++ b/confs/site/lets-encrypt-webroot.conf
@ -1,3 +1,3 @@
 location ~ ^/.well-known/acme-challenge/ {
-	root /acme-challenge;
+	root /opt/bunkerized-nginx/acme-challenge;
 }
--- a/helpers/bunkerized-nginx
+++ b/helpers/bunkerized-nginx
@ -0,0 +1,50 @@
 #!/bin/bash
 function do_and_check_cmd() {
        if [ "$CHANGE_DIR" != "" ] ; then
                cd "$CHANGE_DIR"
        fi
        output=$(su -s "/bin/bash" -c "$@" nginx 2>&1)
        ret="$?"
        if [ $ret -ne 0 ] ; then
                echo "[!] Error from command : $*"
                echo "$output"
                exit $ret
        fi
        echo "$output"
        return 0
 }
 # Check if we are root
 if [ $(id -u) -ne 0 ] ; then
 	echo "[!] Run me as root"
 	exit 1
 fi
 # Check if variables.env is present
 if [ ! -f "/opt/bunkerized-nginx/variables.env" ] ; then
 	echo "[!] Missing /opt/bunkerized-nginx/variables.env"
 	exit 1
 fi
 # Run generator
 echo "[*] Generate configuration files"
 do_and_check_cmd /opt/bunkerized-nginx/gen/main.py --settings /opt/bunkerized-nginx/settings.json --templates /opt/bunkerized-nginx/confs --output /etc/nginx --variables /opt/bunkerized-nginx/variables.env
 # Run pre-jobs
 echo "[*] Run pre-jobs"
 do_and_check_cmd /opt/bunkerized-nginx/entrypoint/pre-jobs.sh
 # Reload nginx if it's running
 if [ -f "/tmp/nginx.pid" ] ; then
 	echo "[*] Reload nginx"
 	do_and_check_cmd nginx -s reload
 # Otherwise start it
 else
 	echo "[*] Start nginx"
 	do_and_check_cmd nginx -g 'daemon off;'
 fi
 # Run post-jobs
 echo "[*] Run post-jobs"
 do_and_check_cmd /opt/bunkerized-nginx/entrypoint/post-jobs.sh
--- a/helpers/install.sh
+++ b/helpers/install.sh
@ -130,6 +130,10 @@ do_and_check_cmd cp -r /tmp/bunkerized-nginx/defaults /opt/bunkerized-nginx
 echo "[*] Copy settings"
 do_and_check_cmd cp /tmp/bunkerized-nginx/settings.json /opt/bunkerized-nginx
 # Copy bunkerized-nginx
 echo "[*] Copy bunkerized-nginx"
 do_and_check_cmd cp /tmp/bunkerized-nginx/helpers/bunkerized-nginx /usr/local/bin
 # Create nginx user
 if [ "$(grep "nginx:" /etc/passwd)" = "" ] ; then
 	echo "[*] Add nginx user"
@ -200,6 +204,10 @@ do_and_check_cmd chmod 770 /opt/bunkerized-nginx/acme-challenge
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/scripts/*
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/entrypoint/*
 # Set permissions for /usr/local/bin/bunkerized-nginx
 do_and_check_cmd chown root:root /usr/local/bin/bunkerized-nginx
 do_and_check_cmd chmod 750 /usr/local/bin/bunkerized-nginx
 # Install cron
 echo "[*] Add jobs to crontab"
 if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
--- a/tests/index.html
+++ b/tests/index.html
@ -0,0 +1 @@
 ok
--- a/tests/linux.sh
+++ b/tests/linux.sh
@ -7,7 +7,7 @@ function cleanup() {
 image="$1"
 echo "[*] Run $image"
-id="$(docker run --rm -d -it "$image")"
+id="$(docker run --rm -d -it -p 80:80 "$image")"
 if [ $? -ne 0 ] ; then
 	echo "[!] docker run failed"
 	cleanup "$id"
@ -53,3 +53,35 @@ if [ $? -ne 0 ] ; then
 	cleanup "$id"
 	exit 6
 fi
 echo "[*] Copy variables.env"
 docker cp "tests/variables.env:$id" /opt/bunkerized-nginx/variables.env
 if [ $? -ne 0 ] ; then
 	echo "[!] docker cp failed"
 	cleanup "$id"
 	exit 7
 fi
 echo "[*] Copy index.html"
 docker cp "tests/index.html:$id" /opt/bunkerized-nginx/www
 if [ $? -ne 0 ] ; then
 	echo "[!] docker cp failed"
 	cleanup "$id"
 	exit 8
 fi
 echo "[*] Exec bunkerized-nginx"
 docker exec "$id" bunkerized-nginx
 if [ $? -ne 0 ] || [ "$res" != "ok" ] ; then
 	echo "[!] docker exec failed"
 	cleanup "$id"
 	exit 9
 fi
 echo "[*] Exec curl"
 res="$(curl -s http://localhost/")
 if [ $? -ne 0 ] || [ "$res" != "ok" ] ; then
 	echo "[!] curl failed"
 	cleanup "$id"
 	exit 10
 fi
--- a/tests/variables.env
+++ b/tests/variables.env
@ -0,0 +1,3 @@
 HTTP_PORT=80
 HTTPS_PORT=443
 SERVER_NAME=www.test.com