jobs - various bugs fixed and old files removed

2021-07-21 11:55:14 +02:00 · 2021-07-21 11:55:14 +02:00 · d12369c900
commit d12369c900
parent 366e39f591
31 changed files with 303 additions and 628 deletions
--- a/confs/global/init-lua.conf
+++ b/confs/global/init-lua.conf
@ -4,30 +4,34 @@ local dataloader		= require "dataloader"
 local logger			= require "logger"
 local cjson			= require "cjson"
 local use_redis			= {% if USE_REDIS == "yes" %}true{% else %}false{% endif +%}
 local use_proxies		= {% if has_value("BLOCK_PROXIES", "yes") %}true{% else %}false{% endif +%}
 local use_abusers		= {% if has_value("BLOCK_ABUSERS", "yes") %}true{% else %}false{% endif +%}
 local use_tor_exit_nodes	= {% if has_value("BLOCK_TOR_EXIT_NODE", "yes") %}true{% else %}false{% endif +%}
 local use_user_agents		= {% if has_value("BLOCK_USER_AGENT", "yes") %}true{% else %}false{% endif +%}
 local use_referrers		= {% if has_value("BLOCK_REFERRER", "yes") %}true{% else %}false{% endif +%}
-if use_proxies then
+if not use_redis then
-	dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data)
+	if use_proxies then
-end
+		dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data)
 	end
-if use_abusers then
+	if use_abusers then
-	dataloader.load_ip("/etc/nginx/abusers.list", ngx.shared.abusers_data)
+		dataloader.load_ip("/etc/nginx/abusers.list", ngx.shared.abusers_data)
-end
+	end
-if use_tor_exit_nodes then
+	if use_tor_exit_nodes then
-	dataloader.load_ip("/etc/nginx/tor-exit-nodes.list", ngx.shared.tor_exit_nodes_data)
+		dataloader.load_ip("/etc/nginx/tor-exit-nodes.list", ngx.shared.tor_exit_nodes_data)
-end
+	end
-if use_user_agents then
+	if use_user_agents then
-	dataloader.load_raw("/etc/nginx/user-agents.list", ngx.shared.user_agents_data)
+		dataloader.load_raw("/etc/nginx/user-agents.list", ngx.shared.user_agents_data)
-end
+	end
-if use_referrers then
+	if use_referrers then
-	dataloader.load_raw("/etc/nginx/referrers.list", ngx.shared.referrers_data)
+		dataloader.load_raw("/etc/nginx/referrers.list", ngx.shared.referrers_data)
 	end
 end
 -- Load plugins
--- a/confs/global/nginx.conf
+++ b/confs/global/nginx.conf
@ -6,13 +6,9 @@ load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
 #load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
 # run in foreground
 # daemon off;
 # PID file
 pid /tmp/nginx.pid;
--- a/confs/site/main-lua.conf
+++ b/confs/site/main-lua.conf
@ -15,6 +15,10 @@ end
 -- let's encrypt
 local use_lets_encrypt		= {% if AUTO_LETS_ENCRYPT == "yes" %}true{% else %}false{% endif +%}
 -- redis
 local use_redis			= {% if USE_REDIS == "yes" %}true{% else %}false{% endif +%}
 local redis_host		= "{{ REDIS_HOST }}"
 -- external blacklists
 local use_user_agents		= {% if BLOCK_USER_AGENT == "yes" %}true{% else %}false{% endif +%}
 local use_proxies		= {% if BLOCK_PROXIES == "yes" %}true{% else %}false{% endif +%}
@ -64,6 +68,7 @@ local recaptcha			= require "recaptcha"
 local iputils			= require "resty.iputils"
 local behavior			= require "behavior"
 local logger			= require "logger"
 local redis			= require "resty.redis"
 -- user variables
 local antibot_uri		= "{{ ANTIBOT_URI }}"
@ -139,6 +144,17 @@ if use_bad_behavior and behavior.is_banned() then
 	ngx.exit(ngx.HTTP_FORBIDDEN)
 end
 -- our redis client
 local redis_client = nil
 if use_redis then
 	redis_client = redis:new()
 	local ok, err = redis_client:connect(redis_host, 6379)
 	if not ok then
 		redis_client = nil
 		logger.log(ngx.ERR, "REDIS", "Can't connect to the Redis service " .. redis_host)
 	end
 end
 -- check if IP is in proxies list
 if use_proxies then
 	local value, flags = ngx.shared.proxies_data:get(iputils.ip2bin(ngx.var.remote_addr))
--- a/entrypoint/certbot.sh
+++ b/entrypoint/certbot.sh
@ -1,28 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 if [ "$MULTISITE" != "yes" ] && [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
 	first_server_name=$(echo "$SERVER_NAME" | cut -d " " -f 1)
 	domains_lets_encrypt=$(echo "$SERVER_NAME" | sed "s/ /,/g")
 	EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$first_server_name}"
 	if [ ! -f /etc/letsencrypt/live/${first_server_name}/fullchain.pem ] ; then
 		echo "[*] Performing Let's Encrypt challenge for $domains_lets_encrypt ..."
 		/opt/bunkerized-nginx/scripts/certbot-new.sh "$domains_lets_encrypt" "$EMAIL_LETS_ENCRYPT"
 	fi
 elif [ "$MULTISITE" = "yes" ] ; then
 	servers=$(find /etc/nginx -name "site.env" | cut -d '/' -f 4)
 	for server in $servers ; do
 		lets_encrypt=$(grep "^AUTO_LETS_ENCRYPT=yes$" /etc/nginx/${server}/site.env)
 		if [ "$lets_encrypt" != "" ] && [ ! -f /etc/letsencrypt/live/${server}/fullchain.pem ] ; then
 			server_name=$(grep "^SERVER_NAME=.*$" /etc/nginx/${server}/site.env | sed "s/SERVER_NAME=//" | sed "s/ /,/g")
 			echo "[*] Performing Let's Encrypt challenge for $server_name ..."
 			EMAIL_LETS_ENCRYPT=$(grep "^EMAIL_LETS_ENCRYPT=.*$" /etc/nginx/${server}/site.env | sed "s/EMAIL_LETS_ENCRYPT=//")
 			if [ "$EMAIL_LETS_ENCRYPT" = "" ] ; then
 				EMAIL_LETS_ENCRYPT="contact@${server}"
 			fi
 			/opt/bunkerized-nginx/scripts/certbot-new.sh "$domains" "EMAIL_LETS_ENCRYPT"
 		fi
 	done
 fi
--- a/entrypoint/entrypoint.sh
+++ b/entrypoint/entrypoint.sh
@ -16,16 +16,13 @@ trap "trap_exit" TERM INT QUIT
 function trap_reload() {
 	echo "[*] Catched reload operation"
 	if [ "$SWARM_MODE" != "yes" ] ; then
-		/opt/bunkerized-nginx/entrypoint/pre-jobs.sh
+		/opt/bunkerized-nginx/entrypoint/jobs.sh
 	fi
 	if [ -f /tmp/nginx.pid ] ; then
 		echo "[*] Reloading nginx ..."
 		nginx -s reload
 		if [ $? -eq 0 ] ; then
 			echo "[*] Reload successfull"
 			if [ "$SWARM_MODE" != "yes" ] ; then
 				/opt/bunkerized-nginx/entrypoint/post-jobs.sh
 			fi
 		else
 			echo "[!] Reload failed"
 		fi
@ -61,7 +58,7 @@ if [ ! -f "/etc/nginx/global.env" ] ; then
 		# call the generator
 		/opt/bunkerized-nginx/gen/main.py --settings /opt/bunkerized-nginx/settings.json --templates /opt/bunkerized-nginx/confs --output /etc/nginx --variables /tmp/variables.env
-		# jobs
+		# call jobs
 		/opt/bunkerized-nginx/entrypoint/jobs.sh
 	fi
 else
--- a/entrypoint/jobs.sh
+++ b/entrypoint/jobs.sh
@ -58,7 +58,7 @@ if [ "$files" != "" ] ; then
 		if [ "$EMAIL_LETS_ENCRYPT" = "" ] ; then
 			EMAIL_LETS_ENCRYPT="contact@${FIRST_SERVER}"
 		fi
-		certbot_output=$(/opt/bunkerized-nginx/scripts/certbot-new.sh "$(echo -n $SERVER_NAME | sed 's/ /,/g')" "$EMAIL_LETS_ENCRYPT" 2>&1)
+		/opt/bunkerized-nginx/jobs/main.py --name certbot-new --domain "$(echo -n $SERVER_NAME | sed 's/ /,/g')" --email "$EMAIL_LETS_ENCRYPT"
 		if [ $? -eq 0 ] ; then
 			echo "[*] Certbot new successfully executed for domain(s) $(echo -n $SERVER_NAME | sed 's/ /,/g')"
 		else
@ -70,11 +70,30 @@ fi
 # GeoIP
 if [ "$(has_value BLACKLIST_COUNTRY ".\+")" != "" ] || [ "$(has_value WHITELIST_COUNTRY ".\+")" != "" ] ; then
-	if [ -f "/opt/bunkerized-nginx/cache/geoip.mmdb" ] ; then
+	/opt/bunkerized-nginx/jobs/main.py --name geoip
-		echo "[*] Copying cached geoip.mmdb ..."
+fi
-		cp /opt/bunkerized-nginx/cache/geoip.mmdb /etc/nginx/geoip.mmdb
+
-	elif [ "$(ps aux | grep "geoip\.sh")" = "" ] ; then
+# User-Agents
-		echo "[*] Downloading GeoIP database ..."
+if [ "$(has_value BLOCK_USER_AGENT yes)" != "" ] ; then
-		/opt/bunkerized-nginx/scripts/geoip.sh > /dev/null 2>&1
+	/opt/bunkerized-nginx/jobs/main.py --name user-agents
-	fi
+fi
 # Referrers
 if [ "$(has_value BLOCK_REFERRER yes)" != "" ] ; then
 	/opt/bunkerized-nginx/jobs/main.py --name referrers
 fi
 # exit nodes
 if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] ; then
 	/opt/bunkerized-nginx/jobs/main.py --name exit-nodes
 fi
 # proxies
 if [ "$(has_value BLOCK_PROXIES yes)" != "" ] ; then
 	/opt/bunkerized-nginx/jobs/main.py --name proxies
 fi
 # abusers
 if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
 	/opt/bunkerized-nginx/jobs/main.py --name abusers
 fi
--- a/entrypoint/post-jobs.sh
+++ b/entrypoint/post-jobs.sh
@ -1,59 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 # User-Agents
 if [ "$(has_value BLOCK_USER_AGENT yes)" != "" ] ; then
 	if [ -f "/cache/user-agents.list" ] && [ "$(wc -l /cache/user-agents.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached user-agents.list ..."
 		cp /opt/bunkerized-nginx/cache/user-agents.list /etc/nginx/user-agents.list
 	elif [ "$(ps aux | grep "user-agents\.sh")" = "" ] ; then
 		echo "[*] Downloading bad user-agent list (in background) ..."
 		/opt/bunkerized-nginx/scripts/user-agents.sh > /dev/null 2>&1 &
 	fi
 fi
 # Referrers
 if [ "$(has_value BLOCK_REFERRER yes)" != "" ] ; then
 	if [ -f "/cache/referrers.list" ] && [ "$(wc -l /cache/referrers.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached referrers.list ..."
 		cp /opt/bunkerized-nginx/cache/referrers.list /etc/nginx/referrers.list
 	elif [ "$(ps aux | grep "referrers\.sh")" = "" ] ; then
 		echo "[*] Downloading bad referrer list (in background) ..."
 		/opt/bunkerized-nginx/scripts/referrers.sh > /dev/null 2>&1 &
 	fi
 fi
 # exit nodes
 if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] ; then
 	if [ -f "/cache/tor-exit-nodes.list" ] && [ "$(wc -l /cache/tor-exit-nodes.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached tor-exit-nodes.list ..."
 		cp /opt/bunkerized-nginx/cache/tor-exit-nodes.list /etc/nginx/tor-exit-nodes.list
 	elif [ "$(ps aux | grep "exit-nodes\.sh")" = "" ] ; then
 		echo "[*] Downloading tor exit nodes list (in background) ..."
 		/opt/bunkerized-nginx/scripts/exit-nodes.sh > /dev/null 2>&1 &
 	fi
 fi
 # proxies
 if [ "$(has_value BLOCK_PROXIES yes)" != "" ] ; then
 	if [ -f "/cache/proxies.list" ] && [ "$(wc -l /cache/proxies.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached proxies.list ..."
 		cp /opt/bunkerized-nginx/cache/proxies.list /etc/nginx/proxies.list
 	elif [ "$(ps aux | grep "proxies\.sh")" = "" ] ; then
 		echo "[*] Downloading proxies list (in background) ..."
 		/opt/bunkerized-nginx/scripts/proxies.sh > /dev/null 2>&1 &
 	fi
 fi
 # abusers
 if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
 	if [ -f "/cache/abusers.list" ] && [ "$(wc -l /cache/abusers.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached abusers.list ..."
 		cp /opt/bunkerized-nginx/cache/abusers.list /etc/nginx/abusers.list
 	elif [ "$(ps aux | grep "abusers\.sh")" = "" ] ; then
 		echo "[*] Downloading abusers list (in background) ..."
 		/opt/bunkerized-nginx/scripts/abusers.sh > /dev/null 2>&1 &
 	fi
 fi
--- a/entrypoint/pre-jobs.sh
+++ b/entrypoint/pre-jobs.sh
@ -1,80 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 # self signed certs for sites
 files=$(has_value GENERATE_SELF_SIGNED_SSL yes)
 if [ "$files" != "" ] ; then
 	for file in $files ; do
 		site=$(echo $file | cut -f 4 -d '/')
 		dest="/etc/nginx/"
 		if [ "$site" != "site.env" ] ; then
 			dest="${dest}/${site}/"
 		fi
 		SELF_SIGNED_SSL_EXPIRY="$(sed -nE 's/^SELF_SIGNED_SSL_EXPIRY=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_COUNTRY="$(sed -nE 's/^SELF_SIGNED_SSL_COUNTRY=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_STATE="$(sed -nE 's/^SELF_SIGNED_SSL_STATE=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_CITY="$(sed -nE 's/^SELF_SIGNED_SSL_CITY=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_ORG="$(sed -nE 's/^SELF_SIGNED_SSL_ORG=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_OU="$(sed -nE 's/^SELF_SIGNED_SSL_OU=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_CN="$(sed -nE 's/^SELF_SIGNED_SSL_CN=(.*)$/\1/p' $file)"
 		openssl_output=$(openssl req -nodes -x509 -newkey rsa:4096 -keyout ${dest}self-key.pem -out ${dest}self-cert.pem -days "$SELF_SIGNED_SSL_EXPIRY" -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN" 2>&1)
 		if [ $? -eq 0 ] ; then
 			echo "[*] Generated self-signed certificate ${dest}self-cert.pem with key ${dest}self-key.pem"
 		else
 			echo "[!] Error while generating self-signed certificate : $openssl_output"
 		fi
 	done
 fi
 # self signed cert for default server
 if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$(has_value GENERATE_SELF_SIGNED_SSL yes)" != "" ] || [ "$(has_value USE_CUSTOM_HTTPS yes)" != "" ] ; then
 	SELF_SIGNED_SSL_EXPIRY="999"
 	SELF_SIGNED_SSL_COUNTRY="US"
 	SELF_SIGNED_SSL_STATE="Utah"
 	SELF_SIGNED_SSL_CITY="Lehi"
 	SELF_SIGNED_SSL_ORG="Your Company, Inc."
 	SELF_SIGNED_SSL_OU="IT"
 	SELF_SIGNED_SSL_CN="www.yourdomain.com"
 	openssl_output=$(openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/default-key.pem -out /etc/nginx/default-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN" 2>&1)
 	if [ $? -eq 0 ] ; then
 		echo "[*] Generated self-signed certificate for default server"
 	else
 		echo "[!] Error while generating self-signed certificate for default server : $openssl_output"
 	fi
 fi
 # certbot
 files=$(has_value AUTO_LETS_ENCRYPT yes)
 if [ "$files" != "" ] ; then
 	for file in $files ; do
 		if [ "$(echo "$file" | grep 'site.env$')" = "" ] ; then
 			continue
 		fi
 		SERVER_NAME="$(sed -nE 's/^SERVER_NAME=(.*)$/\1/p' $file)"
 		FIRST_SERVER="$(echo $SERVER_NAME | cut -d ' ' -f 1)"
 		EMAIL_LETS_ENCRYPT="$(sed -nE 's/^EMAIL_LETS_ENCRYPT=(.*)$/\1/p' $file)"
 		if [ "$EMAIL_LETS_ENCRYPT" = "" ] ; then
 			EMAIL_LETS_ENCRYPT="contact@${FIRST_SERVER}"
 		fi
 		certbot_output=$(/opt/bunkerized-nginx/scripts/certbot-new.sh "$(echo -n $SERVER_NAME | sed 's/ /,/g')" "$EMAIL_LETS_ENCRYPT" 2>&1)
 		if [ $? -eq 0 ] ; then
 			echo "[*] Certbot new successfully executed for domain(s) $(echo -n $SERVER_NAME | sed 's/ /,/g')"
 		else
 			echo "[*] Error while executing certbot new : $certbot_output"
 		fi
 	done
 fi
 # GeoIP
 if [ "$(has_value BLACKLIST_COUNTRY ".\+")" != "" ] || [ "$(has_value WHITELIST_COUNTRY ".\+")" != "" ] ; then
 	if [ -f "/opt/bunkerized-nginx/cache/geoip.mmdb" ] ; then
 		echo "[*] Copying cached geoip.mmdb ..."
 		cp /opt/bunkerized-nginx/cache/geoip.mmdb /etc/nginx/geoip.mmdb
 	elif [ "$(ps aux | grep "geoip\.sh")" = "" ] ; then
 		echo "[*] Downloading GeoIP database ..."
 		/opt/bunkerized-nginx/scripts/geoip.sh > /dev/null 2>&1
 	fi
 fi
--- a/examples/swarm-redis/1-config.yml
+++ b/examples/swarm-redis/1-config.yml
@ -0,0 +1,38 @@
 version: '3.8'
 services:
  autoconf:
    image: bunkerity/bunkerized-nginx-autoconf
    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /shared/confs:/etc/nginx
      - /shared/letsencrypt:/etc/letsencrypt
      - /shared/acme-challenge:/acme-challenge
      - /shared/cache:/cache
    environment:
      - SWARM_MODE=yes
      - API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx
    networks:
      - net_config
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.role==manager"
  redis:
    image: redis:alpine
    networks:
      - net_config
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.role==worker"
 networks:
  net_config:
    external: true
--- a/examples/swarm-redis/2-nginx.yml
+++ b/examples/swarm-redis/2-nginx.yml
@ -0,0 +1,51 @@
 version: '3.8'
 services:
  nginx:
    image: bunkerity/bunkerized-nginx
    ports:
      - published: 80
        target: 8080
        mode: host
        protocol: tcp
      - published: 443
        target: 8443
        mode: host
        protocol: tcp
    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    volumes:
      - /shared/confs:/etc/nginx:ro
      - /shared/letsencrypt:/etc/letsencrypt:ro
      - /shared/acme-challenge:/acme-challenge:ro
      - /shared/www:/www:ro
      - /shared/cache:/cache:ro
    environment:
      - SWARM_MODE=yes
      - USE_API=yes
      - API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from autoconf
      - MULTISITE=yes
      - SERVER_NAME=
      - AUTO_LETS_ENCRYPT=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_REDIS=yes
      - REDIS_HOST=redis
    networks:
      - net_config
      - net_services
    deploy:
      mode: global
      placement:
        constraints:
          - "node.role==worker"
      labels:
        - "bunkerized-nginx.AUTOCONF"
 networks:
  net_config:
    external: true
  net_services:
    external: true
--- a/examples/swarm-redis/3-services.yml
+++ b/examples/swarm-redis/3-services.yml
@ -0,0 +1,42 @@
 version: '3.8'
 services:
  app1:
    image: php:fpm-alpine
    volumes:
      - /shared/www/app1.example.com:/www
    networks:
      - net_services
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.role==worker"
      labels:
        - "bunkerized-nginx.SERVER_NAME=app1.example.com"
        - "bunkerized-nginx.REMOTE_PHP=app1"
        - "bunkerized-nginx.REMOTE_PHP_PATH=/www"
  app2:
    image: phpmyadmin:apache
    environment:
      - PMA_ARBITRARY=1
      - PMA_ABSOLUTE_URI=https://app2.example.com
    networks:
      - net_services
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.role==worker"
      labels:
        - "bunkerized-nginx.SERVER_NAME=app2.example.com"
        - "bunkerized-nginx.USE_PROXY_CACHE=yes"
        - "bunkerized-nginx.USE_REVERSE_PROXY=yes"
        - "bunkerized-nginx.REVERSE_PROXY_URL=/"
        - "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2"
 networks:
  net_services:
    external: true
--- a/helpers/install.sh
+++ b/helpers/install.sh
@ -592,6 +592,12 @@ git_secure_clone https://github.com/hamishforbes/lua-resty-iputils.git 3151d6485
 echo "[*] Install lua-resty-iputils"
 CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-iputils" do_and_check_cmd make PREFIX=/opt/bunkerized-nginx/deps LUA_LIB_DIR=/opt/bunkerized-nginx/deps/lib/lua install
 # Download and install lua-resty-redis
 echo "[*] Clone openresty/lua-resty-redis"
 git_secure_clone https://github.com/openresty/lua-resty-redis.git 91585affcd9a8da65cb664a5b1e926dde428095a
 echo "[*] Install lua-resty-redis"
 CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-redis" do_and_check_cmd make PREFIX=/opt/bunkerized-nginx/deps LUA_LIB_DIR=/opt/bunkerized-nginx/deps/lib/lua install
 # Download nginx and decompress sources
 echo "[*] Download nginx-${NGINX_VERSION}.tar.gz"
 do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"
@ -659,21 +665,25 @@ elif [ "$OS" = "alpine" ] ; then
 fi
 # Clone the repo
-if [ "$OS" != "alpine" ] ; then
+if [ "$OS" != "alpine" ] && [ ! -d "/tmp/bunkerized-nginx-test" ] ; then
 	echo "[*] Clone bunkerity/bunkerized-nginx"
 	#CHANGE_DIR="/tmp" do_and_check_cmd git_secure_clone https://github.com/bunkerity/bunkerized-nginx.git 09a2a4f9e531b93684b0916a5146091a818501d3
 	# TODO : do a secure clone
 	CHANGE_DIR="/tmp" do_and_check_cmd git clone https://github.com/bunkerity/bunkerized-nginx.git
 	CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd git checkout dev
 # Docker build case : simply rename the sources
-else
+elif [ "$OS" == "alpine" ] ; then
 	do_and_check_cmd mv /tmp/bunkerized-nginx-docker /tmp/bunkerized-nginx
 # Tests case
 else
 	do_and_check_cmd mv /tmp/bunkerized-nginx-test /tmp/bunkerized-nginx
 fi
 # Install Python dependencies
 echo "[*] Install python dependencies"
 do_and_check_cmd pip3 install --upgrade pip
 do_and_check_cmd pip3 install -r /tmp/bunkerized-nginx/gen/requirements.txt
 do_and_check_cmd pip3 install -r /tmp/bunkerized-nginx/jobs/requirements.txt
 if [ "$OS" != "alpine" ] ; then
 	do_and_check_cmd pip3 install -r /tmp/bunkerized-nginx/ui/requirements.txt
 fi
@ -691,11 +701,7 @@ do_and_check_cmd cp -r /tmp/bunkerized-nginx/entrypoint /opt/bunkerized-nginx
 echo "[*] Copy configs"
 do_and_check_cmd cp -r /tmp/bunkerized-nginx/confs /opt/bunkerized-nginx
-# Copy scripts
+# Copy jobs
 echo "[*] Copy scripts"
 do_and_check_cmd cp -r /tmp/bunkerized-nginx/scripts /opt/bunkerized-nginx
 # Copy scripts
 echo "[*] Copy jobs"
 do_and_check_cmd cp -r /tmp/bunkerized-nginx/jobs /opt/bunkerized-nginx
@ -797,10 +803,10 @@ do_and_check_cmd find /opt/bunkerized-nginx -type f -exec chmod 0740 {} \;
 do_and_check_cmd find /opt/bunkerized-nginx -type d -exec chmod 0750 {} \;
 do_and_check_cmd chmod 770 /opt/bunkerized-nginx/cache
 do_and_check_cmd chmod 770 /opt/bunkerized-nginx/acme-challenge
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/scripts/*
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/entrypoint/*
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/gen/main.py
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/main.py
 do_and_check_cmd chmod 750 /opt/bunkerized-nginx/jobs/reload.py
 # Set permissions for /usr/local/bin/bunkerized-nginx
 do_and_check_cmd chown root:root /usr/local/bin/bunkerized-nginx
 do_and_check_cmd chmod 750 /usr/local/bin/bunkerized-nginx
--- a/jobs/CertbotNew.py
+++ b/jobs/CertbotNew.py
@ -1,6 +1,6 @@
 from Job import Job
-class CertbotRenew(Job) :
+class CertbotNew(Job) :
 	def __init__(self, redis_host=None, copy_cache=False, domain="", email="") :
 		name = "certbot-new"
--- a/jobs/GeoIP.py
+++ b/jobs/GeoIP.py
@ -15,7 +15,7 @@ class GeoIP(Job) :
 		super().run()
 		count = 0
 		with gzip.open("/etc/nginx/geoip.mmdb.gz", "rb") as f :
-			with open("/tmp/geoip.mmdb", "w") as f2
+			with open("/tmp/geoip.mmdb", "w") as f2 :
 				while True :
 					chunk = f.read(8192)
 					if not chunk :
--- a/jobs/Job.py
+++ b/jobs/Job.py
@ -1,4 +1,4 @@
-import abc, requests, redis, os, datetime, traceback
+import abc, requests, redis, os, datetime, traceback, re, shutil
 class Job(abc.ABC) :
@ -41,7 +41,7 @@ class Job(abc.ABC) :
 		if self.__redis == None :
 			if os.path.isfile("/tmp/" + self.__filename) :
 				os.remove("/tmp/" + self.__filename)
-			file = open("/tmp/" + self.__filename, "a")
+			file = open("/tmp/" + self.__filename, "ab")
 		elif self.__redis != None :
 			pipe = self.__redis.pipeline()
@ -50,7 +50,7 @@ class Job(abc.ABC) :
 		for url in self.__data :
 			data = self.__download_data(url)
 			for chunk in data :
-				if self.__type == "line" and not re.match(self.__regex, chunk) :
+				if self.__type == "line" and not re.match(self.__regex, chunk.decode("utf-8")) :
 					continue
 				count += 1
 				if self.__redis == None :
@ -67,7 +67,7 @@ class Job(abc.ABC) :
 			os.remove("/tmp/" + self.__filename)
 		elif self.__redis != None and count > 0 :
-			self.__redis.del(self.__redis.keys(self.__name + "_*"))
+			self.__redis.delete(self.__redis.keys(self.__name + "_*"))
 			pipe.execute()
 	def __download_data(self, url) :
@ -95,7 +95,7 @@ class Job(abc.ABC) :
 		if self.__redis == None or self.__type == "file" :
 			shutil.copyfile("/opt/bunkerized-nginx/cache/" + self.__filename, "/etc/nginx/" + self.__filename)
 		elif self.__redis != None and self.__type == "line" :
-			self.__redis.del(self.__redis.keys(self.__name + "_*"))
+			self.__redis.delete(self.__redis.keys(self.__name + "_*"))
 			with open("/opt/bunkerized-nginx/cache/" + self.__filename) as f :
 				pipe = self.__redis.pipeline()
 				while True :
--- a/jobs/Proxies.py
+++ b/jobs/Proxies.py
@ -8,4 +8,4 @@ class Proxies(Job) :
 		filename = "proxies.list"
 		type = "line"
 		regex = r"^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$"
-		super().__init__(name, data, filename, redis_host=redis_host, type=type, regex=regex; copy_cache=copy_cache)
+		super().__init__(name, data, filename, redis_host=redis_host, type=type, regex=regex, copy_cache=copy_cache)
--- a/jobs/main.py
+++ b/jobs/main.py
@ -1,9 +1,13 @@
 #!/usr/bin/python3
 import argparse, sys
 sys.path.append("/opt/bunkerized-nginx/jobs")
 import Abusers, CertbotNew, CertbotRenew, ExitNodes, GeoIP, Proxies, Referrers, SelfSignedCert, UserAgents
 from reload import reload
 JOBS = {
 	"abusers": Abusers.Abusers,
 	"certbot-new": CertbotNew.CertbotNew,
@ -33,10 +37,12 @@ if __name__ == "__main__" :
 	# Check job name
 	if not args.name in JOBS :
-		print("[!] unknown job " + args.job)
+		print("[!] unknown job " + args.name)
 		sys.exit(1)
 	job = args.name
 	# Run job
 	print("[*] Executing job " + job)
 	ret = 0
 	if job == "certbot-new" :
 		instance = JOBS[job](redis_host=args.redis, copy_cache=args.cache, domain=args.domain, email=args.email)
@ -45,9 +51,18 @@ if __name__ == "__main__" :
 	else :
 		instance = JOBS[job](redis_host=args.redis, copy_cache=args.cache)
 	if not instance.run() :
-		print("[!] error while running job " + job)
+		print("[!] Error while running job " + job)
 		sys.exit(1)
-	print("[*] job " + job + " successfully executed")
+	print("[*] Job " + job + " successfully executed")
 	sys.exit(0)
-	# TODO : reload
+	# Reload
 	# TODO : only reload if needed
 	do_reload = True
 	if do_reload :
 		if not reload() :
 			print("[!] Error while doing reload operation")
 			sys.exit(1)
 		print("[*] Reload operation successfully executed")
 	# Done
 	sys.exit(0)
--- a/jobs/reload.py
+++ b/jobs/reload.py
@ -1,27 +1,41 @@
-import docker, subprocess, os, stat, sys
+import docker, subprocess, os, stat, sys, traceback
-if __name__ == "__main__" :
+def reload() :
 	# Linux or single Docker use case
-	if os.path.isfile("/usr/sbin/nginx") :
+	if os.path.isfile("/usr/sbin/nginx") and os.path.isfile("/tmp/nginx.pid") :
 		proc = subprocess.run(["/usr/sbin/nginx", "-s", "reload"], capture_output=True)
 		if proc.returncode != 0 :
-			print("[!] can't reload nginx (status code = " + str(proc.returncode) + ")"
+			print("[!] Can't reload nginx (status code = " + str(proc.returncode) + ")")
 			if len(proc.stdout.decode("ascii")) > 1 :
 				print(proc.stdout.decode("ascii"))
 			if len(proc.stderr.decode("ascii")) > 1 :
 				print(proc.stderr.decode("ascii"))
-			sys.exit(1)
+			return False
 		return True
 	# Autoconf case (Docker, Swarm and Ingress)
-	mode = os.stat("/tmp/autoconf.sock")
+	if os.path.exists("/tmp/autoconf.sock") and stat.S_ISSOCK(os.stat("/tmp/autoconf.sock")) :
 	elif stat.S_ISSOCK(mode) :
 		client = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 		client.connect("/tmp/autoconf.sock")
 		client.send("reload".encode("utf-8"))
 		data = client.recv(512)
 		client.close()
-        if not data or data.decode("utf-8") != "ok" :
+		if not data or data.decode("utf-8") != "ok" :
-                sys.exit(2)
+			print("[!] Can't reload nginx (data not ok)")
 			return False
 		return True
-	sys.exit(0)
+	return False
 if __name__ == "__main__" :
 	try :
 		print("[*] Starting reload operation ...")
 		if not reload() :
 			sys.exit(1)
 		print("[*] Reload operation successfully executed")
 		sys.exit(0)
 	except :
 		print("[!] Can't reload nginx (exception)")
 		print(traceback.format_exc())
 		sys.exit(2)
--- a/jobs/requirements.txt
+++ b/jobs/requirements.txt
@ -1,2 +1,3 @@
 requests
 redis
 docker
--- a/misc/cron
+++ b/misc/cron
@ -1,7 +1,7 @@
-15 0 * * * /opt/bunkerized-nginx/scripts/certbot-renew.sh > /dev/null 2>&1
+15 0 * * * /opt/bunkerized-nginx/jobs/main.py --name certbot-renew >> /var/log/nginx/jobs.log 2>&1
-30 0 * * * /opt/bunkerized-nginx/scripts/user-agents.sh > /dev/null 2>&1
+30 0 * * * /opt/bunkerized-nginx/jobs/main.py --name user-agents >> /var/log/nginx/jobs.log 2>&1
-45 0 * * * /opt/bunkerized-nginx/scripts/referrers.sh > /dev/null 2>&1
+45 0 * * * /opt/bunkerized-nginx/jobs/main.py --name referrers >> /var/log/nginx/jobs.log 2>&1
-0 1 * * * /opt/bunkerized-nginx/scripts/abusers.sh > /dev/null 2>&1
+0 1 * * * /opt/bunkerized-nginx/jobs/main.py --name abusers >> /var/log/nginx/jobs.log 2>&1
-0 2 * * * /opt/bunkerized-nginx/scripts/proxies.sh > /dev/null 2>&1
+0 2 * * * /opt/bunkerized-nginx/jobs/main.py --name proxies >> /var/log/nginx/jobs.log 2>&1
-0 */1 * * * /opt/bunkerized-nginx/scripts/exit-nodes.sh > /dev/null 2>&1
+0 */1 * * * /opt/bunkerized-nginx/jobs/main.py --name exit-nodes >> /var/log/nginx/jobs.log 2>&1
-0 3 2 * * /opt/bunkerized-nginx/scripts/geoip.sh > /dev/null 2>&1
+0 3 2 * * /opt/bunkerized-nginx/jobs/main.py --name geoip >> /var/log/nginx/jobs.log 2>&1
--- a/scripts/abusers.sh
+++ b/scripts/abusers.sh
@ -1,55 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
 if [ "$(has_value BLOCK_ABUSERS yes)" = "" ] ; then
 	exit 0
 fi
 # copy old conf to cache
 cp /etc/nginx/abusers.list /tmp/abusers.list.bak
 # generate the new conf
 curl -s "https://iplists.firehol.org/files/firehol_abusers_30d.netset" | \
 	grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$" > /tmp/abusers.list
 # if we are running nginx
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
 elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 # check if we have at least 1 line
 lines="$(wc -l /tmp/abusers.list | cut -d ' ' -f 1)"
 if [ "$lines" -gt 1 ] ; then
 	job_log "[BLACKLIST] abusers list updated ($lines entries)"
 	# reload nginx with the new config
 	cp /tmp/abusers.list /etc/nginx/abusers.list
 	if [ "$RELOAD" != "" ] ; then
 		$RELOAD > /dev/null 2>&1
 		# new config is ok : save it in the cache
 		if [ "$?" -eq 0 ] ; then
 			cp /tmp/abusers.list /opt/bunkerized-nginx/cache
 			job_log "[NGINX] successfull nginx reload after abusers list update"
 		else
 			job_log "[NGINX] failed nginx reload after abusers list update fallback to old list"
 			#cp /tmp/abusers.list.bak /etc/nginx
 			$RELOAD > /dev/null 2>&1
 		fi
 	else
 		cp /tmp/abusers.list /opt/bunkerized-nginx/cache
 	fi
 else
 	job_log "[BLACKLIST] can't update abusers list"
 fi
 rm -f /tmp/abusers.list 2> /dev/null
 rm -f /tmp/abusers.list.bak 2> /dev/null
--- a/scripts/certbot-new.sh
+++ b/scripts/certbot-new.sh
@ -1,9 +0,0 @@
 #!/bin/bash
 # generate certificate
 certbot certonly --webroot -w /opt/bunkerized-nginx/acme-challenge -n -d "$1" --email "$2" --agree-tos
 if [ "$?" -ne 0 ] ; then
 	exit 1
 fi
 exit 0
--- a/scripts/certbot-renew-hook.sh
+++ b/scripts/certbot-renew-hook.sh
@ -1,24 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 job_log "[CERTBOT] certificates have been renewed"
 # if we are running nginx
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
 elif [ -S /tmp/autoconf.sock ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 # reload nginx
 if [ "$RELOAD" != "" ] ; then
 	$RELOAD > /dev/null 2>&1
 	if [ "$?" -eq 0 ] ; then
 		job_log "[NGINX] successfull nginx reload after certbot renew"
 	else
 		job_log "[NGINX] failed nginx reload after certbot renew"
 	fi
 fi
--- a/scripts/certbot-renew.sh
+++ b/scripts/certbot-renew.sh
@ -1,21 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
 if [ "$(has_value AUTO_LETS_ENCRYPT yes)" = "" ] ; then
 	exit 0
 fi
 # ask new certificates if needed
 certbot renew --deploy-hook /opt/bunkerized-nginx/scripts/certbot-renew-hook.sh
 if [ "$?" -eq 0 ] ; then
 	job_log "[CERTBOT] renew operation done"
 else
 	job_log "[CERTBOT] renew operation failed"
 fi
--- a/scripts/exit-nodes.sh
+++ b/scripts/exit-nodes.sh
@ -1,54 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
 if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" = "" ] ; then
 	exit 0
 fi
 # copy old conf to cache
 cp /etc/nginx/tor-exit-nodes.list /tmp/tor-exit-nodes.list.bak
 # generate the new conf
 curl -s "https://iplists.firehol.org/files/tor_exits.ipset" | \
 	grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$" > /tmp/tor-exit-nodes.list
 # if we are running nginx
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
 elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 # check if we have at least 1 line
 lines="$(wc -l /tmp/tor-exit-nodes.list | cut -d ' ' -f 1)"
 if [ "$lines" -gt 1 ] ; then
 	job_log "[BLACKLIST] TOR exit node list updated ($lines entries)"
 	# reload nginx with the new config
 	cp /tmp/tor-exit-nodes.list /etc/nginx/tor-exit-nodes.list
 	if [ "$RELOAD" != "" ] ; then
 		$RELOAD > /dev/null 2>&1
 		# new config is ok : save it in the cache
 		if [ "$?" -eq 0 ] ; then
 			cp /tmp/tor-exit-nodes.list /opt/bunkerized-nginx/cache
 			job_log "[NGINX] successfull nginx reload after TOR exit node list update"
 		else
 			job_log "[NGINX] failed nginx reload after TOR exit node list update fallback to old list"
 			#cp /tmp/tor-exit-nodes.list.bak /etc/nginx/tor-exit-nodes.list
 			$RELOAD > /dev/null 2>&1
 		fi
 	else
 		cp /tmp/tor-exit-nodes.list /opt/bunkerized-nginx/cache
 	fi
 else
 	job_log "[BLACKLIST] can't update TOR exit node list"
 fi
 rm -f /tmp/tor-exit-nodes.list 2> /dev/null
 rm -f /tmp/tor-exit-nodes.list.bak 2> /dev/null
--- a/scripts/geoip.sh
+++ b/scripts/geoip.sh
@ -1,51 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
 if [ "$(has_value BLACKLIST_COUNTRY ".\+")" = "" ] && [ "$(has_value WHITELIST_COUNTRY ".\+")" = "" ] ; then
 	exit 0
 fi
 # if we are running nginx
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
 elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 # MMDB from https://db-ip.com/db/download/ip-to-country-lite
 URL="https://download.db-ip.com/free/dbip-country-lite-$(date +%Y-%m).mmdb.gz"
 wget -O /tmp/geoip.mmdb.gz "$URL" > /dev/null 2>&1
 if [ "$?" -eq 0 ] && [ -f /tmp/geoip.mmdb.gz ] ; then
 	gunzip -f /tmp/geoip.mmdb.gz > /dev/null 2>&1
 	if [ "$?" -ne 0 ] ; then
 		job_log "[GEOIP] can't extract DB from $URL"
 		exit 1
 	fi
 	mv /tmp/geoip.mmdb /etc/nginx
 	if [ "$RELOAD" != "" ] ; then
 		$RELOAD > /dev/null 2>&1
 		if [ "$?" -eq 0 ] ; then
 			cp /etc/nginx/geoip.mmdb /opt/bunkerized-nginx/cache
 			job_log "[NGINX] successfull nginx reload after GeoIP DB update"
 		else
 			job_log "[NGINX] failed nginx reload after GeoIP DB update"
 			if [ -f /opt/bunkerized-nginx/cache/geoip.mmdb ] ; then
 				cp /opt/bunkerized-nginx/cache/geoip.mmdb /etc/nginx/geoip.mmdb
 				$RELOAD > /dev/null 2>&1
 			fi
 		fi
 	else
 		cp /etc/nginx/geoip.mmdb /opt/bunkerized-nginx/cache
 	fi
 else
 	job_log "[GEOIP] can't download DB from $URL"
 fi
 rm -f /tmp/geoip* 2> /dev/null
--- a/scripts/proxies.sh
+++ b/scripts/proxies.sh
@ -1,55 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
 if [ "$(has_value BLOCK_PROXIES yes)" = "" ] ; then
 	exit 0
 fi
 # copy old conf to cache
 cp /etc/nginx/proxies.list /tmp/proxies.list.bak
 # generate the new conf
 curl -s "https://iplists.firehol.org/files/firehol_proxies.netset" | \
 	grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$" > /tmp/proxies.list
 # if we are running nginx
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
 elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 # check if we have at least 1 line
 lines="$(wc -l /tmp/proxies.list | cut -d ' ' -f 1)"
 if [ "$lines" -gt 1 ] ; then
 	job_log "[BLACKLIST] proxies list updated ($lines entries)"
 	# reload nginx with the new config
 	cp /tmp/proxies.list /etc/nginx/proxies.list
 	if [ "$RELOAD" != "" ] ; then
 		$RELOAD > /dev/null 2>&1
 		# new config is ok : save it in the cache
 		if [ "$?" -eq 0 ] ; then
 			cp /tmp/proxies.list /opt/bunkerized-nginx/cache
 			job_log "[NGINX] successfull nginx reload after proxies list update"
 		else
 			job_log "[NGINX] failed nginx reload after proxies list update fallback to old list"
 			#cp /tmp/proxies.list.bak /etc/nginx
 			$RELOAD > /dev/null 2>&1
 		fi
 	else
 		cp /tmp/proxies.list /opt/bunkerized-nginx/cache
 	fi
 else
 	job_log "[BLACKLIST] can't update proxies list"
 fi
 rm -f /tmp/proxies.list 2> /dev/null
 rm -f /tmp/proxies.list.bak 2> /dev/null
--- a/scripts/referrers.sh
+++ b/scripts/referrers.sh
@ -1,57 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
 if [ "$(has_value BLOCK_REFERRER yes)" = "" ] ; then
 	exit 0
 fi
 # save old conf
 cp /etc/nginx/referrers.list /tmp/referrers.list.bak
 # generate new conf
 BLACKLIST="$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-referrers.list | sed 's:\.:%\.:g;s:\-:%\-:g')"
 if [ "$?" -ne 0 ] ; then
 	job_log "[BLACKLIST] can't update referrers list"
 	echo -n "" > /tmp/referrers.list
 else
 	echo -e "$BLACKLIST" > /tmp/referrers.list
 fi
 # if we are running nginx
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
 elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 # check number of lines
 lines="$(wc -l /tmp/referrers.list | cut -d ' ' -f 1)"
 if [ "$lines" -gt 1 ] ; then
 	cp /tmp/referrers.list /etc/nginx/referrers.list
 	job_log "[BLACKLIST] referrers list updated ($lines entries)"
 	if [ "$RELOAD" != "" ] ; then
 		$RELOAD > /dev/null 2>&1
 		if [ "$?" -eq 0 ] ; then
 			cp /tmp/referrers.list /opt/bunkerized-nginx/cache
 			job_log "[NGINX] successfull nginx reload after referrers list update"
 		else
 			#cp /tmp/referrers.list.bak /etc/nginx
 			job_log "[NGINX] failed nginx reload after referrers list update fallback to old list"
 			$RELOAD > /dev/null 2>&1
 		fi
 	else
 		cp /tmp/referrers.list /opt/bunkerized-nginx/cache
 	fi
 else
 	job_log "[BLACKLIST] can't update referrers list"
 fi
 rm -f /tmp/referrers.list 2> /dev/null
 rm -f /tmp/referrers.list.bak 2> /dev/null
--- a/scripts/user-agents.sh
+++ b/scripts/user-agents.sh
@ -1,57 +0,0 @@
 #!/bin/bash
 # load some functions
 . /opt/bunkerized-nginx/entrypoint/utils.sh
 if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
 if [ "$(has_value BLOCK_USER_AGENT yes)" = "" ] ; then
 	exit 0
 fi
 # save old conf
 cp /etc/nginx/user-agents.list /tmp/user-agents.list.bak
 # generate new conf
 BLACKLIST="$( (curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list ; curl -s https://raw.githubusercontent.com/JayBizzle/Crawler-Detect/master/raw/Crawlers.txt) | sort -u | sed 's:\\ : :g;s:\\\.:%\.:g;s:\\\\:\\:g;s:\\/:/:g;s:\-:%\-:g')"
 if [ "$?" -ne 0 ] ; then
 	job_log "[BLACKLIST] can't update user-agent list"
 	echo -n "" > /tmp/user-agents.list
 else
 	echo -e "$BLACKLIST" > /tmp/user-agents.list
 fi
 # if we are running nginx
 if [ -f /tmp/nginx.pid ] ; then
 	RELOAD="/usr/sbin/nginx -s reload"
 # if we are in autoconf
 elif [ -S /tmp/autoconf.sock ] && [ -f "/etc/nginx/autoconf" ] ; then
 	RELOAD="/opt/entrypoint/reload.py"
 fi
 # check number of lines
 lines="$(wc -l /tmp/user-agents.list | cut -d ' ' -f 1)"
 if [ "$lines" -gt 1 ] ; then
 	cp /tmp/user-agents.list /etc/nginx/user-agents.list
 	job_log "[BLACKLIST] user-agent list updated ($lines entries)"
 	if [ "$RELOAD" != "" ] ; then
 		$RELOAD > /dev/null 2>&1
 		if [ "$?" -eq 0 ] ; then
 			cp /tmp/user-agents.list /opt/bunkerized-nginx/cache
 			job_log "[NGINX] successfull nginx reload after user-agent list update"
 		else
 			#cp /tmp/user-agents.list.bak /etc/nginx
 			job_log "[NGINX] failed nginx reload after user-agent list update fallback to old list"
 			$RELOAD > /dev/null 2>&1
 		fi
 	else
 		cp /tmp/user-agents.list /opt/bunkerized-nginx/cache
 	fi
 else
 	job_log "[BLACKLIST] can't update user-agent list"
 fi
 rm -f /tmp/user-agents.list 2> /dev/null
 rm -f /tmp/user-agents.list.bak 2> /dev/null
--- a/settings.json
+++ b/settings.json
@ -1153,8 +1153,8 @@
            }
        ]
    },
-    "API": {
+    "Internal": {
-        "id": "api",
+        "id": "internal",
        "params": [
            {
                "context": "global",
@ -1191,6 +1191,24 @@
                "label": "Swarm mode",
                "regex": "^(yes|no)$",
                "type": "checkbox"
            },
            {
                "context": "global",
                "default": "no",
                "env": "USE_REDIS",
                "id": "use-redis",
                "label": "Use external redis when coupled with autoconf",
                "regex": "^(yes|no)$",
                "type": "checkbox"
            },
            {
                "context": "global",
                "default": "",
                "env": "REDIS_HOST",
                "id": "redis-host",
                "label": "Hostname/IP of the Redis service",
                "regex": "^[A-Za-z0-9\\-\\.\\_]+$",
                "type": "text"
            }
        ]
    },
--- a/tests/linux.sh
+++ b/tests/linux.sh
@ -19,7 +19,15 @@ docker cp helpers/install.sh "$id:/tmp"
 if [ $? -ne 0 ] ; then
 	echo "[!] docker cp failed"
 	cleanup "$id"
-	exit 4
+	exit 2
 fi
 echo "[*] Copy bunkerized-nginx"
 docker cp . "$id:/tmp/bunkerized-nginx-test"
 if [ $? -ne 0 ] ; then
 	echo "[!] docker cp failed"
 	cleanup "$id"
 	exit 3
 fi
 echo "[*] Exec install.sh"
@ -27,7 +35,7 @@ docker exec "$id" /bin/bash -c 'chmod +x /tmp/install.sh && /tmp/install.sh'
 if [ $? -ne 0 ] ; then
 	echo "[!] docker exec failed"
 	cleanup "$id"
-	exit 5
+	exit 4
 fi
 echo "[*] Exec nginx -V"
@ -35,7 +43,7 @@ docker exec "$id" nginx -V
 if [ $? -ne 0 ] ; then
 	echo "[!] docker exec failed"
 	cleanup "$id"
-	exit 6
+	exit 5
 fi
 echo "[*] Copy variables.env"
@ -43,7 +51,7 @@ docker cp "tests/variables.env" "$id:/opt/bunkerized-nginx"
 if [ $? -ne 0 ] ; then
 	echo "[!] docker cp failed"
 	cleanup "$id"
-	exit 7
+	exit 6
 fi
 echo "[*] Copy index.html"
@ -51,7 +59,7 @@ docker cp "tests/index.html" "$id:/opt/bunkerized-nginx/www"
 if [ $? -ne 0 ] ; then
 	echo "[!] docker cp failed"
 	cleanup "$id"
-	exit 8
+	exit 7
 fi
 echo "[*] Exec bunkerized-nginx"
@ -59,7 +67,7 @@ docker exec "$id" bunkerized-nginx
 if [ $? -ne 0 ] ; then
 	echo "[!] docker exec failed"
 	cleanup "$id"
-	exit 9
+	exit 8
 fi
 echo "[*] Exec curl"
@ -67,7 +75,7 @@ res="$(curl -s -H "User-Agent: LegitOne" http://localhost/)"
 if [ $? -ne 0 ] || [ "$res" != "ok" ] ; then
 	echo "[!] curl failed"
 	cleanup "$id"
-	exit 10
+	exit 9
 fi
 cleanup "$id"