From dc382c3e0481187d1d04edf8aa4cda7e4af4bbb8 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Wed, 30 Dec 2020 16:22:10 +0100 Subject: [PATCH] various fixes - autoconf process order, multisite config and examples --- autoconf/entrypoint.py | 17 +++++++++++++---- entrypoint/multisite-config.sh | 3 +++ examples/autoconf-php/docker-compose.yml | 2 ++ .../autoconf-reverse-proxy/docker-compose.yml | 4 ++++ .../reverse-proxy-websocket/docker-compose.yml | 2 +- fail2ban/nginx-jail.local | 1 + 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/autoconf/entrypoint.py b/autoconf/entrypoint.py index d314966..500bd66 100644 --- a/autoconf/entrypoint.py +++ b/autoconf/entrypoint.py @@ -72,11 +72,20 @@ try : except docker.errors.APIError as e : utils.log("[!] Docker API error " + str(e)) sys.exit(3) +# Process instances first +for instance in before : + if "bunkerized-nginx.AUTOCONF" in instance.labels : + if instance.status in ("restarting", "running", "created", "exited") : + process(instance, "create") + if instance.status == "running" : + process(instance, "start") +# Containers after for container in before : - if container.status in ("restarting", "running", "created", "exited") : - process(container, "create") - if container.status == "running" : - process(container, "start") + if "bunkerized-nginx.SERVER_NAME" in container.labels : + if container.status in ("restarting", "running", "created", "exited") : + process(container, "create") + if container.status == "running" : + process(container, "start") # Process events received from Docker try : diff --git a/entrypoint/multisite-config.sh b/entrypoint/multisite-config.sh index e377991..7313c89 100644 --- a/entrypoint/multisite-config.sh +++ b/entrypoint/multisite-config.sh @@ -14,6 +14,9 @@ find /etc/nginx -type d -exec chmod 750 {} \; if [ "$MULTISITE" = "yes" ] ; then servers=$(find /etc/nginx -name "server.conf" | cut -d '/' -f 4) for server in $servers ; do + if [ "$server" = "server.conf" ] ; then + continue + fi SERVER_PREFIX="/etc/nginx/${server}/" if grep "/etc/letsencrypt/live" ${SERVER_PREFIX}https.conf > /dev/null && [ ! -f /etc/letsencrypt/live/${server}/fullchain.pem ] ; then /opt/scripts/certbot-new.sh "$server" "$(cat ${SERVER_PREFIX}email-lets-encrypt.txt)" diff --git a/examples/autoconf-php/docker-compose.yml b/examples/autoconf-php/docker-compose.yml index a75fde9..3f07d3d 100644 --- a/examples/autoconf-php/docker-compose.yml +++ b/examples/autoconf-php/docker-compose.yml @@ -30,6 +30,8 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - autoconf:/etc/nginx + depends_on: + - mywww myapp1: image: php:fpm diff --git a/examples/autoconf-reverse-proxy/docker-compose.yml b/examples/autoconf-reverse-proxy/docker-compose.yml index b0e4086..27da89e 100644 --- a/examples/autoconf-reverse-proxy/docker-compose.yml +++ b/examples/autoconf-reverse-proxy/docker-compose.yml @@ -21,6 +21,8 @@ services: - USE_GZIP=yes - USE_BROTLI=yes - USE_REVERSE_PROXY=yes + labels: + - "bunkerized-nginx.AUTOCONF" myautoconf: image: bunkerity/bunkerized-nginx-autoconf @@ -28,6 +30,8 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - autoconf:/etc/nginx + depends_on: + - mywww myapp1: build: js-app diff --git a/examples/reverse-proxy-websocket/docker-compose.yml b/examples/reverse-proxy-websocket/docker-compose.yml index c3a22ae..cd4fc10 100644 --- a/examples/reverse-proxy-websocket/docker-compose.yml +++ b/examples/reverse-proxy-websocket/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: myreverse: - image: bunkerity/bunkerized-nginx:dev + image: bunkerity/bunkerized-nginx restart: always ports: - 80:8080 diff --git a/fail2ban/nginx-jail.local b/fail2ban/nginx-jail.local index 7af722b..e33da34 100644 --- a/fail2ban/nginx-jail.local +++ b/fail2ban/nginx-jail.local @@ -2,6 +2,7 @@ bantime = %FAIL2BAN_BANTIME% findtime = %FAIL2BAN_FINDTIME% maxretry = %FAIL2BAN_MAXRETRY% +ignoreip = %FAIL2BAN_IGNOREIP% enabled = true action = nginx-action logpath = /var/log/access.log