diff --git a/autoconf/Config.py b/autoconf/Config.py index c961356..d0bce69 100644 --- a/autoconf/Config.py +++ b/autoconf/Config.py @@ -11,7 +11,7 @@ class Config : def __jobs(self, type) : utils.log("[*] Starting jobs (type = " + type + ") ...") - proc = subprocess.run(["/bin/su", "-c", "/opt/entrypoint/" + type + "-jobs.sh", "nginx"], capture_output=True) + proc = subprocess.run(["/bin/su", "-c", "/opt/bunkerized-nginx/entrypoint/" + type + "-jobs.sh", "nginx"], capture_output=True) stdout = proc.stdout.decode("ascii") stderr = proc.stderr.decode("ascii") if len(stdout) > 1 : @@ -56,7 +56,7 @@ class Config : f.write(k + "=" + v + "\n") # Call the generator - proc = subprocess.run(["/bin/su", "-c", "/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables /tmp/variables.env", "nginx"], capture_output=True) + proc = subprocess.run(["/bin/su", "-c", "/opt/bunkerized-nginx/gen/main.py --settings /opt/bunkerized-nginx/settings.json --templates /opt/bunkerized-nginx/confs --output /etc/nginx --variables /tmp/variables.env", "nginx"], capture_output=True) # Print stdout/stderr stdout = proc.stdout.decode("ascii") diff --git a/autoconf/Dockerfile b/autoconf/Dockerfile index 8c4ac1e..6ff498f 100644 --- a/autoconf/Dockerfile +++ b/autoconf/Dockerfile @@ -3,20 +3,21 @@ FROM alpine COPY autoconf/dependencies.sh /tmp RUN chmod +x /tmp/dependencies.sh && \ /tmp/dependencies.sh && \ - rm -f /tmp/dependencies.sh + rm -f /tmp/dependencies.sh && \ + mkdir /opt/bunkerized-nginx -COPY gen/ /opt/gen -COPY entrypoint/ /opt/entrypoint -COPY confs/global/ /opt/confs/global -COPY confs/site/ /opt/confs/site -COPY scripts/ /opt/scripts -COPY settings.json /opt +COPY gen/ /opt/bunkerized-nginx/gen +COPY entrypoint/ /opt/bunkerized-nginx/entrypoint +COPY confs/global/ /opt/bunkerized-nginx/confs/global +COPY confs/site/ /opt/bunkerized-nginx/confs/site +COPY scripts/ /opt/bunkerized-nginx/scripts +COPY settings.json /opt/bunkerized-nginx/ COPY misc/cron /etc/crontabs/nginx -COPY autoconf/* /opt/entrypoint/ +COPY autoconf/* /opt/bunkerized-nginx/entrypoint/ COPY autoconf/prepare.sh /tmp RUN chmod +x /tmp/prepare.sh && \ /tmp/prepare.sh && \ rm -f /tmp/prepare.sh -ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"] +ENTRYPOINT ["/opt/bunkerized-nginx/entrypoint/entrypoint.sh"] diff --git a/autoconf/entrypoint.sh b/autoconf/entrypoint.sh index 19ee6ee..f793fdd 100644 --- a/autoconf/entrypoint.sh +++ b/autoconf/entrypoint.sh @@ -3,7 +3,7 @@ echo "[*] Starting autoconf ..." # check permissions -su -s "/opt/entrypoint/permissions.sh" nginx +su -s "/opt/bunkerized-nginx/entrypoint/permissions.sh" nginx if [ "$?" -ne 0 ] ; then exit 1 fi @@ -27,7 +27,7 @@ trap "trap_exit" TERM INT QUIT crond # run autoconf app -/opt/entrypoint/app.py & +/opt/bunkerized-nginx/entrypoint/app.py & pid="$!" # wait while app is up diff --git a/autoconf/hooks/post_push b/autoconf/hooks/post_push deleted file mode 100644 index 821682c..0000000 --- a/autoconf/hooks/post_push +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -curl -Lo manifest-tool https://github.com/estesp/manifest-tool/releases/download/v1.0.3/manifest-tool-linux-amd64 -chmod +x manifest-tool - -VERSION=$(cat VERSION | tr -d '\n') -if [ "$SOURCE_BRANCH" = "dev" ] ; then - ./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx-autoconf:dev-ARCHVARIANT --target bunkerity/bunkerized-nginx-autoconf:dev -elif [ "$SOURCE_BRANCH" = "master" ] ; then - ./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx-autoconf:ARCHVARIANT --target bunkerity/bunkerized-nginx-autoconf:${VERSION} - ./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx-autoconf:ARCHVARIANT --target bunkerity/bunkerized-nginx-autoconf:latest -fi diff --git a/autoconf/hooks/pre_build b/autoconf/hooks/pre_build deleted file mode 100644 index acf05f1..0000000 --- a/autoconf/hooks/pre_build +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -# Register qemu-*-static for all supported processors except the -# current one, but also remove all registered binfmt_misc before -docker run --rm --privileged multiarch/qemu-user-static:register --reset diff --git a/autoconf/prepare.sh b/autoconf/prepare.sh index e8f37c2..ccdf9f4 100644 --- a/autoconf/prepare.sh +++ b/autoconf/prepare.sh @@ -5,13 +5,17 @@ addgroup -g 101 nginx adduser -h /var/cache/nginx -g nginx -s /bin/sh -G nginx -D -H -u 101 nginx # prepare /opt -chown -R root:nginx /opt -find /opt -type f -exec chmod 0740 {} \; -find /opt -type d -exec chmod 0750 {} \; -chmod ugo+x /opt/entrypoint/* /opt/scripts/* -chmod ugo+x /opt/gen/main.py -chmod 770 /opt -chmod 440 /opt/settings.json +chown root:nginx /opt +chmod 750 /opt + +# prepare /opt/bunkerized-nginx +chown -R root:nginx /opt/bunkerized-nginx +find /opt/bunkerized-nginx -type f -exec chmod 0740 {} \; +find /opt/bunkerized-nginx -type d -exec chmod 0750 {} \; +chmod ugo+x /opt/bunkerized-nginx/entrypoint/* /opt/bunkerized-nginx/scripts/* +chmod ugo+x /opt/bunkerized-nginx/gen/main.py +chmod 770 /opt/bunkerized-nginx +chmod 440 /opt/bunkerized-nginx/settings.json # prepare /var/log ln -s /proc/1/fd/1 /var/log/jobs.log @@ -29,16 +33,30 @@ mkdir /var/lib/letsencrypt chown root:nginx /var/lib/letsencrypt chmod 770 /var/lib/letsencrypt -# prepare /cache +# prepare /opt/bunkerized-nginx/cache +ln -s /cache /opt/bunkerized-nginx/cache mkdir /cache chown root:nginx /cache chmod 770 /cache # prepare /acme-challenge +ln -s /acme-challenge /opt/bunkerized-nginx/acme-challenge mkdir /acme-challenge chown root:nginx /acme-challenge chmod 770 /acme-challenge +# prepare /modsec-confs +ln -s /modsec-confs /opt/bunkerized-nginx/modsec-confs +mkdir /modsec-confs +chown root:nginx /modsec-confs +chmod 770 /modsec-confs + +# prepare /modsec-crs-confs +ln -s /modsec-crs-confs /opt/bunkerized-nginx/modsec-crs-confs +mkdir /modsec-crs-confs +chown root:nginx /modsec-crs-confs +chmod 770 /modsec-crs-confs + # prepare /etc/crontabs/nginx chown root:nginx /etc/crontabs/nginx chmod 440 /etc/crontabs/nginx