Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

run master nginx process as non-root user

Browse Source
This commit is contained in:
bunkerity
2020-10-21 23:28:48 +02:00
parent 7a8795883b
commit e19a7c693d
17 changed files with 89 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/abusers.sh
View File

@@ -5,6 +5,6 @@ curl -s "https://iplists.firehol.org/files/firehol_abusers_30d.netset" | grep -v
while read entry ; do
echo "deny ${entry};" >> /etc/nginx/block-abusers.conf
done
if [ -f /run/nginx/nginx.pid ] ; then
if [ -f /tmp/nginx.pid ] ; then
/usr/sbin/nginx -s reload
fi

16
scripts/certbot-renew.sh
View File

@@ -9,9 +9,9 @@ function replace_in_file() {
# check if HTTP enabled
# and disable it temporarily if needed
if grep -q "listen 0.0.0.0:80;" "/etc/nginx/server.conf" ; then
replace_in_file "/etc/nginx/server.conf" "listen 0.0.0.0:80;" "#listen 0.0.0.0:80;"
if [ -f /run/nginx/nginx.pid ] ; then
if grep -q "listen 0.0.0.0:8080;" "/etc/nginx/server.conf" ; then
replace_in_file "/etc/nginx/server.conf" "listen 0.0.0.0:8080;" "#listen 0.0.0.0:8080;"
if [ -f /tmp/nginx.pid ] ; then
/usr/sbin/nginx -s reload
sleep 10
fi
@@ -21,11 +21,15 @@ fi
certbot renew
# enable HTTP again if needed
if grep -q "#listen 0.0.0.0:80;" "/etc/nginx/server.conf" ; then
replace_in_file "/etc/nginx/server.conf" "#listen 0.0.0.0:80;" "listen 0.0.0.0:80;"
if grep -q "#listen 0.0.0.0:8080;" "/etc/nginx/server.conf" ; then
replace_in_file "/etc/nginx/server.conf" "#listen 0.0.0.0:8080;" "listen 0.0.0.0:8080;"
fi
chown -R root:nginx /etc/letsencrypt
chmod -R 740 /etc/letsencrypt
find /etc/letsencrypt -type d -exec chmod 750 {} \;
# reload nginx
if [ -f /run/nginx/nginx.pid ] ; then
if [ -f /tmp/nginx.pid ] ; then
/usr/sbin/nginx -s reload
fi

2
scripts/exit-nodes.sh
View File

@@ -5,6 +5,6 @@ curl -s "https://iplists.firehol.org/files/tor_exits.ipset" | grep -v "^\#.*" |
while read entry ; do
echo "deny ${entry};" >> /etc/nginx/block-tor-exit-node.conf
done
if [ -f /run/nginx/nginx.pid ] ; then
if [ -f /tmp/nginx.pid ] ; then
/usr/sbin/nginx -s reload
fi

2
scripts/geoip.sh
View File

@@ -5,7 +5,7 @@ URL="https://download.db-ip.com/free/dbip-country-lite-$(date +%Y-%m).mmdb.gz"
wget -O /etc/nginx/geoip.mmdb.gz "$URL" > /dev/null 2>&1
if [ -f /etc/nginx/geoip.mmdb.gz ] ; then
gunzip -f /etc/nginx/geoip.mmdb.gz
if [ -f /run/nginx/nginx.pid ] ; then
if [ -f /tmp/nginx.pid ] ; then
/usr/sbin/nginx -s reload
fi
fi

2
scripts/proxies.sh
View File

@@ -5,6 +5,6 @@ curl -s "https://iplists.firehol.org/files/firehol_proxies.netset" | grep -v "^\
while read entry ; do
echo "deny ${entry};" >> /etc/nginx/block-proxies.conf
done
if [ -f /run/nginx/nginx.pid ] ; then
if [ -f /tmp/nginx.pid ] ; then
/usr/sbin/nginx -s reload
fi

2
scripts/user-agents.sh
View File

@@ -20,6 +20,6 @@ DATA_ESCAPED=$(echo "$DATA" | sed 's: :\\\\ :g' | sed 's:\\\\ yes;: yes;:g' | se
cp /opt/confs/map-user-agent.conf /etc/nginx/map-user-agent.conf
replace_in_file "/etc/nginx/map-user-agent.conf" "%BLOCK_USER_AGENT%" "$DATA_ESCAPED"
if [ -f /run/nginx/nginx.pid ] ; then
if [ -f /tmp/nginx.pid ] ; then
/usr/sbin/nginx -s reload
fi