performance - rsyslog and fail2ban removing

entrypoint/defaults.sh

@@ -91,9 +91,6 @@ AUTH_BASIC_PASSWORD="${AUTH_BASIC_PASSWORD-changeme}"
 USE_CUSTOM_HTTPS="${USE_CUSTOM_HTTPS-no}"
 ROOT_FOLDER="${ROOT_FOLDER-/www}"
 ROOT_SITE_SUBFOLDER="${ROOT_SITE_SUBFOLDER-}"
-LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
-LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
-LOGROTATE_CRON="${LOGROTATE_CRON-0 0 * * *}"
 DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11}"
 USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
 WHITELIST_IP_LIST="${WHITELIST_IP_LIST-127.0.0.1 23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"

entrypoint/entrypoint.sh

@@ -5,25 +5,13 @@
 
 echo "[*] Starting bunkerized-nginx ..."
 
-# execute custom scripts if it's a customized image
-for file in /entrypoint.d/* ; do
-    [ -f "$file" ] && [ -x "$file" ] && "$file"
-done
-
 # trap SIGTERM and SIGINT
 function trap_exit() {
 	echo "[*] Catched stop operation"
 	echo "[*] Stopping crond ..."
 	pkill -TERM crond
-	if [ "$USE_FAIL2BAN" = "yes" ] ; then
-		echo "[*] Stopping fail2ban"
-		fail2ban-client stop > /dev/null
-	fi
 	echo "[*] Stopping nginx ..."
 	/usr/sbin/nginx -s stop
-	echo "[*] Stopping rsyslogd ..."
-	pkill -TERM rsyslogd
-	pkill -TERM tail
 }
 trap "trap_exit" TERM INT QUIT
 
@@ -62,16 +50,10 @@ if [ ! -f "/opt/installed" ] ; then
 		exit 1
 	fi
 
-	# logs config
-	/opt/entrypoint/logs.sh
-
 	# lua config
 	# TODO : move variables from /usr/local/lib/lua + multisite support ?
 	/opt/entrypoint/lua.sh
 
-	# fail2ban config
-	/opt/entrypoint/fail2ban.sh
-
 	# clamav config
 	/opt/entrypoint/clamav.sh
 
@@ -103,9 +85,6 @@ else
 	echo "[*] Skipping configuration process"
 fi
 
-# start rsyslogd
-rsyslogd -i /tmp/rsyslogd.pid
-
 # start crond
 crond
 
@@ -124,22 +103,13 @@ fi
 
 # run nginx
 echo "[*] Running nginx ..."
-nginx
-if [ "$?" -eq 0 ] ; then
-	echo "[*] nginx successfully started !"
-else
-	echo "[!] nginx failed to start"
-fi
-
-# list of log files to display
-LOGS="/var/log/access.log /var/log/error.log /var/log/jobs.log /var/log/nginx/error.log /var/log/nginx/modsec_audit.log"
-
-# start fail2ban
-if [ "$USE_FAIL2BAN" = "yes" ] ; then
-	echo "[*] Running fail2ban ..."
-	fail2ban-server > /dev/null
-	LOGS="$LOGS /var/log/fail2ban.log"
-fi
+nginx &
+pid="$!"
+#if [ "$?" -eq 0 ] ; then
+#	echo "[*] nginx successfully started !"
+#else
+#	echo "[!] nginx failed to start"
+#fi
 
 # autotest
 if [ "$1" == "test" ] ; then
@@ -152,9 +122,8 @@ if [ "$1" == "test" ] ; then
 	exit 1
 fi
 
-# display logs
-tail -F $LOGS &
-pid="$!"
+# wait for nginx
+wait "$pid"
 while [ -f "/tmp/nginx.pid" ] ; do
 	wait "$pid"
 done

entrypoint/fail2ban.sh

@@ -1,19 +0,0 @@
-#!/bin/bash
-
-# load default values
-. /opt/entrypoint/defaults.sh
-
-# load some functions
-. /opt/entrypoint/utils.sh
-
-# fail2ban setup
-if [ "$(has_value USE_FAIL2BAN yes)" != "" ] ; then
-	cp /opt/fail2ban/nginx-action.local /etc/fail2ban/action.d/nginx-action.local
-	cp /opt/fail2ban/nginx-filter.local /etc/fail2ban/filter.d/nginx-filter.local
-	cp /opt/fail2ban/nginx-jail.local /etc/fail2ban/jail.d/nginx-jail.local
-	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_BANTIME%" "$FAIL2BAN_BANTIME"
-	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_FINDTIME%" "$FAIL2BAN_FINDTIME"
-	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_MAXRETRY%" "$FAIL2BAN_MAXRETRY"
-	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_IGNOREIP%" "$FAIL2BAN_IGNOREIP"
-	replace_in_file "/etc/fail2ban/filter.d/nginx-filter.local" "%FAIL2BAN_STATUS_CODES%" "$FAIL2BAN_STATUS_CODES"
-fi

entrypoint/logs.sh

@@ -1,28 +0,0 @@
-#!/bin/bash
-
-# load default values
-. /opt/entrypoint/defaults.sh
-
-# load some functions
-. /opt/entrypoint/utils.sh
-
-# copy stub confs
-cat /opt/logs/rsyslog.conf > /etc/rsyslog.conf
-cat /opt/logs/logrotate.conf > /etc/logrotate.conf
-
-# create empty logs
-touch /var/log/access.log
-touch /var/log/error.log
-touch /var/log/jobs.log
-
-# setup logrotate
-replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MAXAGE%" "$LOGROTATE_MAXAGE"
-replace_in_file "/etc/logrotate.conf" "%LOGROTATE_MINSIZE%" "$LOGROTATE_MINSIZE"
-echo "$LOGROTATE_CRON /opt/scripts/logrotate.sh > /dev/null 2>&1" >> /etc/crontabs/nginx
-
-# setup rsyslog
-if [ "$REMOTE_SYSLOG" != "" ] ; then
-	replace_in_file "/etc/rsyslog.conf" "%REMOTE_SYSLOG%" "local0.* @${REMOTE_SYSLOG};rawFormat"
-else
-	replace_in_file "/etc/rsyslog.conf" "%REMOTE_SYSLOG%" ""
-fi