Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

autoconf - minor fixes, prepare Swarm testing

Browse Source
This commit is contained in:
bunkerity 2021-07-29 17:32:33 +02:00
parent 1a32e7c02c
commit f866ef6325
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
4 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@ -12,10 +12,8 @@ RUN chmod +x /tmp/docker.sh && \
/tmp/docker.sh && \ /tmp/docker.sh && \
rm -f /tmp/docker.sh rm -f /tmp/docker.sh
# Fix CVE-2021-22901, CVE-2021-22898, CVE-2021-22897 and CVE-2021-33560 # Fix CVE-2021-22901, CVE-2021-22898, CVE-2021-22897, CVE-2021-33560 and CVE-2021-36159
RUN apk add "curl>=7.77.0-r0" "libgcrypt>=1.8.8-r0" RUN apk add "curl>=7.77.0-r0" "libgcrypt>=1.8.8-r0" "apk-tools>=2.12.6-r0"
# Fix CVE-2021-36159
#RUN apk add "apk-tools>=2.12.6-r0"
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins

2
entrypoint/entrypoint.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
. /opt/bunkerize-nginx/entrypoint/utils.sh . /opt/bunkerized-nginx/entrypoint/utils.sh
log "entrypoint" "INFO" "starting bunkerized-nginx ..." log "entrypoint" "INFO" "starting bunkerized-nginx ..."

32
entrypoint/permissions.sh
View File

@ -10,38 +10,40 @@ if [ -f "/usr/sbin/nginx" ] ; then
# /www # /www
if [ ! -r "/www" ] || [ ! -x "/www" ] ; then if [ ! -r "/www" ] || [ ! -x "/www" ] ; then
echo "[!] ERROR - wrong permissions on /www" echo "[!] ERROR - wrong permissions on /www"
exit 2 exit 1
fi
# /modsec-confs
if [ ! -r "/modsec-confs" ] || [ ! -x "/modsec-confs" ] ; then
echo "[!] ERROR - wrong permissions on /modsec-confs"
exit 3
fi
# /modsec-crs-confs
if [ ! -r "/modsec-crs-confs" ] || [ ! -x "/modsec-crs-confs" ] ; then
echo "[!] ERROR - wrong permissions on /modsec-crs-confs"
exit 4
fi fi
# /server-confs # /server-confs
if [ ! -r "/server-confs" ] || [ ! -x "/server-confs" ] ; then if [ ! -r "/server-confs" ] || [ ! -x "/server-confs" ] ; then
echo "[!] ERROR - wrong permissions on /server-confs" echo "[!] ERROR - wrong permissions on /server-confs"
exit 5 exit 1
fi fi
# /http-confs # /http-confs
if [ ! -r "/http-confs" ] || [ ! -x "/http-confs" ] ; then if [ ! -r "/http-confs" ] || [ ! -x "/http-confs" ] ; then
echo "[!] ERROR - wrong permissions on /http-confs" echo "[!] ERROR - wrong permissions on /http-confs"
exit 6 exit 1
fi fi
fi fi
# /modsec-confs
if [ ! -r "/modsec-confs" ] || [ ! -x "/modsec-confs" ] ; then
echo "[!] ERROR - wrong permissions on /modsec-confs"
exit 1
fi
# /modsec-crs-confs
if [ ! -r "/modsec-crs-confs" ] || [ ! -x "/modsec-crs-confs" ] ; then
echo "[!] ERROR - wrong permissions on /modsec-crs-confs"
exit 1
fi
# /acme-challenge # /acme-challenge
if [ ! -w "/acme-challenge" ] || [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then if [ ! -w "/acme-challenge" ] || [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then
echo "[!] ERROR - wrong permissions on /acme-challenge" echo "[!] ERROR - wrong permissions on /acme-challenge"
exit 7 exit 1
fi fi
# /etc/nginx # /etc/nginx
if [ ! -w "/etc/nginx" ] || [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then if [ ! -w "/etc/nginx" ] || [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then
echo "[!] ERROR - wrong permissions on /etc/nginx" echo "[!] ERROR - wrong permissions on /etc/nginx"
exit 8 exit 1
fi fi

2
examples/swarm/stack.yml
View File

@ -63,7 +63,7 @@ services:
labels: labels:
- "bunkerized-nginx.AUTOCONF" - "bunkerized-nginx.AUTOCONF"
app1: app1:
image: php:fpm-alpine image: php:fpm-alpine
volumes: volumes:
- /shared/www/app1.example.com:/www - /shared/www/app1.example.com:/www