performance - move external blacklists checks from nginx to LUA

entrypoint/entrypoint.sh

@@ -132,7 +132,7 @@ else
 fi
 
 # list of log files to display
-LOGS="/var/log/access.log /var/log/error.log /var/log/jobs.log /var/log/nginx/modsec_audit.log"
+LOGS="/var/log/access.log /var/log/error.log /var/log/jobs.log /var/log/nginx/error.log /var/log/nginx/modsec_audit.log"
 
 # start fail2ban
 if [ "$USE_FAIL2BAN" = "yes" ] ; then

entrypoint/global-config.sh

@@ -130,16 +130,31 @@ fi
 # block TOR exit nodes
 if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] ; then
 	echo "$BLOCK_TOR_EXIT_NODE_CRON /opt/scripts/exit-nodes.sh" >> /etc/crontabs/nginx
+	replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_TOR_EXIT_NODES%" "lua_shared_dict tor_exit_nodes_data 1m;"
+	replace_in_file "/etc/nginx/init-lua.conf" "%USE_TOR_EXIT_NODES%" "true"
+else
+	replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_TOR_EXIT_NODES%" ""
+	replace_in_file "/etc/nginx/init-lua.conf" "%USE_TOR_EXIT_NODES%" "false"
 fi
 
 # block proxies
 if [ "$(has_value BLOCK_PROXIES yes)" != "" ] ; then
 	echo "$BLOCK_PROXIES_CRON /opt/scripts/proxies.sh" >> /etc/crontabs/nginx
+	replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_PROXIES%" "lua_shared_dict proxies_data 250m;"
+	replace_in_file "/etc/nginx/init-lua.conf" "%USE_PROXIES%" "true"
+else
+	replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_PROXIES%" ""
+	replace_in_file "/etc/nginx/init-lua.conf" "%USE_PROXIES%" "false"
 fi
 
 # block abusers
 if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
 	echo "$BLOCK_ABUSERS_CRON /opt/scripts/abusers.sh" >> /etc/crontabs/nginx
+	replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_ABUSERS%" "lua_shared_dict abusers_data 50m;"
+	replace_in_file "/etc/nginx/init-lua.conf" "%USE_ABUSERS%" "true"
+else
+	replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_ABUSERS%" ""
+	replace_in_file "/etc/nginx/init-lua.conf" "%USE_ABUSERS%" "false"
 fi
 
 # DNS resolvers

entrypoint/site-config.sh

@@ -307,23 +307,23 @@ fi
 
 # block TOR exit nodes
 if [ "$BLOCK_TOR_EXIT_NODE" = "yes" ] ; then
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_TOR_EXIT_NODE%" "include /etc/nginx/block-tor-exit-node.conf;"
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_TOR_EXIT_NODES%" "true"
 else
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_TOR_EXIT_NODE%" ""
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_TOR_EXIT_NODES%" "false"
 fi
 
 # block proxies
 if [ "$BLOCK_PROXIES" = "yes" ] ; then
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_PROXIES%" "include /etc/nginx/block-proxies.conf;"
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_PROXIES%" "true"
 else
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_PROXIES%" ""
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_PROXIES%" "false"
 fi
 
 # block abusers
 if [ "$BLOCK_ABUSERS" = "yes" ] ; then
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_ABUSERS%" "include /etc/nginx/block-abusers.conf;"
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ABUSERS%" "true"
 else
-	replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_ABUSERS%" ""
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_ABUSERS%" "false"
 fi
 
 # HTTPS config