From fde14d1621f4b36b3e9a0b286e26c54fb497cc49 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Wed, 18 Aug 2021 13:38:09 +0200 Subject: [PATCH] linux - fix unknown scheme error and do nginx reload as root in UI --- helpers/install.sh | 6 ++++++ tests/Dockerfile-fedora | 3 ++- ui/bunkerized-nginx-ui.service | 2 +- ui/config.py | 1 + ui/linux-reload.sh | 5 +++++ ui/src/Instances.py | 2 +- 6 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 ui/config.py create mode 100644 ui/linux-reload.sh diff --git a/helpers/install.sh b/helpers/install.sh index cd19280..92fc620 100755 --- a/helpers/install.sh +++ b/helpers/install.sh @@ -836,6 +836,12 @@ if [ "$OS" != "alpine" ] ; then fi # Allow RX access to others on /opt/bunkerized-nginx do_and_check_cmd chmod 755 /opt/bunkerized-nginx +# Allow nginx group to do nginx reload as root +if [ "$OS" != "alpine" ] ; then + do_and_check_cmd chown root:nginx /opt/bunkerized-nginx/ui/nginx-reload.sh + do_and_check_cmd chmod 750 /opt/bunkerized-nginx/ui/nginx-reload.sh + do_and_check_cmd chmod u+s /opt/bunkerized-nginx/ui/nginx-reload.sh +fi # Prepare log files and folders echo "[*] Prepare log files and folders" diff --git a/tests/Dockerfile-fedora b/tests/Dockerfile-fedora index 395d770..f84a061 100644 --- a/tests/Dockerfile-fedora +++ b/tests/Dockerfile-fedora @@ -12,4 +12,5 @@ rm -f /lib/systemd/system/basic.target.wants/*;\ rm -f /lib/systemd/system/anaconda.target.wants/*;\ rm -f /lib/systemd/system/*tmpfiles*;\ rm -f /lib/systemd/user/*tmpfiles*;\ -find /lib/systemd/ -type f -iname "*.service" -exec rm -f {} \; +find /lib/systemd/ -type f -iname "*.service" -exec rm -f {} \;;\ +find /etc/systemd/ -type f -inaĆ¹e "*.service" -exec rm -f {} \; diff --git a/ui/bunkerized-nginx-ui.service b/ui/bunkerized-nginx-ui.service index cdd71a6..4e6d790 100644 --- a/ui/bunkerized-nginx-ui.service +++ b/ui/bunkerized-nginx-ui.service @@ -7,7 +7,7 @@ User=nginx Group=nginx WorkingDirectory=/opt/bunkerized-nginx/ui EnvironmentFile=/opt/bunkerized-nginx/ui/variables.env -ExecStart=gunicorn --bind 127.0.0.1:5000 -m 007 wsgi:app +ExecStart=gunicorn --config config.py --bind 127.0.0.1:5000 -m 007 wsgi:app [Install] WantedBy=multi-user.target diff --git a/ui/config.py b/ui/config.py new file mode 100644 index 0000000..e09e2d0 --- /dev/null +++ b/ui/config.py @@ -0,0 +1 @@ +secure_scheme_headers = {'X-FORWARDED-PROTOCOL': 'https', 'X-FORWARDED-PROTO': 'https', 'X-FORWARDED-SSL': 'on'} diff --git a/ui/linux-reload.sh b/ui/linux-reload.sh new file mode 100644 index 0000000..c32f6bc --- /dev/null +++ b/ui/linux-reload.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +systemctl reload nginx + +exit $? diff --git a/ui/src/Instances.py b/ui/src/Instances.py index 5afbff0..976208e 100644 --- a/ui/src/Instances.py +++ b/ui/src/Instances.py @@ -107,7 +107,7 @@ class Instances : if proc.returncode != 0 : result = False else : - proc = subprocess.run(["/usr/sbin/nginx", "-s", "reload"], capture_output=True) + proc = subprocess.run(["/opt/bunkerized-nginx/ui/nginx-reload.sh"], capture_output=True) result = proc.returncode == 0 elif instance["type"] == "container" or instance["type"] == "service" : result = self.__api_request(instance, "/reload")