Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

country whitelist/blacklist

Browse Source
This commit is contained in:
bunkerity
2020-11-18 11:21:25 +01:00
parent 0635eb368b
commit fe1d724c9f
6 changed files with 21 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
entrypoint/defaults.sh
View File

@@ -42,7 +42,8 @@ FEATURE_POLICY="${FEATURE_POLICY-accelerometer 'none'; ambient-light-sensor 'non
DISABLE_DEFAULT_SERVER="${DISABLE_DEFAULT_SERVER-no}"
SERVER_NAME="${SERVER_NAME-www.bunkerity.com}"
ALLOWED_METHODS="${ALLOWED_METHODS-GET|POST|HEAD}"
BLOCK_COUNTRY="${BLOCK_COUNTRY-}"
BLACKLIST_COUNTRY="${BLOCK_COUNTRY-}"
WHITELIST_COUNTRY="${WHITELIST_COUNTRY-}"
BLOCK_USER_AGENT="${BLOCK_USER_AGENT-yes}"
BLOCK_TOR_EXIT_NODE="${BLOCK_TOR_EXIT_NODE-yes}"
BLOCK_PROXIES="${BLOCK_PROXIES-yes}"

16
entrypoint/global-config.sh
View File

@@ -56,10 +56,16 @@ if [ "$GENERATE_SELF_SIGNED_SSL" = "yes" ] ; then
openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/self-signed-ssl/key.pem -out /etc/nginx/self-signed-ssl/cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
fi
# country ban
if [ "$BLOCK_COUNTRY" != "" ] ; then
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_COUNTRY%" "include /etc/nginx/geoip.conf;"
replace_in_file "/etc/nginx/geoip.conf" "%BLOCK_COUNTRY%" "$(echo $BLOCK_COUNTRY | sed 's/ / no;\\n/g') no;"
# country ban/whitelist
if [ "$BLACKLIST_COUNTRY" != "" ] || [ "$WHITELIST_COUNTRY" != "" ] ; then
replace_in_file "/etc/nginx/nginx.conf" "%USE_COUNTRY%" "include /etc/nginx/geoip.conf;"
if [ "$WHITELIST_COUNTRY" != "" ] ; then
replace_in_file "/etc/nginx/geoip.conf" "%DEFAULT%" "no"
replace_in_file "/etc/nginx/geoip.conf" "%COUNTRY%" "$(echo $WHITELIST_COUNTRY | sed 's/ / yes;\\n/g') yes;"
else
replace_in_file "/etc/nginx/geoip.conf" "%DEFAULT%" "yes"
replace_in_file "/etc/nginx/geoip.conf" "%COUNTRY%" "$(echo $BLACKLIST_COUNTRY | sed 's/ / no;\\n/g') no;"
fi
echo "0 0 2 * * /opt/scripts/geoip.sh" >> /etc/crontabs/root
if [ -f "/cache/geoip.mmdb" ] ; then
echo "[*] Copying cached geoip.mmdb ..."
@@ -69,7 +75,7 @@ if [ "$BLOCK_COUNTRY" != "" ] ; then
/opt/scripts/geoip.sh &
fi
else
replace_in_file "/etc/nginx/nginx.conf" "%BLOCK_COUNTRY%" ""
replace_in_file "/etc/nginx/nginx.conf" "%USE_COUNTRY%" ""
fi
# block bad UA

6
entrypoint/site-config.sh
View File

@@ -238,10 +238,10 @@ fi
replace_in_file "${NGINX_PREFIX}server.conf" "%ALLOWED_METHODS%" "$ALLOWED_METHODS"
# country ban
if [ "$BLOCK_COUNTRY" != "" ] ; then
replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_COUNTRY%" "include ${NGINX_PREFIX}geoip-server.conf;"
if [ "$BLACKLIST_COUNTRY" != "" ] || [ "$WHITELIST_COUNTRY" != "" ] ; then
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_COUNTRY%" "include ${NGINX_PREFIX}geoip-server.conf;"
else
replace_in_file "${NGINX_PREFIX}server.conf" "%BLOCK_COUNTRY%" ""
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_COUNTRY%" ""
fi
# block bad UA