42 changed files with 87 additions and 811 deletions
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@ -158,141 +158,9 @@ jobs:
          cache-from: type=registry,ref=bunkerity/cache:bw-ui-arm-cache
          cache-to: type=registry,ref=bunkerity/cache:bw-ui-arm-cache,mode=min
  # Build linux ubuntu
  build-bw-ubuntu:
    runs-on: ubuntu-latest
    steps:
      # Prepare
      - name: Checkout source code
        uses: actions/checkout@v3
      - name: Setup Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}
      - name: Login to private repository
        uses: docker/login-action@v2
        with:
          registry: ${{ secrets.PRIVATE_REGISTRY }}
          username: registry
          password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
      # Build image
      - name: Build BW ubuntu
        uses: docker/build-push-action@v3
        with:
          context: .
          file: linux/Dockerfile-ubuntu
          platforms: linux/amd64
          push: true
          tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:latest
          cache-from: type=registry,ref=bunkerity/cache:bw-ubuntu-cache
          cache-to: type=registry,ref=bunkerity/cache:bw-ubuntu-cache,mode=min
  # Build linux debian
  build-bw-debian:
    runs-on: ubuntu-latest
    steps:
      # Prepare
      - name: Checkout source code
        uses: actions/checkout@v3
      - name: Setup Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}
      - name: Login to private repository
        uses: docker/login-action@v2
        with:
          registry: ${{ secrets.PRIVATE_REGISTRY }}
          username: registry
          password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
      # Build image
      - name: Build BW debian
        uses: docker/build-push-action@v3
        with:
          context: .
          file: linux/Dockerfile-debian
          platforms: linux/amd64
          push: true
          tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:latest
          cache-from: type=registry,ref=bunkerity/cache:bw-debian-cache
          cache-to: type=registry,ref=bunkerity/cache:bw-debian-cache,mode=min
  # Build linux centos
  build-bw-centos:
    runs-on: ubuntu-latest
    steps:
      # Prepare
      - name: Checkout source code
        uses: actions/checkout@v3
      - name: Setup Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}
      - name: Login to private repository
        uses: docker/login-action@v2
        with:
          registry: ${{ secrets.PRIVATE_REGISTRY }}
          username: registry
          password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
      # Build image
      - name: Build BW centos
        uses: docker/build-push-action@v3
        with:
          context: .
          file: linux/Dockerfile-centos
          platforms: linux/amd64
          push: true
          tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:latest
          cache-from: type=registry,ref=bunkerity/cache:bw-centos-cache
          cache-to: type=registry,ref=bunkerity/cache:bw-centos-cache,mode=min
  # Build linux fedora
  build-bw-fedora:
    runs-on: ubuntu-latest
    steps:
      # Prepare
      - name: Checkout source code
        uses: actions/checkout@v3
      - name: Setup Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}
      - name: Login to private repository
        uses: docker/login-action@v2
        with:
          registry: ${{ secrets.PRIVATE_REGISTRY }}
          username: registry
          password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
      # Build image
      - name: Build BW fedora
        uses: docker/build-push-action@v3
        with:
          context: .
          file: linux/Dockerfile-fedora
          platforms: linux/amd64
          push: true
          tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:latest
          cache-from: type=registry,ref=bunkerity/cache:bw-fedora-cache
          cache-to: type=registry,ref=bunkerity/cache:bw-fedora-cache,mode=min
  # Run tests
  tests:
-    needs: [build-bw-amd64, build-bw-ubuntu, build-bw-debian, build-bw-centos, build-bw-fedora]
+    needs: build-bw-amd64
    runs-on: [self-hosted, X64]
    steps:
@ -326,14 +194,6 @@ jobs:
        run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest 10.20.1.1:5000/bw-autoconf-tests:latest && docker push 10.20.1.1:5000/bw-autoconf-tests:latest
      - name: Import BW UI image
        run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest 10.20.1.1:5000/bw-ui-tests:latest && docker push 10.20.1.1:5000/bw-ui-tests:latest
      - name: Import Ubuntu image
        run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:latest bw-ubuntu-tests:latest
      - name: Import Debian image
        run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:latest bw-debian-tests:latest
      - name: Import Centos image
        run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:latest bw-centos-tests:latest
      - name: Import Fedora image
        run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:latest bw-fedora-tests:latest
      # CVE check on OS
      - name: Check security vulnerabilities for BW
@ -464,7 +324,7 @@ jobs:
          echo "VERSION=$VER" >> $GITHUB_ENV
      - name: Remove Ubuntu DEB from packagecloud
-        run: package_cloud yank bunkerity/bunkerweb-dev/ubuntu/jammy bunkerweb_${{ env.VERSION }}_amd64.deb
+        run: package_cloud yank bunkerity/bunkerweb-dev/ubuntu/jammy bunkerweb_${{ env.VERSION }}-1_amd64.deb
        continue-on-error: true
        env:
          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
@ -479,7 +339,7 @@ jobs:
          PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
      - name: Remove Debian DEB from packagecloud
-        run: package_cloud yank bunkerity/bunkerweb-dev/debian/bullseye bunkerweb_${{ env.VERSION }}_amd64.deb
+        run: package_cloud yank bunkerity/bunkerweb-dev/debian/bullseye bunkerweb_${{ env.VERSION }}-1_amd64.deb
        continue-on-error: true
        env:
          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
--- a/.github/workflows/prod.yml
+++ b/.github/workflows/prod.yml
@ -451,7 +451,7 @@ jobs:
          echo "VERSION=$VER" >> $GITHUB_ENV
      - name: Remove Ubuntu DEB from packagecloud
-        run: package_cloud yank bunkerity/bunkerweb/ubuntu/jammy bunkerweb_${{ env.VERSION }}_amd64.deb
+        run: package_cloud yank bunkerity/bunkerweb/ubuntu/jammy bunkerweb_${{ env.VERSION }}-1_amd64.deb
        continue-on-error: true
        env:
          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
@ -466,7 +466,7 @@ jobs:
          PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
      - name: Remove Debian DEB from packagecloud
-        run: package_cloud yank bunkerity/bunkerweb/debian/bullseye bunkerweb_${{ env.VERSION }}_amd64.deb
+        run: package_cloud yank bunkerity/bunkerweb/debian/bullseye bunkerweb_${{ env.VERSION }}-1_amd64.deb
        continue-on-error: true
        env:
          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,18 +1,6 @@
 # Changelog
 ## v1.4.2 - 
 - Fix bwcli unban command when using Linux integration
 - Fix permissions check when filename has a space
 - Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
 - Fix config files overwrite when using Docker autoconf
 - Add log_default() plugin hook
 - Add various certbot-dns examples
 - Force NGINX version dependencies in Linux packages DEB/RPM
 - Add Discord to supported plugins
 ## v1.4.1 - 2022/16/06
 - Fix sending local IPs to BunkerNet when DISABLE_DEFAULT_SERVER=yes
 - Fix certbot bug when AUTOCONF_MODE=yes
 - Fix certbot bug when MULTISITE=no
--- a/README.md
+++ b/README.md
@ -246,7 +246,6 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
 | :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
 |   **ClamAV**   |   0.1   | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. |     [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav)     |
 |  **CrowdSec**  |   0.1   | CrowdSec bouncer for BunkerWeb.                                                                                                  |   [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec)   |
 | **Discord** | 0.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
 | **VirusTotal** |   0.1   | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious.          | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
 You will find more information in the [plugins section](https://docs.bunkerweb.io/latest/plugins) of the documentation.
@ -281,7 +280,7 @@ This project is licensed under the terms of the [GNU Affero General Public Licen
 # Contribute
-If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/tree/master/CONTRIBUTING.md) to get started.
+If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/tree/master/LICENSE.md) to get started.
 # Security policy
--- a/autoconf/Config.py
+++ b/autoconf/Config.py
@ -131,11 +131,10 @@ class Config(ApiCaller, ConfigCaller) :
        self._set_apis(self.__get_apis())
        # write configs
-        if configs != None :
+        ret = self.__write_configs()
-            ret = self.__write_configs()
+        if not ret :
-            if not ret :
+            success = False
-                success = False
+            log("CONFIG", "❌", "saving custom configs failed, configuration will not work as expected...")
                log("CONFIG", "❌", "saving custom configs failed, configuration will not work as expected...")
        # get env
        env = self.__get_full_env()
--- a/autoconf/DockerController.py
+++ b/autoconf/DockerController.py
@ -43,7 +43,7 @@ class DockerController(Controller) :
        raise("get_configs is not supported with DockerController")
    def apply_config(self) :
-        return self._config.apply(self._instances, self._services)
+        return self._config.apply(self._instances, self._services, configs=self._configs)
    def process_events(self) :
        for event in self.__client.events(decode=True, filters={"type": "container"}) :
--- a/cli/CLI.py
+++ b/cli/CLI.py
@ -42,7 +42,7 @@ class CLI(ApiCaller) :
    def __get_apis(self) :
        # Docker case
-        if self.__integration == "docker" or self.__integration == "linux" :
+        if self.__integration == "docker" :
            return [API("http://127.0.0.1:" + self.__variables["API_HTTP_PORT"], host=self.__variables["API_SERVER_NAME"])]
        # Autoconf case
--- a/confs/default-server-http.conf
+++ b/confs/default-server-http.conf
@ -12,50 +12,4 @@ server {
 	# include custom default-server configurations
 	include /opt/bunkerweb/configs/default-server-http/*.conf;
 	log_by_lua_block {
 		local utils		= require "utils"
 		local logger	= require "logger"
 		local datastore	= require "datastore"
 		local plugins	= require "plugins"
 		logger.log(ngx.INFO, "LOG", "Log phase started")
 		-- List all plugins
 		local list, err = plugins:list()
 		if not list then
 			logger.log(ngx.ERR, "LOG", "Can't list loaded plugins : " .. err)
 			list = {}
 		end
 		-- Call log_default method of plugins
 		for i, plugin in ipairs(list) do
 			local ret, plugin_lua = pcall(require, plugin.id .. "/" .. plugin.id)
 			if ret then
 				local plugin_obj = plugin_lua.new()
 				if plugin_obj.log_default ~= nil then
 					logger.log(ngx.INFO, "LOG", "Executing log_default() of " .. plugin.id)
 					local ok, err = plugin_obj:log_default()
 					if not ok then
 						logger.log(ngx.ERR, "LOG", "Error while calling log_default() on plugin " .. plugin.id .. " : " .. err)
 					else
 						logger.log(ngx.INFO, "LOG", "Return value from " .. plugin.id .. ".log_default() is : " .. err)
 					end
 				else
 					logger.log(ngx.INFO, "LOG", "log_default() method not found in " .. plugin.id .. ", skipped execution")
 				end
 			end
 		end
 		-- Display reason at info level
 		local reason = utils.get_reason()
 		if reason then
 			logger.log(ngx.INFO, "LOG", "Client was denied with reason : " .. reason)
 		end
 		logger.log(ngx.INFO, "LOG", "Log phase ended")
 	}
 }
--- a/core/bunkernet/bunkernet.lua
+++ b/core/bunkernet/bunkernet.lua
@ -141,13 +141,11 @@ function _M:report(ip, reason, method, url, headers)
 	return self:request("POST", "/report", data)
 end
-function _M:log(bypass_use_bunkernet)
+function _M:log()
-	if bypass_use_bunkernet then
+	-- Check if BunkerNet is activated
-		-- Check if BunkerNet is activated
+	local use_bunkernet = utils.get_variable("USE_BUNKERNET")
-		local use_bunkernet = utils.get_variable("USE_BUNKERNET")
+	if use_bunkernet ~= "yes" then
-		if use_bunkernet ~= "yes" then
+		return true, "bunkernet not activated"
 			return true, "bunkernet not activated"
 		end
 	end
 	-- Check if BunkerNet ID is generated
 	if not self.id then
@ -195,27 +193,6 @@ function _M:log(bypass_use_bunkernet)
 	return true, "created report timer"
 end
 function _M:log_default()
 	-- Check if bunkernet is activated
 	local check, err = utils.has_variable("USE_BUNKERNET", "yes")
 	if check == nil then
 		return false, "error while checking variable USE_BUNKERNET (" .. err .. ")"
 	end
 	if not check then
 		return true, "bunkernet not enabled"
 	end
 	-- Check if default server is disabled
 	local check, err = utils.get_variable("DISABLE_DEFAULT_SERVER", false)
 	if check == nil then
 		return false, "error while getting variable DISABLE_DEFAULT_SERVER (" .. err .. ")"
 	end
 	if check ~= "yes" then
 		return true, "default server not disabled"
 	end
 	-- Call log method
 	return self:log(true)
 end
 function _M:access()
 	local use_bunkernet = utils.get_variable("USE_BUNKERNET")
 	if use_bunkernet ~= "yes" then
--- a/core/bunkernet/confs/default-server-http/bunkernet.conf
+++ b/core/bunkernet/confs/default-server-http/bunkernet.conf
@ -0,0 +1,59 @@
 log_by_lua_block {
 	local bunkernet					= require "bunkernet.bunkernet"
 	local utils 					= require "utils"
 	local datastore					= require "datastore"
 	local logger					= require "logger"
 	local disable_default_server	= utils.get_variable("DISABLE_DEFAULT_SERVER", false)
 	local use_bunkernet				= utils.has_variable("USE_BUNKERNET", "yes")
 	if disable_default_server == "yes" and use_bunkernet then
 		-- Instantiate bunkernet
 		local bnet, err = bunkernet.new()
 		if not bnet then
 			ngx.log(ngx.ERR, "BUNKERNET", "can't instantiate bunkernet " .. err)
 			return
 		end
 		-- Check if BunkerNet ID is generated
 		if not bnet.id then
 			return
 		end
 		-- Check if IP has been blocked
 		if ngx.status ~= ngx.HTTP_CLOSE then
 			return
 		end
 		-- Check if IP is global
 		local is_global, err = utils.ip_is_global(ngx.var.remote_addr)
 		if is_global == nil then
 			return
 		end
 		if not is_global then
 			return
 		end
 		-- Only report if it hasn't been reported for the same reason recently
 		local reported = datastore:get("plugin_bunkernet_cache_" .. ngx.var.remote_addr .. "default")
 		if reported then
 			return
 		end
 		-- report callback called in a light thread
 		local function report_callback(premature, obj, ip, reason, method, url, headers)
 			local ok, err, status, data = obj:report(ip, reason, method, url, headers)
 			if not ok then
 				logger.log(ngx.ERR, "BUNKERNET", "Can't report IP : " .. err)
 			elseif status ~= 200 then
 				logger.log(ngx.ERR, "BUNKERNET", "Error from remote server : " .. tostring(status))
 			else
 				logger.log(ngx.NOTICE, "BUNKERNET", "Successfully reported IP " .. ip .. " (reason : " .. reason .. ")")
 				local ok, err = datastore:set("plugin_bunkernet_cache_" .. ip .. reason, true, 3600)
 				if not ok then
 					logger.log(ngx.ERR, "BUNKERNET", "Can't store cached report : " .. err)
 				end
 			end
 		end
 		-- Set a timer at the end of log()
 		local hdr, err = ngx.timer.at(0, report_callback, bnet, ngx.var.remote_addr, "default", ngx.var.request_method, ngx.var.request_uri, ngx.req.get_headers())
 		if not hdr then
 			logger.log(ngx.ERR, "BUNKERNET", "can't create report timer : " .. err)
 		end
 		return
 	end
 }
--- a/core/misc/confs/default-server-http/disable.conf
+++ b/core/misc/confs/default-server-http/disable.conf
@ -1,6 +1,5 @@
 {% if DISABLE_DEFAULT_SERVER == "yes" +%}
 location / {
 	set $reason "default";
 	return 444;
 }
 {% endif %}
--- a/docs/plugins.md
+++ b/docs/plugins.md
@ -10,7 +10,6 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
 | :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
 |   **ClamAV**   |   0.1   | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. |     [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav)     |
 |  **CrowdSec**  |   0.1   | CrowdSec bouncer for BunkerWeb.                                                                                                  |   [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec)   |
 | **Discord** | 0.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
 | **VirusTotal** |   0.1   | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious.          | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
 ## How to use a plugin
@ -243,22 +242,16 @@ function _M:log()
 	return true, "success"
 end
 function _M:log_default()
 	logger.log(ngx.NOTICE, "MYPLUGIN", "log_default called")
 	return true, "success"
 end
 return _M
 ```
-The declared functions are automatically called during specific contexts. Here are the details of each function :
+The 3 functions `init`, `access`, and `log` are automatically called during specific contexts. Here are the details of each function :
 | Function |                                   Context                                    | Description                                                                                                                                               | Return value                                                                                                                                                                                                                                                                                                                            |
 | :------: | :--------------------------------------------------------------------------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 |  `init`  |   [init_by_lua](https://github.com/openresty/lua-nginx-module#init_by_lua)   | Called when NGINX just started or received a reload order. the typical use case is to prepare any data that will be used by your plugin.                  | `ret`, `err`<ul><li>`ret` (boolean) : true if no error else false</li><li>`err` (string) : success or error message</li></ul>                                                                                                                                                                                                           |
 | `access` | [access_by_lua](https://github.com/openresty/lua-nginx-module#access_by_lua) | Called on each request received by the server. The typical use case is to do the security checks here and deny the request if needed.                     | `ret`, `err`, `return`, `status`<ul><li>`ret` (boolean) : true if no error else false</li><li>`err` (string) : success or error message</li><li>`return` (boolean) : true if you want to stop the access phase and send a status to the client</li><li>`status` (number) : the return value to set if `return` is set to true</li></ul> |
 |  `log`   |    [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua)    | Called when a request has finished (and before it gets logged to the access logs). The typical use case is to make stats or compute counters for example. | `ret`, `err`<ul><li>`ret` (boolean) : true if no error else false</li><li>`err` (string) : success or error message</li></ul>                                                                                                                                                                                                           |
 |  `log_default`   |    [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua)    | Same as `log` but only called on the default server. | `ret`, `err`<ul><li>`ret` (boolean) : true if no error else false</li><li>`err` (string) : success or error message</li></ul>                                                                                                                                                                                                           |
 #### Libraries
--- a/examples/certbot-dns-cloudflare/README.md
+++ b/examples/certbot-dns-cloudflare/README.md
@ -1,7 +0,0 @@
 Please have a look at the [certbot-dns-cloudflare documentation](https://certbot-dns-cloudflare.readthedocs.io/en/stable/) first.
 Procedure :
 - Edit domains in the compose file
 - Edit CloudFlare credentials in cloudflare.ini file (generate using https://dash.cloudflare.com/?to=/:account/profile/api-tokens)
 - Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
 - When certificates are generated, run your services : `docker-compose up -d`
--- a/examples/certbot-dns-cloudflare/cloudflare.ini
+++ b/examples/certbot-dns-cloudflare/cloudflare.ini
@ -1,5 +0,0 @@
 # Cloudflare API token used by Certbot (recommended)
 dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef012345671
 # Cloudflare API credentials used by Certbot (not recommended)
 #dns_cloudflare_email = cloudflare@example.com
 #dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef012341
--- a/examples/certbot-dns-cloudflare/docker-compose.yml
+++ b/examples/certbot-dns-cloudflare/docker-compose.yml
@ -1,74 +0,0 @@
 version: '3'
 services:
  mybunker:
    image: bunkerity/bunkerweb:1.4.1
    ports:
      - 80:8080
      - 443:8443
    # ⚠️ read this if you use local folders for volumes ⚠️
    # bunkerweb runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
    # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
    # more info at https://docs.bunkerweb.io
    volumes:
      - bw_data:/data
      - certs:/certs
    environment:
      - MULTISITE=yes
      - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
      - SERVE_FILES=no
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_REVERSE_PROXY=yes
      - USE_CUSTOM_HTTPS=yes
      - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
      - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
      - app1.example.com_REVERSE_PROXY_URL=/
      - app1.example.com_REVERSE_PROXY_HOST=http://app1
      - app2.example.com_REVERSE_PROXY_URL=/
      - app2.example.com_REVERSE_PROXY_HOST=http://app2
      - app3.example.com_REVERSE_PROXY_URL=/
      - app3.example.com_REVERSE_PROXY_HOST=http://app3
    networks:
      - net_app1
      - net_app2
      - net_app3
  mycertbot:
    image: certbot/dns-cloudflare
    environment:
      - DOMAINS=*.example.com,example.com
      - EMAIL=contact@example.com
    volumes:
      - certs:/etc/letsencrypt
      - ./cloudflare.ini:/opt/cloudflare.ini
      - ./entrypoint.sh:/opt/entrypoint.sh
    entrypoint: /bin/sh /opt/entrypoint.sh    
  app1:
    image: tutum/hello-world
    networks:
      - net_app1
  app2:
    image: tutum/hello-world
    networks:
      - net_app2
  app3:
    image: tutum/hello-world
    networks:
      - net_app3
 volumes:
  bw_data:
  certs:
 networks:
  net_app1:
  net_app2:
  net_app3:
--- a/examples/certbot-dns-cloudflare/entrypoint.sh
+++ b/examples/certbot-dns-cloudflare/entrypoint.sh
@ -1,23 +0,0 @@
 #!/bin/sh
 echo "Certbot started, domains = $DOMAINS"
 first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
 if [ "$EMAIL" = "" ] ; then
 	EMAIL="contact@${first_domain}"
 fi
 if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
 	echo "Renewing certificates ..."
 	certbot renew
 else
 	echo "Asking for certificates ..."
 	certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /opt/cloudflare.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
 fi
 echo "Fixing permissions ..."
 chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
 echo "Certbot ended, sleeping for 24 hours"
 sleep 86400
--- a/examples/certbot-dns-digitalocean/README.md
+++ b/examples/certbot-dns-digitalocean/README.md
@ -1,7 +0,0 @@
 Please have a look at the [certbot-dns-digitalocean documentation](https://certbot-dns-digitalocean.readthedocs.io/en/stable/) first.
 Procedure :
 - Edit domains in the compose file
 - Edit DigitalOcean credentials in digitalocean.ini file (generate using https://cloud.digitalocean.com/settings/api/tokens)
 - Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
 - When certificates are generated, run your services : `docker-compose up -d`
--- a/examples/certbot-dns-digitalocean/digitalocean.ini
+++ b/examples/certbot-dns-digitalocean/digitalocean.ini
@ -1,2 +0,0 @@
 # DigitalOcean API credentials used by Certbot
 dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff
--- a/examples/certbot-dns-digitalocean/docker-compose.yml
+++ b/examples/certbot-dns-digitalocean/docker-compose.yml
@ -1,74 +0,0 @@
 version: '3'
 services:
  mybunker:
    image: bunkerity/bunkerweb:1.4.1
    ports:
      - 80:8080
      - 443:8443
    # ⚠️ read this if you use local folders for volumes ⚠️
    # bunkerweb runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
    # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
    # more info at https://docs.bunkerweb.io
    volumes:
      - bw_data:/data
      - certs:/certs
    environment:
      - MULTISITE=yes
      - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
      - SERVE_FILES=no
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_REVERSE_PROXY=yes
      - USE_CUSTOM_HTTPS=yes
      - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
      - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
      - app1.example.com_REVERSE_PROXY_URL=/
      - app1.example.com_REVERSE_PROXY_HOST=http://app1
      - app2.example.com_REVERSE_PROXY_URL=/
      - app2.example.com_REVERSE_PROXY_HOST=http://app2
      - app3.example.com_REVERSE_PROXY_URL=/
      - app3.example.com_REVERSE_PROXY_HOST=http://app3
    networks:
      - net_app1
      - net_app2
      - net_app3
  mycertbot:
    image: certbot/dns-digitalocean
    environment:
      - DOMAINS=*.example.com,example.com
      - EMAIL=contact@example.com
    volumes:
      - certs:/etc/letsencrypt
      - ./digitalocean.ini:/opt/digitalocean.ini
      - ./entrypoint.sh:/opt/entrypoint.sh
    entrypoint: /bin/sh /opt/entrypoint.sh    
  app1:
    image: tutum/hello-world
    networks:
      - net_app1
  app2:
    image: tutum/hello-world
    networks:
      - net_app2
  app3:
    image: tutum/hello-world
    networks:
      - net_app3
 volumes:
  bw_data:
  certs:
 networks:
  net_app1:
  net_app2:
  net_app3:
--- a/examples/certbot-dns-digitalocean/entrypoint.sh
+++ b/examples/certbot-dns-digitalocean/entrypoint.sh
@ -1,23 +0,0 @@
 #!/bin/sh
 echo "Certbot started, domains = $DOMAINS"
 first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
 if [ "$EMAIL" = "" ] ; then
 	EMAIL="contact@${first_domain}"
 fi
 if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
 	echo "Renewing certificates ..."
 	certbot renew
 else
 	echo "Asking for certificates ..."
 	certbot certonly -n --dns-digitalocean --dns-digitalocean-credentials /opt/digitalocean.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
 fi
 echo "Fixing permissions ..."
 chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
 echo "Certbot ended, sleeping for 24 hours"
 sleep 86400
--- a/examples/certbot-dns-google/README.md
+++ b/examples/certbot-dns-google/README.md
@ -1,7 +0,0 @@
 Please have a look at the [certbot-dns-google documentation](https://certbot-dns-google.readthedocs.io/en/stable/) first.
 Procedure :
 - Edit domains in the compose file
 - Edit Google credentials in google.json file (generate using https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount)
 - Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
 - When certificates are generated, run your services : `docker-compose up -d`
--- a/examples/certbot-dns-google/docker-compose.yml
+++ b/examples/certbot-dns-google/docker-compose.yml
@ -1,74 +0,0 @@
 version: '3'
 services:
  mybunker:
    image: bunkerity/bunkerweb:1.4.1
    ports:
      - 80:8080
      - 443:8443
    # ⚠️ read this if you use local folders for volumes ⚠️
    # bunkerweb runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
    # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
    # more info at https://docs.bunkerweb.io
    volumes:
      - bw_data:/data
      - certs:/certs
    environment:
      - MULTISITE=yes
      - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
      - SERVE_FILES=no
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_REVERSE_PROXY=yes
      - USE_CUSTOM_HTTPS=yes
      - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
      - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
      - app1.example.com_REVERSE_PROXY_URL=/
      - app1.example.com_REVERSE_PROXY_HOST=http://app1
      - app2.example.com_REVERSE_PROXY_URL=/
      - app2.example.com_REVERSE_PROXY_HOST=http://app2
      - app3.example.com_REVERSE_PROXY_URL=/
      - app3.example.com_REVERSE_PROXY_HOST=http://app3
    networks:
      - net_app1
      - net_app2
      - net_app3
  mycertbot:
    image: certbot/dns-google
    environment:
      - DOMAINS=*.example.com,example.com
      - EMAIL=contact@example.com
    volumes:
      - certs:/etc/letsencrypt
      - ./google.json:/opt/google.json
      - ./entrypoint.sh:/opt/entrypoint.sh
    entrypoint: /bin/sh /opt/entrypoint.sh    
  app1:
    image: tutum/hello-world
    networks:
      - net_app1
  app2:
    image: tutum/hello-world
    networks:
      - net_app2
  app3:
    image: tutum/hello-world
    networks:
      - net_app3
 volumes:
  bw_data:
  certs:
 networks:
  net_app1:
  net_app2:
  net_app3:
--- a/examples/certbot-dns-google/entrypoint.sh
+++ b/examples/certbot-dns-google/entrypoint.sh
@ -1,23 +0,0 @@
 #!/bin/sh
 echo "Certbot started, domains = $DOMAINS"
 first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
 if [ "$EMAIL" = "" ] ; then
 	EMAIL="contact@${first_domain}"
 fi
 if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
 	echo "Renewing certificates ..."
 	certbot renew
 else
 	echo "Asking for certificates ..."
 	certbot certonly -n --dns-google --dns-google-credentials /opt/google.json --email "$EMAIL" --agree-tos -d "$DOMAINS"
 fi
 echo "Fixing permissions ..."
 chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
 echo "Certbot ended, sleeping for 24 hours"
 sleep 86400
--- a/examples/certbot-dns-google/google.json
+++ b/examples/certbot-dns-google/google.json
@ -1,12 +0,0 @@
 {
   "type": "service_account",
   "project_id": "...",
   "private_key_id": "...",
   "private_key": "...",
   "client_email": "...",
   "client_id": "...",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
   "token_uri": "https://accounts.google.com/o/oauth2/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "..."
 }
--- a/examples/certbot-dns-ovh/README.md
+++ b/examples/certbot-dns-ovh/README.md
@ -1,7 +0,0 @@
 Please have a look at the [certbot-dns-ovh documentation](https://certbot-dns-ovh.readthedocs.io/en/stable/) first.
 Procedure :
 - Edit domains in the compose file
 - Edit OVH credentials in ovh.ini file (generate using https://eu.api.ovh.com/createToken/)
 - Run certbot only and wait for certificate to be generated : `docker-compose up -d mycertbot`
 - When certificates are generated, run your services : `docker-compose up -d`
--- a/examples/certbot-dns-ovh/docker-compose.yml
+++ b/examples/certbot-dns-ovh/docker-compose.yml
@ -1,74 +0,0 @@
 version: '3'
 services:
  mybunker:
    image: bunkerity/bunkerweb:1.4.1
    ports:
      - 80:8080
      - 443:8443
    # ⚠️ read this if you use local folders for volumes ⚠️
    # bunkerweb runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
    # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
    # more info at https://docs.bunkerweb.io
    volumes:
      - bw_data:/data
      - certs:/certs
    environment:
      - MULTISITE=yes
      - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
      - SERVE_FILES=no
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_REVERSE_PROXY=yes
      - USE_CUSTOM_HTTPS=yes
      - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
      - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
      - app1.example.com_REVERSE_PROXY_URL=/
      - app1.example.com_REVERSE_PROXY_HOST=http://app1
      - app2.example.com_REVERSE_PROXY_URL=/
      - app2.example.com_REVERSE_PROXY_HOST=http://app2
      - app3.example.com_REVERSE_PROXY_URL=/
      - app3.example.com_REVERSE_PROXY_HOST=http://app3
    networks:
      - net_app1
      - net_app2
      - net_app3
  mycertbot:
    image: certbot/dns-ovh
    environment:
      - DOMAINS=*.example.com,example.com
      - EMAIL=contact@example.com
    volumes:
      - certs:/etc/letsencrypt
      - ./ovh.ini:/opt/ovh.ini
      - ./entrypoint.sh:/opt/entrypoint.sh
    entrypoint: /bin/sh /opt/entrypoint.sh    
  app1:
    image: tutum/hello-world
    networks:
      - net_app1
  app2:
    image: tutum/hello-world
    networks:
      - net_app2
  app3:
    image: tutum/hello-world
    networks:
      - net_app3
 volumes:
  bw_data:
  certs:
 networks:
  net_app1:
  net_app2:
  net_app3:
--- a/examples/certbot-dns-ovh/entrypoint.sh
+++ b/examples/certbot-dns-ovh/entrypoint.sh
@ -1,23 +0,0 @@
 #!/bin/sh
 echo "Certbot started, domains = $DOMAINS"
 first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
 if [ "$EMAIL" = "" ] ; then
 	EMAIL="contact@${first_domain}"
 fi
 if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
 	echo "Renewing certificates ..."
 	certbot renew
 else
 	echo "Asking for certificates ..."
 	certbot certonly -n --dns-ovh --dns-ovh-credentials /opt/ovh.ini --email "$EMAIL" --agree-tos -d "$DOMAINS"
 fi
 echo "Fixing permissions ..."
 chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
 echo "Certbot ended, sleeping for 24 hours"
 sleep 86400
--- a/examples/certbot-dns-ovh/ovh.ini
+++ b/examples/certbot-dns-ovh/ovh.ini
@ -1,5 +0,0 @@
 # OVH API credentials used by Certbot
 dns_ovh_endpoint = ovh-eu
 dns_ovh_application_key = MDAwMDAwMDAwMDAw
 dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
 dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
--- a/examples/certbot-dns-route53/README.md
+++ b/examples/certbot-dns-route53/README.md
@ -1,7 +0,0 @@
 Please have a look at the [certbot-dns-route53 documentation](https://certbot-dns-route53.readthedocs.io/en/stable/) first.
 Procedure :
 - Edit domains in the compose file
 - Edit AWS credentials in aws.ini file (generate using https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-overview.html)
 - Run certbot only and wait for certificates to be generated : `docker-compose up -d mycertbot`
 - When certificates are generated, run your services : `docker-compose up -d`
--- a/examples/certbot-dns-route53/aws.ini
+++ b/examples/certbot-dns-route53/aws.ini
@ -1,3 +0,0 @@
 [default]
 aws_access_key_id=AKIAIOSFODNN7EXAMPLE
 aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
--- a/examples/certbot-dns-route53/docker-compose.yml
+++ b/examples/certbot-dns-route53/docker-compose.yml
@ -1,74 +0,0 @@
 version: '3'
 services:
  mybunker:
    image: bunkerity/bunkerweb:1.4.1
    ports:
      - 80:8080
      - 443:8443
    # ⚠️ read this if you use local folders for volumes ⚠️
    # bunkerweb runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
    # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
    # more info at https://docs.bunkerweb.io
    volumes:
      - bw_data:/data
      - certs:/certs
    environment:
      - MULTISITE=yes
      - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
      - SERVE_FILES=no
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_REVERSE_PROXY=yes
      - USE_CUSTOM_HTTPS=yes
      - CUSTOM_HTTPS_CERT=/certs/live/example.com/fullchain.pem
      - CUSTOM_HTTPS_KEY=/certs/live/example.com/privkey.pem
      - app1.example.com_REVERSE_PROXY_URL=/
      - app1.example.com_REVERSE_PROXY_HOST=http://app1
      - app2.example.com_REVERSE_PROXY_URL=/
      - app2.example.com_REVERSE_PROXY_HOST=http://app2
      - app3.example.com_REVERSE_PROXY_URL=/
      - app3.example.com_REVERSE_PROXY_HOST=http://app3
    networks:
      - net_app1
      - net_app2
      - net_app3
  mycertbot:
    image: certbot/dns-google
    environment:
      - DOMAINS=*.example.com,example.com
      - EMAIL=contact@example.com
    volumes:
      - certs:/etc/letsencrypt
      - ./aws.ini:/opt/aws.ini
      - ./entrypoint.sh:/opt/entrypoint.sh
    entrypoint: /bin/sh /opt/entrypoint.sh    
  app1:
    image: tutum/hello-world
    networks:
      - net_app1
  app2:
    image: tutum/hello-world
    networks:
      - net_app2
  app3:
    image: tutum/hello-world
    networks:
      - net_app3
 volumes:
  bw_data:
  certs:
 networks:
  net_app1:
  net_app2:
  net_app3:
--- a/examples/certbot-dns-route53/entrypoint.sh
+++ b/examples/certbot-dns-route53/entrypoint.sh
@ -1,24 +0,0 @@
 #!/bin/sh
 echo "Certbot started, domains = $DOMAINS"
 first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
 if [ "$EMAIL" = "" ] ; then
 	EMAIL="contact@${first_domain}"
 fi
 if [ -f "/etc/letsencrypt/live/${first_domain}/fullchain.pem" ] ; then
 	echo "Renewing certificates ..."
 	certbot renew
 else
 	echo "Asking for certificates ..."
 	export AWS_CONFIG_FILE=/opt/aws.ini
 	certbot certonly -n --dns-route53 --email "$EMAIL" --agree-tos -d "$DOMAINS"
 fi
 echo "Fixing permissions ..."
 chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
 echo "Certbot ended, sleeping for 24 hours"
 sleep 86400
--- a/examples/web-ui/docker-compose.yml
+++ b/examples/web-ui/docker-compose.yml
@ -27,9 +27,9 @@ services:
      - www.example.com_USE_UI=yes
      - www.example.com_SERVE_FILES=no
      - www.example.com_USE_REVERSE_PROXY=yes
-      - www.example.com_REVERSE_PROXY_URL=/changeme                     # replace with another url
+      - www.example.com_REVERSE_PROXY_URL=/changeme/                     # replace with another url
      - www.example.com_REVERSE_PROXY_HOST=http://myui:7000
-      - www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme   # replace with another url
+      - www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme/   # replace with another url
      - www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
      - www.example.com_LIMIT_REQ_URL=/changeme/plugins/upload           # replace with another url
      - www.example.com_LIMIT_REQ_RATE=4r/s
--- a/helpers/data.sh
+++ b/helpers/data.sh
@ -32,7 +32,6 @@ for folder in "${rx_folders[@]}" ; do
 	fi
 done
 # Check permissions on files
 IFS=$'\n'
 for file in $(find /data -type f) ; do
 	if [ ! -r "${file}" ] ; then
 		log "$1" "❌" "Wrong permissions on ${file} (at least R needed for user nginx with uid 101 and gid 101)"
--- a/helpers/entrypoint.sh
+++ b/helpers/entrypoint.sh
@ -77,9 +77,6 @@ fi
 # generate final configuration
 export TEMP_NGINX="no"
 log "ENTRYPOINT" "ℹ️" "Generating configuration ..."
 if [ "$SWARM_MODE" = "yes" ] || [ "$KUBERNETES_MODE" = "yes" ] || [ "$AUTOCONF_MODE" = "yes" ] ; then
 	export SERVER_NAME=
 fi
 env | grep -E -v "^(HOSTNAME|PWD|PKG_RELEASE|NJS_VERSION|SHLVL|PATH|_|NGINX_VERSION|HOME)=" > "/tmp/variables.env"
 /opt/bunkerweb/gen/main.py --settings /opt/bunkerweb/settings.json --templates /opt/bunkerweb/confs --output /etc/nginx --variables /tmp/variables.env
 if [ "$?" -ne 0 ] ; then
--- a/linux/Dockerfile-fedora
+++ b/linux/Dockerfile-fedora
@ -10,7 +10,7 @@ RUN dnf install -y ruby ruby-devel make gcc redhat-rpm-config rpm-build && \
 # Nginx
 RUN dnf update -y && \
    dnf install -y curl gnupg2 ca-certificates redhat-lsb-core && \
-    dnf install nginx-1.20.2 -y
+    dnf install nginx -y
 # Copy dependencies sources folder
 COPY deps /tmp/bunkerweb/deps
--- a/linux/fpm-centos
+++ b/linux/fpm-centos
@ -3,7 +3,7 @@
 --license agpl3
 --version %VERSION%
 --architecture x86_64
--depends bash --depends epel-release --depends python39 --depends 'nginx = 1:1.20.2-1.el8.ngx' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends GeoIP-devel --depends file-libs --depends net-tools --depends gd
+--depends bash --depends epel-release --depends python39 --depends 'nginx >= 1.20.2' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends GeoIP-devel --depends file-libs --depends net-tools --depends gd
 --description "BunkerWeb %VERSION% for CentOS Stream 8"
 --url "https://www.bunkerweb.io"
 --maintainer "Bunkerity <contact at bunkerity dot com>"
--- a/linux/fpm-debian
+++ b/linux/fpm-debian
@ -3,7 +3,7 @@
 --license agpl3
 --version %VERSION%
 --architecture amd64
--depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.20.2-1~bullseye' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools
+--depends bash --depends python3 --depends python3-pip --depends 'nginx (>= 1.20.2)' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools
 --description "BunkerWeb %VERSION% for Debian 11"
 --url "https://www.bunkerweb.io"
 --maintainer "Bunkerity <contact at bunkerity dot com>"
--- a/linux/fpm-fedora
+++ b/linux/fpm-fedora
@ -3,7 +3,7 @@
 --license agpl3
 --version %VERSION%
 --architecture x86_64
--depends bash --depends python3 --depends 'nginx = 1:1.20.2-2.fc36' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends geoip-devel --depends gd
+--depends bash --depends python3 --depends 'nginx >= 1.20.2' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends geoip-devel --depends gd
 --description "BunkerWeb %VERSION% for Fedora 36"
 --url "https://www.bunkerweb.io"
 --maintainer "Bunkerity <contact at bunkerity dot com>"
--- a/linux/fpm-ubuntu
+++ b/linux/fpm-ubuntu
@ -3,7 +3,7 @@
 --license agpl3
 --version %VERSION%
 --architecture amd64
--depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.20.2-1~jammy' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools
+--depends bash --depends python3 --depends python3-pip --depends 'nginx (>= 1.20.2)' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools
 --description "BunkerWeb %VERSION% for Ubuntu 22.04"
 --url "https://www.bunkerweb.io"
 --maintainer "Bunkerity <contact at bunkerity dot com>"
--- a/linux/scripts/start.sh
+++ b/linux/scripts/start.sh
@ -46,7 +46,7 @@ function start() {
    #                   STEP1                   #
    # Generate variables.env files to /tmp/     #
    #############################################
-    printf "HTTP_PORT=80\nSERVER_NAME=example.com\nTEMP_NGINX=yes" > "/tmp/variables.env"
+    printf "HTTP_PORT=80\nSERVER_NAME=example.com\nTEMP_NGINX=yes\nUSE_BUNKERNET=no" > "/tmp/variables.env"
    # Test if command worked
    check_ok
    # Exit if failed
@ -91,7 +91,7 @@ function start() {
    #                   STEP4                   #
    #               Run jobs script             #
    #############################################
-    /opt/bunkerweb/job/main.py --variables /opt/bunkerweb/variables.env --run
+    /opt/bunkerweb/job/main.py --variables /etc/nginx/variables.env --run
    # Test if command worked
    check_ok
    # Exit if failed
--- a/tests/linux.sh
+++ b/tests/linux.sh
@ -11,7 +11,7 @@ function gen_package() {
    else
        type="deb"
    fi
-    do_and_check_cmd docker run --rm -v "/tmp/packages/${linux}:/data" "bw-${linux}-tests:latest" "$type"
+    do_and_check_cmd docker run --rm -v "/tmp/packages/${linux}:/data" "bw-${linux}-tests:latest"
    name="bunkerweb_${version}-1_amd64"
    if [ "$type" = "rpm" ] ; then
        name="bunkerweb-${version}-1.x86_64"
		`@ -1,2 +0,0 @@`
			`# DigitalOcean API credentials used by Certbot`
			`dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff`