hotfix - fix CVE-2021-33560

v1.2.8 release
resolve bugs on the stable version
2021-07-22 14:50:09 +02:00 · 2021-07-22 14:36:07 +02:00 · 2021-07-22 12:12:55 +02:00 · 2021-06-15 17:10:34 +02:00 · 2021-06-15 16:53:37 +02:00 · 2021-06-15 09:52:33 +02:00
49 changed files with 573 additions and 613 deletions
--- a/.github/workflows/build-bunkerized-nginx-autoconf.yml
+++ b/.github/workflows/build-bunkerized-nginx-autoconf.yml
@@ -0,0 +1,50 @@
 name: Build and push bunkerized-nginx-autoconf
 on:
  push:
    branches: [dev, master]
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout source code
        uses: actions/checkout@v2
      - name: Set variables
        run: |
          VER=$(cat VERSION | tr -d '\n')
          echo "VERSION=$VER" >> $GITHUB_ENV
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v1
      - name: Setup Buildx
        uses: docker/setup-buildx-action@v1
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}
      - name: Build and push (dev)
        uses: docker/build-push-action@v2
        if: github.ref == 'refs/heads/dev'
        with:
          context: .
          file: autoconf/Dockerfile
          platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
          push: true
          tags: bunkerity/bunkerized-nginx-autoconf:dev
      - name: Build and push (master)
        uses: docker/build-push-action@v2
        if: github.ref == 'refs/heads/master'
        with:
          context: .
          file: autoconf/Dockerfile
          platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
          push: true
          tags: bunkerity/bunkerized-nginx-autoconf:latest,bunkerity/bunkerized-nginx-autoconf:${{ env.VERSION }}
--- a/.github/workflows/build-bunkerized-nginx-ui.yml
+++ b/.github/workflows/build-bunkerized-nginx-ui.yml
@@ -0,0 +1,50 @@
 name: Build and push bunkerized-nginx-ui
 on:
  push:
    branches: [dev, master]
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout source code
        uses: actions/checkout@v2
      - name: Set variables
        run: |
          VER=$(cat VERSION | tr -d '\n')
          echo "VERSION=$VER" >> $GITHUB_ENV
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v1
      - name: Setup Buildx
        uses: docker/setup-buildx-action@v1
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}
      - name: Build and push (dev)
        uses: docker/build-push-action@v2
        if: github.ref == 'refs/heads/dev'
        with:
          context: .
          file: ui/Dockerfile
          platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
          push: true
          tags: bunkerity/bunkerized-nginx-ui:dev
      - name: Build and push (master)
        uses: docker/build-push-action@v2
        if: github.ref == 'refs/heads/master'
        with:
          context: .
          file: ui/Dockerfile
          platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
          push: true
          tags: bunkerity/bunkerized-nginx-ui:latest,bunkerity/bunkerized-nginx-ui:${{ env.VERSION }}
--- a/.github/workflows/build-bunkerized-nginx.yml
+++ b/.github/workflows/build-bunkerized-nginx.yml
@@ -0,0 +1,65 @@
 name: Build and push bunkerized-nginx
 on:
  push:
    branches: [dev, master]
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout source code
        uses: actions/checkout@v2
      - name: Set variables
        run: |
          VER=$(cat VERSION | tr -d '\n')
          echo "VERSION=$VER" >> $GITHUB_ENV
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v1
      - name: Setup Buildx
        uses: docker/setup-buildx-action@v1
      - name: Setup Docker cache
        uses: actions/cache@v2
        if: github.ref == 'refs/heads/dev'
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}
      - name: Build and push (dev)
        uses: docker/build-push-action@v2
        if: github.ref == 'refs/heads/dev'
        with:
          context: .
          platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
          push: true
          tags: bunkerity/bunkerized-nginx:dev
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new
      - name: Move Docker cache
        if: github.ref == 'refs/heads/dev'
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
      - name: Build and push (master)
        uses: docker/build-push-action@v2
        if: github.ref == 'refs/heads/master'
        with:
          context: .
          platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
          push: true
          tags: bunkerity/bunkerized-nginx:latest,bunkerity/bunkerized-nginx:${{ env.VERSION }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,30 @@
 # Changelog
 ## v1.2.8 - 2021/07/22
 - Fix broken links in README
 - Fix regex for EMAIL_LETS_ENCRYPT
 - Fix regex for REMOTE_PHP and REMOTE_PHP_PATH
 - Fix regex for SELF_SIGNED_*
 - Fix various bugs related to web UI
 - Fix bug in autoconf (missing instances parameter to reload function)
 - Remove old .env files when generating a new configuration
 ## v1.2.7 - 2021/06/14
 - Add custom robots.txt and sitemap to RTD
 - Fix missing GeoIP DB bug when using BLACKLIST/WHITELIST_COUNTRY
 - Add underscore "_" to allowed chars for CUSTOM_HTTPS_CERT/KEY
 - Fix bug when using automatic self-signed certificate
 - Build and push images from GitHub actions instead of Docker Hub autobuild
 - Display the reason when generator is ignoring a variable
 - Various bug fixes related to certbot and jobs
 - Split jobs into pre and post jobs
 - Add HEALTHCHECK to image
 - Fix race condition when using autoconf without Swarm by checking healthy state
 - Bump modsecurity-nginx to v1.0.2
 - Community chat with bridged platforms
 ## v1.2.6 - 2021/06/06
 - Move from "ghetto-style" shell scripts to generic jinja2 templating
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -8,6 +8,10 @@ We accept many types of contributions whether they are technical or not. Every c
 The first thing you can do is to talk about the project. You can share it on social media, make a blog post about it or simply tell your friends/colleagues that's an awesome project.
 ## Join the community chat
 You can join [the community chat](https://coso.me/bunkerity-chat) to talk about the project and ask for help. Please note that you can choose the platform you want, thanks to [matterbridge](https://github.com/42wim/matterbridge) all messages coming from a platform are relayed to the others.
 ## Reporting bugs / ask for features
 The preferred way to report bugs and asking for features is using [issues](https://github.com/bunkerity/bunkerized-nginx/issues). Before opening a new one, please check if a related issue is already opened using the "filters" bar. When creating a new issue please select and fill the "Bug report" or "Feature request" template.
--- a/6
+++ b/6
@@ -26,8 +26,8 @@ RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
-# Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
+# Fix CVE-2021-22901, CVE-2021-22898, CVE-2021-22897 and CVE-2021-33560
-RUN apk add "curl>=7.77.0-r0"
+RUN apk add "curl>=7.77.0-r0" "libgcrypt>=1.8.8-r0"
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
@@ -35,4 +35,6 @@ EXPOSE 8080/tcp 8443/tcp
 USER nginx:nginx
 HEALTHCHECK --interval=30s --timeout=10s --start-period=120s --retries=3 CMD [ -f /tmp/nginx.pid ] || exit 1
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/38
+++ b/38
@@ -1,38 +0,0 @@
 FROM amd64/nginx:1.20.1-alpine
 COPY nginx-keys/ /tmp/nginx-keys
 COPY compile.sh /tmp/compile.sh
 RUN chmod +x /tmp/compile.sh && \
    /tmp/compile.sh && \
    rm -rf /tmp/*
 COPY dependencies.sh /tmp/dependencies.sh
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -rf /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY entrypoint/ /opt/entrypoint
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
 COPY lua/ /usr/local/lib/lua
 COPY antibot/ /antibot
 COPY defaults/ /defaults
 COPY settings.json /opt
 COPY misc/cron /etc/crontabs/nginx
 COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 # Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
 RUN apk add "curl>=7.77.0-r0"
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
 EXPOSE 8080/tcp 8443/tcp
 USER nginx:nginx
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/45
+++ b/45
@@ -1,45 +0,0 @@
 FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 FROM arm32v7/nginx:1.20.1-alpine
 COPY --from=builder qemu-arm-static /usr/bin
 COPY nginx-keys/ /tmp/nginx-keys
 COPY compile.sh /tmp/compile.sh
 RUN chmod +x /tmp/compile.sh && \
    /tmp/compile.sh && \
    rm -rf /tmp/*
 COPY dependencies.sh /tmp/dependencies.sh
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -rf /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY entrypoint/ /opt/entrypoint
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
 COPY lua/ /usr/local/lib/lua
 COPY antibot/ /antibot
 COPY defaults/ /defaults
 COPY settings.json /opt
 COPY misc/cron /etc/crontabs/nginx
 COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 # Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
 RUN apk add "curl>=7.77.0-r0"
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
 EXPOSE 8080/tcp 8443/tcp
 USER nginx:nginx
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/45
+++ b/45
@@ -1,45 +0,0 @@
 FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 FROM arm64v8/nginx:1.20.1-alpine
 COPY --from=builder qemu-aarch64-static /usr/bin
 COPY nginx-keys/ /tmp/nginx-keys
 COPY compile.sh /tmp/compile.sh
 RUN chmod +x /tmp/compile.sh && \
    /tmp/compile.sh && \
    rm -rf /tmp/*
 COPY dependencies.sh /tmp/dependencies.sh
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -rf /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY entrypoint/ /opt/entrypoint
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
 COPY lua/ /usr/local/lib/lua
 COPY antibot/ /antibot
 COPY defaults/ /defaults
 COPY settings.json /opt
 COPY misc/cron /etc/crontabs/nginx
 COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 # Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
 RUN apk add "curl>=7.77.0-r0"
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
 EXPOSE 8080/tcp 8443/tcp
 USER nginx:nginx
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/38
+++ b/38
@@ -1,38 +0,0 @@
 FROM i386/nginx:1.20.1-alpine
 COPY nginx-keys/ /tmp/nginx-keys
 COPY compile.sh /tmp/compile.sh
 RUN chmod +x /tmp/compile.sh && \
    /tmp/compile.sh && \
    rm -rf /tmp/*
 COPY dependencies.sh /tmp/dependencies.sh
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -rf /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY entrypoint/ /opt/entrypoint
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
 COPY lua/ /usr/local/lib/lua
 COPY antibot/ /antibot
 COPY defaults/ /defaults
 COPY settings.json /opt
 COPY misc/cron /etc/crontabs/nginx
 COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 # Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
 RUN apk add "curl>=7.77.0-r0"
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins
 EXPOSE 8080/tcp 8443/tcp
 USER nginx:nginx
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/README.md
+++ b/README.md
@@ -3,11 +3,11 @@
 </p>
 <p align="center">
-        <img src="https://img.shields.io/badge/bunkerized--nginx-1.2.6-blue" />
+        <img src="https://img.shields.io/badge/bunkerized--nginx-1.2.8-blue" />
        <img src="https://img.shields.io/badge/nginx-1.20.1-blue" />
        <img src="https://img.shields.io/github/last-commit/bunkerity/bunkerized-nginx" />
        <img src="https://img.shields.io/github/workflow/status/bunkerity/bunkerized-nginx/Automatic%20test?label=automatic%20test" />
-        <img src="https://img.shields.io/docker/cloud/build/bunkerity/bunkerized-nginx" />
+        <img src="https://img.shields.io/github/workflow/status/bunkerity/bunkerized-nginx/Build%20and%20push%20bunkerized-nginx?label=docker%20build" />
        <img src="https://img.shields.io/readthedocs/bunkerized-nginx" />
 </p>
@@ -19,7 +19,7 @@
 		<span> | </span>
 		<a href="https://www.bunkerity.com/category/bunkerized-nginx/">Blog posts</a>
 		<span> | </span>
-		<a href="https://matrix.to/#/#bunkerized-nginx:matrix.org">Community chat</a>
+		<a href="https://coso.me/bunkerity-chat">Community chat</a>
 		<span> | </span>
 		<a href="https://coso.me/bunkerity">Follow us</a>
 	</strong>
@@ -432,8 +432,8 @@ bunkerized-nginx comes with a set of predefined security settings that you can (
 # License
-This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerized-nginx/LICENSE.md).
+This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerized-nginx/blob/master/LICENSE.md).
 # Contributing
-If you would like to contribute to the project you can read the [contributing guidelines](https://github.com/bunkerity/bunkerized-nginx/CONTRIBUTING.md) to get started.
+If you would like to contribute to the project you can read the [contributing guidelines](https://github.com/bunkerity/bunkerized-nginx/blob/master/CONTRIBUTING.md) to get started.
--- a/2
+++ b/2
@@ -1 +1 @@
-1.2.6
+1.2.8
--- a/autoconf/AutoConf.py
+++ b/autoconf/AutoConf.py
@@ -1,6 +1,9 @@
 from Config import Config
 import utils
-import os
+
 import os, time
 class AutoConf :
 	def __init__(self, swarm, api) :
@@ -20,7 +23,7 @@ class AutoConf :
 	def __gen_env(self) :
 		self.__env.clear()
-		# TODO : check actual state (e.g. : running ?)
+		# TODO : check actual state (e.g. : running, stopped ?)
 		for id, instance in self.__instances.items() :
 			env = []
 			if self.__swarm :
@@ -29,6 +32,10 @@ class AutoConf :
 				env = instance.attrs["Config"]["Env"]
 			for entry in env :
 				self.__env[entry.split("=")[0]] = entry.replace(entry.split("=")[0] + "=", "", 1)
 			blacklist = ["NGINX_VERSION", "NJS_VERSION", "PATH", "PKG_RELEASE"]
 			for entry in blacklist :
 				if entry in self.__env :
 					del self.__env[entry]
 		if not "SERVER_NAME" in self.__env or self.__env["SERVER_NAME"] == "" :
 			self.__env["SERVER_NAME"] = []
 		else :
@@ -90,15 +97,29 @@ class AutoConf :
 		if event == "create" :
 			self.__instances[id] = instance
 			self.__gen_env()
 			utils.log("[*] bunkerized-nginx instance created : " + name + " / " + id)
 			if self.__swarm and len(self.__instances) == 1 :
 				if self.__config.generate(self.__env) :
 					utils.log("[*] Initial config succeeded")
 					if not self.__config.swarm_wait(self.__instances) :
-						utils.log("[!] Removing bunkerized-nginx instances from list")
+						utils.log("[!] Removing bunkerized-nginx instances from list (API not available)")
 						del self.__instances[id]
 				else :
 					utils.log("[!] Initial config failed")
-			utils.log("[*] bunkerized-nginx instance created : " + name + " / " + id)
+			elif not self.__swarm and len(self.__instances) == 1 :
 				utils.log("[*] Wait until bunkerized-nginx is healthy (timeout = 120s) ...")
 				i = 0
 				healthy = False
 				while i < 120 :
 					self.__instances[id].reload()
 					if self.__instances[id].attrs["State"]["Health"]["Status"] == "healthy" :
 						healthy = True
 						break
 					time.sleep(1)
 					i = i + 1
 				if not healthy :
 					utils.log("[!] Removing bunkerized-nginx instances from list (unhealthy)")
 					del self.__instances[id]
 		elif event == "start" :
 			self.__instances[id].reload()
@@ -152,7 +173,7 @@ class AutoConf :
 				self.__servers[id].reload()
 				utils.log("[*] Deactivating config for " + vars["SERVER_NAME"])
 				self.__gen_env()
-				if self.__config.reload() :
+				if self.__config.reload(self.__instances) :
 					utils.log("[*] Deactivated config for " + vars["SERVER_NAME"])
 				else :
 					utils.log("[!] Can't deactivate config for " + vars["SERVER_NAME"])
--- a/autoconf/Config.py
+++ b/autoconf/Config.py
@@ -9,12 +9,12 @@ class Config :
 		self.__swarm = swarm
 		self.__api = api
-	def __jobs(self) :
+	def __jobs(self, type) :
-		utils.log("[*] Starting jobs ...")
+		utils.log("[*] Starting jobs (type = " + type + ") ...")
-		proc = subprocess.run(["/bin/su", "-c", "/opt/entrypoint/jobs.sh", "nginx"], capture_output=True)
+		proc = subprocess.run(["/bin/su", "-c", "/opt/entrypoint/" + type + "-jobs.sh", "nginx"], capture_output=True)
 		stdout = proc.stdout.decode("ascii")
 		stderr = proc.stderr.decode("ascii")
-		if stdout != "" :
+		if len(stdout) > 1 :
 			utils.log("[*] Jobs stdout :")
 			utils.log(stdout)
 		if stderr != "" :
@@ -61,7 +61,7 @@ class Config :
 			# Print stdout/stderr
 			stdout = proc.stdout.decode("ascii")
 			stderr = proc.stderr.decode("ascii")
-			if stdout != "" :
+			if len(stdout) > 1 :
 				utils.log("[*] Generator output :")
 				utils.log(stdout)
 			if stderr != "" :
@@ -71,7 +71,7 @@ class Config :
 			# We're done
 			if proc.returncode == 0 :
 				if self.__swarm :
-					return self.__jobs()
+					return self.__jobs("pre")
 				return True
 			utils.log("[!] Error while generating site config for " + env["SERVER_NAME"] + " : return code = " + str(proc.returncode))
@@ -80,7 +80,11 @@ class Config :
 		return False
 	def reload(self, instances) :
-		return self.__api_call(instances, "/reload")
+		if self.__api_call(instances, "/reload") :
 			if self.__swarm :
 				return self.__jobs("post")
 			return True
 		return False
 	def __ping(self, instances) :
 		return self.__api_call(instances, "/ping")
--- a/autoconf/Dockerfile-amd64
+++ b/autoconf/Dockerfile-amd64
@@ -1,22 +0,0 @@
 FROM amd64/alpine
 COPY autoconf/dependencies.sh /tmp
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -f /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY entrypoint/ /opt/entrypoint
 COPY confs/global/ /opt/confs/global
 COPY confs/site/ /opt/confs/site
 COPY scripts/ /opt/scripts
 COPY settings.json /opt
 COPY misc/cron /etc/crontabs/nginx
 COPY autoconf/* /opt/entrypoint/
 COPY autoconf/prepare.sh /tmp
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/autoconf/Dockerfile-arm32v7
+++ b/autoconf/Dockerfile-arm32v7
@@ -1,29 +0,0 @@
 FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 FROM arm32v7/alpine
 COPY --from=builder qemu-arm-static /usr/bin
 COPY autoconf/dependencies.sh /tmp
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -f /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY entrypoint/ /opt/entrypoint
 COPY confs/global/ /opt/confs/global
 COPY confs/site/ /opt/confs/site
 COPY scripts/ /opt/scripts
 COPY settings.json /opt
 COPY misc/cron /etc/crontabs/nginx
 COPY autoconf/* /opt/entrypoint/
 COPY autoconf/prepare.sh /tmp
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/autoconf/Dockerfile-arm64v8
+++ b/autoconf/Dockerfile-arm64v8
@@ -1,29 +0,0 @@
 FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 FROM arm64v8/alpine
 COPY --from=builder qemu-aarch64-static /usr/bin
 COPY autoconf/dependencies.sh /tmp
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -f /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY entrypoint/ /opt/entrypoint
 COPY confs/global/ /opt/confs/global
 COPY confs/site/ /opt/confs/site
 COPY scripts/ /opt/scripts
 COPY settings.json /opt
 COPY misc/cron /etc/crontabs/nginx
 COPY autoconf/* /opt/entrypoint/
 COPY autoconf/prepare.sh /tmp
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/autoconf/Dockerfile-i386
+++ b/autoconf/Dockerfile-i386
@@ -1,22 +0,0 @@
 FROM i386/alpine
 COPY autoconf/dependencies.sh /tmp
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -f /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY entrypoint/ /opt/entrypoint
 COPY confs/global/ /opt/confs/global
 COPY confs/site/ /opt/confs/site
 COPY scripts/ /opt/scripts
 COPY settings.json /opt
 COPY misc/cron /etc/crontabs/nginx
 COPY autoconf/* /opt/entrypoint/
 COPY autoconf/prepare.sh /tmp
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
--- a/compile.sh
+++ b/compile.sh
@@ -57,7 +57,7 @@ cp crs-setup.conf.example /opt/owasp/crs.conf
 # get nginx modules
 cd /tmp
 # ModSecurity connector for nginx
-git_secure_clone https://github.com/SpiderLabs/ModSecurity-nginx.git 22e53aba4e3ae8c7d59a3672d6727e49246afe96
+git_secure_clone https://github.com/SpiderLabs/ModSecurity-nginx.git 2497e6ac654d0b117b9534aa735b757c6b11c84f
 # headers more
 git_secure_clone https://github.com/openresty/headers-more-nginx-module.git d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17
 # geoip
--- a/confs/site/https.conf
+++ b/confs/site/https.conf
@@ -6,7 +6,7 @@ listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %};
 {% elif USE_CUSTOM_HTTPS == "yes" %}
 	{% set x = paths.update({"cert": CUSTOM_HTTPS_CERT}) %}
 	{% set x = paths.update({"key": CUSTOM_HTTPS_KEY}) %}
-{% elif GENERATE_SELF_SIGNED_HTTPS == "yes" %}
+{% elif GENERATE_SELF_SIGNED_SSL == "yes" %}
 	{% if MULTISITE == "yes" %}
 		{% set x = paths.update({"cert": "/etc/nginx/" + FIRST_SERVER + "/self-cert.pem"}) %}
 		{% set x = paths.update({"key": "/etc/nginx/" + FIRST_SERVER + "/self-key.pem"}) %}
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -14,15 +14,43 @@
 # import sys
 # sys.path.insert(0, os.path.abspath('.'))
 import os, subprocess, re
 def get_git_branch():
    """Get the git branch this repository is currently on"""
    path_to_here = os.path.abspath(os.path.dirname(__file__))
    # Invoke git to get the current branch which we use to get the theme
    try:
        p = subprocess.Popen(['git', 'branch'], stdout=subprocess.PIPE, cwd=path_to_here)
        # This will contain something like "* (HEAD detached at origin/MYBRANCH)"
        # or something like "* MYBRANCH"
        branch_output = p.communicate()[0].decode("ascii")
        # This is if git is in a normal branch state
        match = re.search(r'\* (?P<branch_name>[^\(\)\n ]+)', branch_output)
        if match:
            return match.groupdict()['branch_name']
        # git is in a detached HEAD state
        match = re.search(r'\(HEAD detached at origin/(?P<branch_name>[^\)]+)\)', branch_output)
        if match:
            return match.groupdict()['branch_name']
    except Exception as e :
        print(e)
        print(u'Could not get the branch')
    # Couldn't figure out the branch probably due to an error
    return None
 # -- Project information -----------------------------------------------------
 project = 'bunkerized-nginx'
 copyright = '2021, bunkerity'
 author = 'bunkerity'
 # The full version, including alpha/beta/rc tags
-release = 'v1.2.5'
+release = 'v1.2.8'
 # -- General configuration ---------------------------------------------------
@@ -30,7 +58,7 @@ release = 'v1.2.5'
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
-extensions = ['myst_parser']
+extensions = ['myst_parser', 'sphinx_sitemap']
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
@@ -53,3 +81,14 @@ html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
 html_static_path = ['_static']
 # for sitemap
 sitemap_filename = "sm.xml"
 branch = get_git_branch()
 if branch == "master" :
 	html_baseurl = 'https://bunkerized-nginx.readthedocs.io/en/latest/'
 else :
 	html_baseurl = 'https://bunkerized-nginx.readthedocs.io/en/dev/'
 # custom robots.txt
 html_extra_path = ['robots.txt']
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -1,3 +1,4 @@
 sphinx
 sphinx-rtd-theme
 myst-parser
 sphinx-sitemap
--- a/docs/robots.txt
+++ b/docs/robots.txt
@@ -0,0 +1,5 @@
 User-agent: *
 Disallow: /en/dev/
 Sitemap: https://bunkerized-nginx.readthedocs.io/en/latest/sm.xml
--- a/entrypoint/entrypoint.sh
+++ b/entrypoint/entrypoint.sh
@@ -16,13 +16,14 @@ trap "trap_exit" TERM INT QUIT
 function trap_reload() {
 	echo "[*] Catched reload operation"
 	if [ "$SWARM_MODE" != "yes" ] ; then
-		/opt/entrypoint/jobs.sh
+		/opt/entrypoint/pre-jobs.sh
 	fi
 	if [ -f /tmp/nginx.pid ] ; then
 		echo "[*] Reloading nginx ..."
 		nginx -s reload
 		if [ $? -eq 0 ] ; then
 			echo "[*] Reload successfull"
 			/opt/entrypoint/post-jobs.sh
 		else
 			echo "[!] Reload failed"
 		fi
@@ -58,8 +59,8 @@ if [ ! -f "/etc/nginx/global.env" ] ; then
 		# call the generator
 		/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables /tmp/variables.env
-		# external jobs
+		# pre-jobs
-		/opt/entrypoint/jobs.sh
+		/opt/entrypoint/pre-jobs.sh
 	fi
 else
 	echo "[*] Skipping configuration process"
@@ -97,6 +98,9 @@ if [ "$1" == "test" ] ; then
 	exit 1
 fi
 # post jobs
 /opt/entrypoint/post-jobs.sh
 # wait for nginx
 wait "$pid"
 while [ -f "/tmp/nginx.pid" ] ; do
--- a/entrypoint/nginx-temp.sh
+++ b/entrypoint/nginx-temp.sh
@@ -4,7 +4,7 @@
 . /opt/entrypoint/utils.sh
 # start nginx with temp conf for let's encrypt challenges and API
-if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$SWARM_MODE" = "yes" ] ; then
+if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$SWARM_MODE" = "yes" ] || [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
 	cp /opt/confs/global/nginx-temp.conf /tmp/nginx-temp.conf
 	cp /opt/confs/global/api-temp.conf /tmp/api.conf
 	if [ "$SWARM_MODE" = "yes" ] ; then
--- a/entrypoint/post-jobs.sh
+++ b/entrypoint/post-jobs.sh
@@ -0,0 +1,59 @@
 #!/bin/bash
 # load some functions
 . /opt/entrypoint/utils.sh
 # User-Agents
 if [ "$(has_value BLOCK_USER_AGENT yes)" != "" ] ; then
 	if [ -f "/cache/user-agents.list" ] && [ "$(wc -l /cache/user-agents.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached user-agents.list ..."
 		cp /cache/user-agents.list /etc/nginx/user-agents.list
 	elif [ "$(ps aux | grep "user-agents\.sh")" = "" ] ; then
 		echo "[*] Downloading bad user-agent list (in background) ..."
 		/opt/scripts/user-agents.sh > /dev/null 2>&1 &
 	fi
 fi
 # Referrers
 if [ "$(has_value BLOCK_REFERRER yes)" != "" ] ; then
 	if [ -f "/cache/referrers.list" ] && [ "$(wc -l /cache/referrers.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached referrers.list ..."
 		cp /cache/referrers.list /etc/nginx/referrers.list
 	elif [ "$(ps aux | grep "referrers\.sh")" = "" ] ; then
 		echo "[*] Downloading bad referrer list (in background) ..."
 		/opt/scripts/referrers.sh > /dev/null 2>&1 &
 	fi
 fi
 # exit nodes
 if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] ; then
 	if [ -f "/cache/tor-exit-nodes.list" ] && [ "$(wc -l /cache/tor-exit-nodes.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached tor-exit-nodes.list ..."
 		cp /cache/tor-exit-nodes.list /etc/nginx/tor-exit-nodes.list
 	elif [ "$(ps aux | grep "exit-nodes\.sh")" = "" ] ; then
 		echo "[*] Downloading tor exit nodes list (in background) ..."
 		/opt/scripts/exit-nodes.sh > /dev/null 2>&1 &
 	fi
 fi
 # proxies
 if [ "$(has_value BLOCK_PROXIES yes)" != "" ] ; then
 	if [ -f "/cache/proxies.list" ] && [ "$(wc -l /cache/proxies.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached proxies.list ..."
 		cp /cache/proxies.list /etc/nginx/proxies.list
 	elif [ "$(ps aux | grep "proxies\.sh")" = "" ] ; then
 		echo "[*] Downloading proxies list (in background) ..."
 		/opt/scripts/proxies.sh > /dev/null 2>&1 &
 	fi
 fi
 # abusers
 if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
 	if [ -f "/cache/abusers.list" ] && [ "$(wc -l /cache/abusers.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached abusers.list ..."
 		cp /cache/abusers.list /etc/nginx/abusers.list
 	elif [ "$(ps aux | grep "abusers\.sh")" = "" ] ; then
 		echo "[*] Downloading abusers list (in background) ..."
 		/opt/scripts/abusers.sh > /dev/null 2>&1 &
 	fi
 fi
--- a/entrypoint/pre-jobs.sh
+++ b/entrypoint/pre-jobs.sh
@@ -5,7 +5,7 @@
 # self signed certs for sites
 files=$(has_value GENERATE_SELF_SIGNED_SSL yes)
-if [ "$files" != " " ] ; then
+if [ "$files" != "" ] ; then
 	for file in $files ; do
 		site=$(echo $file | cut -f 4 -d '/')
 		dest="/etc/nginx/"
@@ -19,7 +19,7 @@ if [ "$files" != " " ] ; then
 		SELF_SIGNED_SSL_ORG="$(sed -nE 's/^SELF_SIGNED_SSL_ORG=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_OU="$(sed -nE 's/^SELF_SIGNED_SSL_OU=(.*)$/\1/p' $file)"
 		SELF_SIGNED_SSL_CN="$(sed -nE 's/^SELF_SIGNED_SSL_CN=(.*)$/\1/p' $file)"
-		openssl_output=$(openssl req -nodes -x509 -newkey rsa:4096 -keyout ${dest}self-key.pem -out ${dest}self-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN" 2>&1)
+		openssl_output=$(openssl req -nodes -x509 -newkey rsa:4096 -keyout ${dest}self-key.pem -out ${dest}self-cert.pem -days "$SELF_SIGNED_SSL_EXPIRY" -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN" 2>&1)
 		if [ $? -eq 0 ] ; then
 			echo "[*] Generated self-signed certificate ${dest}self-cert.pem with key ${dest}self-key.pem"
 		else
@@ -47,7 +47,7 @@ fi
 # certbot
 files=$(has_value AUTO_LETS_ENCRYPT yes)
-if [ "$files" != " " ] ; then
+if [ "$files" != "" ] ; then
 	for file in $files ; do
 		if [ "$(echo "$file" | grep 'site.env$')" = "" ] ; then
 			continue
@@ -58,9 +58,9 @@ if [ "$files" != " " ] ; then
 		if [ "$EMAIL_LETS_ENCRYPT" = "" ] ; then
 			EMAIL_LETS_ENCRYPT="contact@${FIRST_SERVER}"
 		fi
-		certbot_outpout=$(/opt/scripts/certbot-new.sh "$(echo -n $SERVER_NAME | sed 's/ /,/g')" "$EMAIL_LETS_ENCRYPT" 2>&1)
+		certbot_output=$(/opt/scripts/certbot-new.sh "$(echo -n $SERVER_NAME | sed 's/ /,/g')" "$EMAIL_LETS_ENCRYPT" 2>&1)
 		if [ $? -eq 0 ] ; then
-			echo "[*] Certbot new successfully executed"
+			echo "[*] Certbot new successfully executed for domain(s) $(echo -n $SERVER_NAME | sed 's/ /,/g')"
 		else
 			echo "[*] Error while executing certbot new : $certbot_output"
 		fi
@@ -69,7 +69,7 @@ fi
 # GeoIP
-if [ "$(has_value BLACKLIST_COUNTRY .+)" != "" ] || [ "$(has_value WHITELIST_COUNTRY .+)" != "" ] ; then
+if [ "$(has_value BLACKLIST_COUNTRY ".\+")" != "" ] || [ "$(has_value WHITELIST_COUNTRY ".\+")" != "" ] ; then
 	if [ -f "/cache/geoip.mmdb" ] ; then
 		echo "[*] Copying cached geoip.mmdb ..."
 		cp /cache/geoip.mmdb /etc/nginx/geoip.mmdb
@@ -78,58 +78,3 @@ if [ "$(has_value BLACKLIST_COUNTRY .+)" != "" ] || [ "$(has_value WHITELIST_COU
 		/opt/scripts/geoip.sh > /dev/null 2>&1
 	fi
 fi
 # User-Agents
 if [ "$(has_value BLOCK_USER_AGENT yes)" != "" ] ; then
 	if [ -f "/cache/user-agents.list" ] && [ "$(wc -l /cache/user-agents.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached user-agents.list ..."
 		cp /cache/user-agents.list /etc/nginx/user-agents.list
 	elif [ "$(ps aux | grep "user-agents\.sh")" = "" ] ; then
 		echo "[*] Downloading bad user-agent list (in background) ..."
 		/opt/scripts/user-agents.sh > /dev/null 2>&1 &
 	fi
 fi
 # Referrers
 if [ "$(has_value BLOCK_REFERRER yes)" != "" ] ; then
 	if [ -f "/cache/referrers.list" ] && [ "$(wc -l /cache/referrers.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached referrers.list ..."
 		cp /cache/referrers.list /etc/nginx/referrers.list
 	elif [ "$(ps aux | grep "referrers\.sh")" = "" ] ; then
 		echo "[*] Downloading bad referrer list (in background) ..."
 		/opt/scripts/referrers.sh > /dev/null 2>&1 &
 	fi
 fi
 # exit nodes
 if [ "$(has_value BLOCK_TOR_EXIT_NODE yes)" != "" ] ; then
 	if [ -f "/cache/tor-exit-nodes.list" ] && [ "$(wc -l /cache/tor-exit-nodes.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached tor-exit-nodes.list ..."
 		cp /cache/tor-exit-nodes.list /etc/nginx/tor-exit-nodes.list
 	elif [ "$(ps aux | grep "exit-nodes\.sh")" = "" ] ; then
 		echo "[*] Downloading tor exit nodes list (in background) ..."
 		/opt/scripts/exit-nodes.sh > /dev/null 2>&1 &
 	fi
 fi
 # proxies
 if [ "$(has_value BLOCK_PROXIES yes)" != "" ] ; then
 	if [ -f "/cache/proxies.list" ] && [ "$(wc -l /cache/proxies.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached proxies.list ..."
 		cp /cache/proxies.list /etc/nginx/proxies.list
 	elif [ "$(ps aux | grep "proxies\.sh")" = "" ] ; then
 		echo "[*] Downloading proxies list (in background) ..."
 		/opt/scripts/proxies.sh > /dev/null 2>&1 &
 	fi
 fi
 # abusers
 if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
 	if [ -f "/cache/abusers.list" ] && [ "$(wc -l /cache/abusers.list | cut -d ' ' -f 1)" -gt 1 ] ; then
 		echo "[*] Copying cached abusers.list ..."
 		cp /cache/abusers.list /etc/nginx/abusers.list
 	elif [ "$(ps aux | grep "abusers\.sh")" = "" ] ; then
 		echo "[*] Downloading abusers list (in background) ..."
 		/opt/scripts/abusers.sh > /dev/null 2>&1 &
 	fi
 fi
--- a/entrypoint/utils.sh
+++ b/entrypoint/utils.sh
@@ -28,7 +28,6 @@ function has_value() {
 	for file in $envs ; do
 		if [ "$(grep "^${1}=${2}$" $file)" != "" ] ; then
 			echo "$file"
 			return 0
 		fi
 	done
 }
@@ -38,4 +37,4 @@ function job_log() {
 	when="$(date '+[%Y-%m-%d %H:%M:%S]')"
 	what="$1"
 	echo "$when $what" >> /var/log/jobs.log
-}
+}
--- a/gen/Configurator.py
+++ b/gen/Configurator.py
@@ -21,10 +21,11 @@ class Configurator :
 	def load_variables(self, vars, multisite_only=False) :
 		for var, value in vars.items() :
-			if self.__check_var(var, value) :
+			check, reason = self.__check_var(var, value)
 			if check :
 				self.__variables[var] = value
 			else :
-				print("Ignoring " + var + "=" + value)
+				print("Ignoring " + var + "=" + value + " (" + reason + ")")
 	def get_config(self) :
 		config = {}
@@ -45,4 +46,10 @@ class Configurator :
 				real_var = "_".join(var.split("_")[:-1])
 			else :
 				real_var = "_".join(var.split("_")[:-1][1:])
-		return real_var != "" and re.search(self.__settings[real_var]["regex"], value) and (not multisite_only or self.__settings[real_var]["context"] == "multisite")
+		if real_var == "" :
 			return False, "doesn't exist"
 		elif not re.search(self.__settings[real_var]["regex"], value) :
 			return False, "doesn't match regex : " + self.__settings[real_var]["regex"]
 		elif multisite_only and self.__settings[real_var]["context"] != "multisite" :
 			return False, "not at multisite context"
 		return True, ""
--- a/gen/main.py
+++ b/gen/main.py
@@ -1,6 +1,6 @@
 #!/usr/bin/python3
-import argparse, os, sys, shutil
+import argparse, os, sys, shutil, glob
 import utils
 from Configurator import Configurator
@@ -51,13 +51,10 @@ if __name__ == "__main__" :
 	config = configurator.get_config()
 	#print(config)
-	# Remove old config
+	# TODO : find a proper way to remove old sites
-	for filename in os.listdir(args.output):
+	env_list = glob.glob(args.output + "/**/*.env", recursive=True)
-		file_path = os.path.join(args.output, filename)
+	for env in env_list :
-		if os.path.isfile(file_path) or os.path.islink(file_path):
+		os.remove(env)
 			os.unlink(file_path)
 		elif os.path.isdir(file_path):
 			shutil.rmtree(file_path)
 	# Generate the files from templates and config
 	templator = Templator(config, args.templates, args.output, args.target)
--- a/hooks/post_push
+++ b/hooks/post_push
@@ -1,12 +0,0 @@
 #!/bin/bash
 curl -Lo manifest-tool https://github.com/estesp/manifest-tool/releases/download/v1.0.3/manifest-tool-linux-amd64
 chmod +x manifest-tool
 VERSION=$(cat VERSION | tr -d '\n')
 if [ "$SOURCE_BRANCH" = "dev" ] ; then
 	./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx:dev-ARCHVARIANT --target bunkerity/bunkerized-nginx:dev
 elif [ "$SOURCE_BRANCH" = "master" ] ; then
 	./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx:ARCHVARIANT --target bunkerity/bunkerized-nginx:${VERSION}
 	./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx:ARCHVARIANT --target bunkerity/bunkerized-nginx:latest
 fi
--- a/hooks/pre_build
+++ b/hooks/pre_build
@@ -1,5 +0,0 @@
 #!/bin/bash
 # Register qemu-*-static for all supported processors except the
 # current one, but also remove all registered binfmt_misc before
 docker run --rm --privileged multiarch/qemu-user-static:register --reset
--- a/lua/dnsbl.lua
+++ b/lua/dnsbl.lua
@@ -1,5 +1,5 @@
-local M			= {}
+local M		= {}
-local dns		= require "dns"
+local dns	= require "dns"
 local logger	= require "logger"
 local iputils	= require "resty.iputils"
@@ -12,7 +12,7 @@ function M.cached ()
 end
 function M.check (dnsbls, resolvers)
-	local local_ips = iputils.parse_cidrs({"127.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"})
+	local local_ips = iputils.parse_cidrs({"127.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "10.0.0.0/8"})
 	if iputils.ip_in_cidrs(ngx.var.remote_addr, local_ips) then
 		ngx.shared.dnsbl_cache:set(ngx.var.remote_addr, "ok", 86400)
 		return false
--- a/scripts/abusers.sh
+++ b/scripts/abusers.sh
@@ -3,7 +3,7 @@
 # load some functions
 . /opt/entrypoint/utils.sh
-if [ $(grep "^SWARM_MODE=yes$" /etc/nginx/global.env) != "" ] && [ -f /usr/sbin/nginx ] ; then
+if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
--- a/scripts/certbot-renew.sh
+++ b/scripts/certbot-renew.sh
@@ -3,7 +3,7 @@
 # load some functions
 . /opt/entrypoint/utils.sh
-if [ $(grep "^SWARM_MODE=yes$" /etc/nginx/global.env) != "" ] && [ -f /usr/sbin/nginx ] ; then
+if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
--- a/scripts/exit-nodes.sh
+++ b/scripts/exit-nodes.sh
@@ -3,7 +3,7 @@
 # load some functions
 . /opt/entrypoint/utils.sh
-if [ $(grep "^SWARM_MODE=yes$" /etc/nginx/global.env) != "" ] && [ -f /usr/sbin/nginx ] ; then
+if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
--- a/scripts/geoip.sh
+++ b/scripts/geoip.sh
@@ -3,11 +3,11 @@
 # load some functions
 . /opt/entrypoint/utils.sh
-if [ $(grep "^SWARM_MODE=yes$" /etc/nginx/global.env) != "" ] && [ -f /usr/sbin/nginx ] ; then
+if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
-if [ "$(has_value BLACKLIST_COUNTRY .+)" = "" ] && [ "$(has_value WHITELIST_COUNTRY .+)" = "" ] ; then
+if [ "$(has_value BLACKLIST_COUNTRY ".\+")" = "" ] && [ "$(has_value WHITELIST_COUNTRY ".\+")" = "" ] ; then
 	exit 0
 fi
--- a/scripts/proxies.sh
+++ b/scripts/proxies.sh
@@ -3,7 +3,7 @@
 # load some functions
 . /opt/entrypoint/utils.sh
-if [ $(grep "^SWARM_MODE=yes$" /etc/nginx/global.env) != "" ] && [ -f /usr/sbin/nginx ] ; then
+if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
--- a/scripts/referrers.sh
+++ b/scripts/referrers.sh
@@ -3,7 +3,7 @@
 # load some functions
 . /opt/entrypoint/utils.sh
-if [ $(grep "^SWARM_MODE=yes$" /etc/nginx/global.env) != "" ] && [ -f /usr/sbin/nginx ] ; then
+if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
--- a/scripts/user-agents.sh
+++ b/scripts/user-agents.sh
@@ -3,7 +3,7 @@
 # load some functions
 . /opt/entrypoint/utils.sh
-if [ $(grep "^SWARM_MODE=yes$" /etc/nginx/global.env) != "" ] && [ -f /usr/sbin/nginx ] ; then
+if [ "$(grep "^SWARM_MODE=yes$" /etc/nginx/global.env)" != "" ] && [ -f /usr/sbin/nginx ] ; then
 	exit 0
 fi
--- a/settings.json
+++ b/settings.json
@@ -525,7 +525,7 @@
                "env": "EMAIL_LETS_ENCRYPT",
                "id": "email-lets-encrypt",
                "label": "Email lets encrypt",
-                "regex": "^([a-z0-9\\-\\.]+@([a-z\\-0-9]+\\.?)|.{0})$",
+                "regex": "^([a-z0-9\\-\\.]+@[a-z\\-0-9\\.]+|.{0})$",
                "type": "text"
            },
            {
@@ -579,7 +579,7 @@
                "env": "CUSTOM_HTTPS_CERT",
                "id": "custom-https-cert",
                "label": "Custom TLS certificate path",
-                "regex": "^[A-Za-z\\.0-9\\/\\-]*$",
+                "regex": "^[A-Za-z\\.0-9\\/\\-\\_]*$",
                "type": "text"
            },
            {
@@ -588,7 +588,7 @@
                "env": "CUSTOM_HTTPS_KEY",
                "id": "custom-https-key",
                "label": "Custom TLS certificate key",
-                "regex": "^[A-Za-z\\.0-9\\/\\-]*$",
+                "regex": "^[A-Za-z\\.0-9\\/\\-\\_]*$",
                "type": "text"
            },
            {
@@ -599,6 +599,69 @@
                "label": "Generate a self-signed TLS certificate",
                "regex": "^(yes|no)$",
                "type": "checkbox"
            },
            {
                "context": "multisite",
                "default": "365",
                "env": "SELF_SIGNED_SSL_EXPIRY",
                "id": "self-signed-ssl-expiry",
                "label": "Expire date of the self-signed certificate",
                "regex": "^[0-9]+$",
                "type": "text"
            },
            {
                "context": "multisite",
                "default": "CH",
                "env": "SELF_SIGNED_SSL_COUNTRY",
                "id": "self-signed-ssl-country",
                "label": "Country of the self-signed certificate",
                "regex": "^[A-Z]{2}$",
                "type": "text"
            },
            {
                "context": "multisite",
                "default": "Switzerland",
                "env": "SELF_SIGNED_SSL_STATE",
                "id": "self-signed-ssl-state",
                "label": "State of the self-signed certificate",
                "regex": "^[A-Za-z\\- ]+$",
                "type": "text"
            },
            {
                "context": "multisite",
                "default": "Bern",
                "env": "SELF_SIGNED_SSL_CITY",
                "id": "self-signed-ssl-city",
                "label": "City of the self-signed certificate",
                "regex": "^[A-Za-z\\- ]+$",
                "type": "text"
            },
            {
                "context": "multisite",
                "default": "IT",
                "env": "SELF_SIGNED_SSL_OU",
                "id": "self-signed-ssl-ou",
                "label": "Organizational Unit of the self-signed certificate",
                "regex": "^[A-Za-z\\- ]+$",
                "type": "text"
            },
            {
                "context": "multisite",
                "default": "Acme Inc",
                "env": "SELF_SIGNED_SSL_ORG",
                "id": "self-signed-ssl-org",
                "label": "Organization name of the self-signed certificate",
                "regex": "^[A-Za-z\\- ]+$",
                "type": "text"
            },
            {
                "context": "multisite",
                "default": "bunkerized",
                "env": "SELF_SIGNED_SSL_CN",
                "id": "self-signed-ssl-cn",
                "label": "Common Name of the self-signed certificate",
                "regex": "^[A-Za-z\\-\\.0-9]+$",
                "type": "text"
            }
        ]
    },
@@ -884,7 +947,7 @@
                "env": "REMOTE_PHP",
                "id": "remote-php",
                "label": "Remote php",
-                "regex": "^([a-z\\-0-9\\_]+\\.?)*$",
+                "regex": "^[a-z\\-0-9_\\.]*$",
                "type": "text"
            },
            {
@@ -893,7 +956,7 @@
                "env": "REMOTE_PHP_PATH",
                "id": "remote-php-path",
                "label": "Remote php path",
-                "regex": "^/([A-Za-z0-9\\-]/?)*$",
+                "regex": "^\\/[a-zA-Z\\-0-9_\\.\\/]*$",
                "type": "text"
            }
        ]
--- a/ui/Config.py
+++ b/ui/Config.py
@@ -1,113 +1,121 @@
-import json, uuid, glob, copy, re, subprocess
+import json, uuid, glob, copy, re, subprocess, os
 class Config :
-    def __init__(self) :
+	def __init__(self) :
-        with open("/opt/settings.json", "r") as f :
+		with open("/opt/settings.json", "r") as f :
-            self.__settings = json.loads(f.read())
+			self.__settings = json.loads(f.read())
-    def __env_to_dict(self, filename) :
+	def __env_to_dict(self, filename) :
-        with open(filename, "r") as f :
+		if not os.path.isfile(filename) :
-            env = f.read()
+			return {}
-        data = {}
+		with open(filename, "r") as f :
-        for line in env.split("\n") :
+			env = f.read()
-            var = line.split("=")[0]
+		data = {}
-            val = line.replace(var + "=", "", 1)
+		for line in env.split("\n") :
-            data[var] = val
+			var = line.split("=")[0]
-        return data
+			val = line.replace(var + "=", "", 1)
 			data[var] = val
 		return data
-    def __dict_to_env(self, filename, variables) :
+	def __dict_to_env(self, filename, variables) :
-        env = ""
+		env = ""
-        for k, v in variables.items() :
+		for k, v in variables.items() :
-            env += k + "=" + v + "\n"
+			env += k + "=" + v + "\n"
-        with open(filename, "w") as f :
+		with open(filename, "w") as f :
-            f.write(env)
+			f.write(env)
-    def __gen_conf(self, global_conf, services_conf) :
+	def __gen_conf(self, global_conf, services_conf) :
-        conf = copy.deepcopy(global_conf)
+		conf = copy.deepcopy(global_conf)
-        servers = conf["SERVER_NAME"].split(" ")
+		if not "SERVER_NAME" in conf :
-        if conf["SERVER_NAME"] == "" :
+			conf["SERVER_NAME"] = ""
-            servers = []
+		servers = conf["SERVER_NAME"].split(" ")
-        for service in services_conf :
+		if conf["SERVER_NAME"] == "" :
-            first_server = service["SERVER_NAME"].split(" ")[0]
+			servers = []
-            if not first_server in servers :
+		for service in services_conf :
-                servers.append(first_server)
+			first_server = service["SERVER_NAME"].split(" ")[0]
-            for k, v in service.items() :
+			if not first_server in servers :
-                conf[first_server + "_" + k] = v
+				servers.append(first_server)
-        conf["SERVER_NAME"] = " ".join(servers)
+			for k, v in service.items() :
-        env_file = "/tmp/" + str(uuid.uuid4()) + ".env"
+				conf[first_server + "_" + k] = v
-        self.__dict_to_env(env_file, conf)
+		conf["SERVER_NAME"] = " ".join(servers)
-        proc = subprocess.run(["/bin/su", "-c", "/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables " + env_file, "nginx"], capture_output=True)
+		env_file = "/tmp/" + str(uuid.uuid4()) + ".env"
-        stderr = proc.stderr.decode("ascii")
+		self.__dict_to_env(env_file, conf)
-        #stdout = proc.stdout.decode("ascii")
+		proc = subprocess.run(["/opt/gen/main.py", "--settings", "/opt/settings.json", "--templates", "/opt/confs", "--output", "/etc/nginx", "--variables",  env_file], capture_output=True)
-        if stderr != "" or proc.returncode != 0 :
+		stderr = proc.stderr.decode("ascii")
-            raise Exception("Error from generator (return code = " + str(proc.returncode) + ") : " + stderr)
+		stdout = proc.stdout.decode("ascii")
 		if stderr != "" or proc.returncode != 0 :
 			raise Exception("Error from generator (return code = " + str(proc.returncode) + ") : " + stderr + "\n" + stdout)
-    def get_settings(self) :
+	def get_settings(self) :
-        return self.__settings
+		return self.__settings
-    def get_config(self) :
+	def get_config(self) :
-        return self.__env_to_dict("/etc/nginx/global.env")
+		return self.__env_to_dict("/etc/nginx/global.env")
-    def get_services(self) :
+	def get_services(self) :
-        services = []
+		services = []
-        for filename in glob.iglob("/etc/nginx/**/site.env") :
+		for filename in glob.iglob("/etc/nginx/**/site.env") :
-            env = self.__env_to_dict(filename)
+			env = self.__env_to_dict(filename)
-            services.append(env)
+			services.append(env)
-        return services
+		no_multisite = self.__env_to_dict("/etc/nginx/site.env")
 		if len(no_multisite) > 0 :
 			services.append(no_multisite)
 		return services
-    def check_variables(self, variables) :
+	def check_variables(self, variables) :
-        for k, v in variables.items() :
+		for k, v in variables.items() :
-            check = False
+			check = False
-            for category in self.__settings :
+			for category in self.__settings :
-                for param in self.__settings[category]["params"] :
+				for param in self.__settings[category]["params"] :
-                    multiple = False
+					multiple = False
-                    if param["type"] != "multiple" :
+					if param["type"] != "multiple" :
-                        real_params = [param]
+						real_params = [param]
-                    else :
+					else :
-                        real_params = param["params"]
+						real_params = param["params"]
-                        multiple = True
+						multiple = True
-                    for real_param in real_params :
+					for real_param in real_params :
-                        if (((not multiple and k == real_param["env"]) or
+						if (((not multiple and k == real_param["env"]) or
-                                (multiple and re.search("^" + real_param["env"] + "_" + "[0-9]+$", k))) and
+								(multiple and re.search("^" + real_param["env"] + "_" + "[0-9]+$", k))) and
-                                real_param["context"] == "multisite" and
+								real_param["context"] == "multisite" and
-                                re.search(real_param["regex"], v)) :
+								re.search(real_param["regex"], v)) :
-                            check = True
+							check = True
-            if not check :
+			if not check :
-                raise Exception("Variable " + k + " is not valid.")
+				raise Exception("Variable " + k + " is not valid.")
-    def new_service(self, variables) :
+	def new_service(self, variables) :
-        global_env = self.__env_to_dict("/etc/nginx/global.env")
+		global_env = self.__env_to_dict("/etc/nginx/global.env")
-        services = self.get_services()
+		services = self.get_services()
-        for service in services :
+		for service in services :
-            if service["SERVER_NAME"] == variables["SERVER_NAME"] or service["SERVER_NAME"] in variables["SERVER_NAME"].split(" ") :
+			if service["SERVER_NAME"] == variables["SERVER_NAME"] or service["SERVER_NAME"] in variables["SERVER_NAME"].split(" ") :
-                raise Exception("Service " + service["SERVER_NAME"] + " already exists.")
+				raise Exception("Service " + service["SERVER_NAME"] + " already exists.")
-        services.append(variables)
+		services.append(variables)
-        self.__gen_conf(global_env, services)
+		self.__gen_conf(global_env, services)
-        return "Configuration for " + variables["SERVER_NAME"] + " has been generated."
+		return "Configuration for " + variables["SERVER_NAME"] + " has been generated."
-    def edit_service(self, old_server_name, variables) :
+	def edit_service(self, old_server_name, variables) :
-        self.delete_service(old_server_name)
+		self.delete_service(old_server_name)
-        self.new_service(variables)
+		self.new_service(variables)
-        return "Configuration for " + old_server_name + " has been edited."
+		return "Configuration for " + old_server_name + " has been edited."
-    def delete_service(self, server_name) :
+	def delete_service(self, server_name) :
-        global_env = self.__env_to_dict("/etc/nginx/global.env")
+		global_env = self.__env_to_dict("/etc/nginx/global.env")
-        services = self.get_services()
+		services = self.get_services()
-        new_services = []
+		new_services = []
-        found = False
+		found = False
-        for service in services :
+		for service in services :
-            if service["SERVER_NAME"].split(" ")[0] == server_name :
+			if service["SERVER_NAME"].split(" ")[0] == server_name :
-                found = True
+				found = True
-            else :
+			else :
-                new_services.append(service)
+				new_services.append(service)
-        if not found :
+		if not found :
-            raise Exception("Can't delete missing " + server_name + " configuration.")
+			raise Exception("Can't delete missing " + server_name + " configuration.")
-        new_servers = global_env["SERVER_NAME"].split(" ")
+		new_servers = global_env["SERVER_NAME"].split(" ")
-        if server_name in new_servers :
+		if server_name in new_servers :
-            new_servers.remove(server_name)
+			new_servers.remove(server_name)
-        global_env["SERVER_NAME"] = " ".join(new_servers)
+		global_env["SERVER_NAME"] = " ".join(new_servers)
-        self.__gen_conf(global_env, new_services)
+		self.__gen_conf(global_env, new_services)
-        return "Configuration for " + server_name + " has been deleted."
+		return "Configuration for " + server_name + " has been deleted."
--- a/ui/Docker.py
+++ b/ui/Docker.py
@@ -17,8 +17,10 @@ class Docker :
 		return self.__client.containers.get(id)
 	def reload_instance(self, id) :
-		self.get_instance(id).kill(signal="SIGHUP")
+		if self.get_instance(id).status == "running" :
-		return "Instance " + id + " has been reloaded."
+			self.get_instance(id).kill(signal="SIGHUP")
 			return "Instance " + id + " has been reloaded."
 		return "Instance " + id + " is not running, skipping reload."
 	def start_instance(self, id) :
 		self.get_instance(id).start()
--- a/ui/Dockerfile-amd64
+++ b/ui/Dockerfile-amd64
@@ -1,23 +0,0 @@
 FROM amd64/alpine
 COPY ui/dependencies.sh /tmp
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -f /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY confs/site/ /opt/confs/site
 COPY confs/global/ /opt/confs/global
 COPY ui/ /opt/entrypoint
 COPY settings.json /opt
 COPY ui/prepare.sh /tmp
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 EXPOSE 5000
 WORKDIR /opt/entrypoint
 ENV FLASK_APP entrypoint.py
 ENTRYPOINT ["/usr/bin/python3", "-m", "flask", "run", "--host=0.0.0.0"]
--- a/ui/Dockerfile-arm32v7
+++ b/ui/Dockerfile-arm32v7
@@ -1,30 +0,0 @@
 FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 FROM arm32v7/alpine
 COPY --from=builder qemu-arm-static /usr/bin
 COPY ui/dependencies.sh /tmp
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -f /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY confs/site/ /opt/confs/site
 COPY confs/global/ /opt/confs/global
 COPY ui/ /opt/entrypoint
 COPY settings.json /opt
 COPY ui/prepare.sh /tmp
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 EXPOSE 5000
 WORKDIR /opt/entrypoint
 ENV FLASK_APP entrypoint.py
 ENTRYPOINT ["/usr/bin/python3", "-m", "flask", "run", "--host=0.0.0.0"]
--- a/ui/Dockerfile-arm64v8
+++ b/ui/Dockerfile-arm64v8
@@ -1,30 +0,0 @@
 FROM alpine AS builder
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 FROM arm64v8/alpine
 COPY --from=builder qemu-aarch64-static /usr/bin
 COPY ui/dependencies.sh /tmp
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -f /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY confs/site/ /opt/confs/site
 COPY confs/global/ /opt/confs/global
 COPY ui/ /opt/entrypoint
 COPY settings.json /opt
 COPY ui/prepare.sh /tmp
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 EXPOSE 5000
 WORKDIR /opt/entrypoint
 ENV FLASK_APP entrypoint.py
 ENTRYPOINT ["/usr/bin/python3", "-m", "flask", "run", "--host=0.0.0.0"]
--- a/ui/Dockerfile-i386
+++ b/ui/Dockerfile-i386
@@ -1,23 +0,0 @@
 FROM i386/alpine
 COPY ui/dependencies.sh /tmp
 RUN chmod +x /tmp/dependencies.sh && \
    /tmp/dependencies.sh && \
    rm -f /tmp/dependencies.sh
 COPY gen/ /opt/gen
 COPY confs/site/ /opt/confs/site
 COPY confs/global/ /opt/confs/global
 COPY ui/ /opt/entrypoint
 COPY settings.json /opt
 COPY ui/prepare.sh /tmp
 RUN chmod +x /tmp/prepare.sh && \
    /tmp/prepare.sh && \
    rm -f /tmp/prepare.sh
 EXPOSE 5000
 WORKDIR /opt/entrypoint
 ENV FLASK_APP entrypoint.py
 ENTRYPOINT ["/usr/bin/python3", "-m", "flask", "run", "--host=0.0.0.0"]
--- a/ui/templates/services-new.html
+++ b/ui/templates/services-new.html
@@ -25,7 +25,7 @@
 		{% if param["type"] != "multiple" and param["context"] == "multisite" %}
 							<div class="row mb-3" id="form-new-{{ param["id"] }}">
 			{% set default = {"value": param["default"]} %}
-			{% if param["env"] in config["CONFIG"].get_config() %}
+			{% if param["env"] in config["CONFIG"].get_config() and param["env"] != "SERVER_NAME" %}
 				{% set x = default.update({"value": config["CONFIG"].get_config()[param["env"]]}) %}
 			{% endif %}
 								{{ form_service_gen("form-new-" + param["id"], param["label"], param["type"], default["value"], param["env"])|safe }}
@@ -57,4 +57,4 @@
 			</div>
 		</div>
 	</div>
-</div>
+</div>
--- a/ui/templates/services.html
+++ b/ui/templates/services.html
@@ -58,12 +58,13 @@
 		</div>
 	</div>
 		{% include "services-new.html" %}
 		{% include "services-edit.html" %}
 		{% include "services-delete.html" %}
 	{% endfor %}
 	{% include "services-new.html" %}
 </div>
 {% endblock %}
Author	SHA1	Message	Date
bunkerity	a60fbbb5b3	hotfix - fix CVE-2021-33560	2021-07-22 14:50:09 +02:00
bunkerity	3178545c2f	v1.2.8 release	2021-07-22 14:36:07 +02:00
bunkerity	36b8760d4d	resolve bugs on the stable version	2021-07-22 12:12:55 +02:00
bunkerity	15bdb076c8	hotfix - fix docs get_git_branch	2021-06-15 17:10:34 +02:00
bunkerity	d62c4f466d	v1.2.7 release	2021-06-15 16:53:37 +02:00
bunkerity	ad52ef3260	autoconf - prevent race condition by checking health state	2021-06-15 09:52:33 +02:00
Bunkerity	3bd3b6fd7a	Merge pull request #145 from thelittlefireman/patch-10 Upgrade ModSecurity-nginx to v1.0.2 - @thelittlefireman	2021-06-15 08:42:42 +02:00
thelittlefireman	e41acc20c2	Upgrade ModSecurity-nginx to v1.0.2	2021-06-15 00:01:23 +02:00
bunkerity	3c721dc2a0	add HEALTHCHECK to Dockerfile and append 10.0.0.0/8 to DNSBL whitelist	2021-06-14 20:54:36 +02:00
bunkerity	491d879fec	jobs - cleaning the mess when using autoconf without swarm mode	2021-06-14 17:58:38 +02:00
bunkerity	52534510ec	fix bug when AUTO_LETS_ENCRYPT=yes and certbot can't resolve challenges	2021-06-14 14:59:27 +02:00
bunkerity	2c7337576d	jobs - fix syntax error	2021-06-14 13:39:27 +02:00
bunkerity	9e4961ccb5	docs - rename sitemap to bypass rtd rewrite	2021-06-14 10:21:30 +02:00
bunkerity	01857d8ac0	gen - display the reason when ignoring a variable	2021-06-14 09:58:04 +02:00
bunkerity	ab9f9e0a4c	jobs - fix jobs when MULTISITE=yes	2021-06-14 09:02:16 +02:00
bunkerity	29dc64ca30	actions - add Docker cache to speedup auto build on the dev branch	2021-06-11 15:14:10 +02:00
bunkerity	b5cd4e0375	docker - build and push images from GitHub actions because of future DockerHub restrictions on autobuild	2021-06-11 13:39:39 +02:00
bunkerity	16101144c5	self-signed cert - fix bugs	2021-06-11 11:39:36 +02:00
bunkerity	95510e6e1d	settings - add underscore to CUSTOM_HTTPS_CERT/KEY regex	2021-06-11 11:08:35 +02:00
bunkerity	dd5890e760	geoip - fix bug when using GeoIP	2021-06-11 11:01:13 +02:00
bunkerity	c3a437fa82	docs - rename the sitemap to avoid conflicts ?	2021-06-08 09:31:28 +02:00
bunkerity	518ddd3236	docs - custom robots.txt	2021-06-08 09:18:28 +02:00
bunkerity	177a82ee6e	docs - automated sitemap.yml	2021-06-08 09:06:21 +02:00