Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: Makussu:v1.2.7
Branches Tags
Makussu:master Makussu:dev Makussu:gh-pages
Makussu:v1.4.1 Makussu:v1.4.0 Makussu:v1.3.2 Makussu:v1.3.1 Makussu:v1.3.0 Makussu:v1.2.8 Makussu:v1.2.7 Makussu:v1.2.6 Makussu:v1.2.5 Makussu:v1.2.4 Makussu:v1.2.3 Makussu:v1.2.2 Makussu:v1.2.1 Makussu:v1.2.0 Makussu:v1.1.2 Makussu:v1.1.1 Makussu:v1.1.0 Makussu:v1.0.0
...
compare: Makussu:v1.2.8
Branches Tags
Makussu:dev Makussu:gh-pages Makussu:master
Makussu:v1.4.1 Makussu:v1.4.0 Makussu:v1.3.2 Makussu:v1.3.1 Makussu:v1.3.0 Makussu:v1.2.8 Makussu:v1.2.7 Makussu:v1.2.6 Makussu:v1.2.5 Makussu:v1.2.4 Makussu:v1.2.3 Makussu:v1.2.2 Makussu:v1.2.1 Makussu:v1.2.0 Makussu:v1.1.2 Makussu:v1.1.1 Makussu:v1.1.0 Makussu:v1.0.0

3 Commits
v1.2.7 ... v1.2.8

Author SHA1 Message Date
bunkerity
a60fbbb5b3 hotfix - fix CVE-2021-33560 2021-07-22 14:50:09 +02:00
bunkerity
3178545c2f v1.2.8 release 2021-07-22 14:36:07 +02:00
bunkerity
36b8760d4d resolve bugs on the stable version 2021-07-22 12:12:55 +02:00
12 changed files with 146 additions and 129 deletions
Expand all files Collapse all files

10
CHANGELOG.md
View File

@@ -1,5 +1,15 @@
# Changelog
## v1.2.8 - 2021/07/22
- Fix broken links in README
- Fix regex for EMAIL_LETS_ENCRYPT
- Fix regex for REMOTE_PHP and REMOTE_PHP_PATH
- Fix regex for SELF_SIGNED_*
- Fix various bugs related to web UI
- Fix bug in autoconf (missing instances parameter to reload function)
- Remove old .env files when generating a new configuration
## v1.2.7 - 2021/06/14
- Add custom robots.txt and sitemap to RTD

4
Dockerfile
View File

@@ -26,8 +26,8 @@ RUN chmod +x /tmp/prepare.sh && \
/tmp/prepare.sh && \
rm -f /tmp/prepare.sh
# Fix CVE-2021-22901, CVE-2021-22898 and CVE-2021-22897
RUN apk add "curl>=7.77.0-r0"
# Fix CVE-2021-22901, CVE-2021-22898, CVE-2021-22897 and CVE-2021-33560
RUN apk add "curl>=7.77.0-r0" "libgcrypt>=1.8.8-r0"
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins

6
README.md
View File

@@ -3,7 +3,7 @@
</p>
<p align="center">
<img src="https://img.shields.io/badge/bunkerized--nginx-1.2.7-blue" />
<img src="https://img.shields.io/badge/bunkerized--nginx-1.2.8-blue" />
<img src="https://img.shields.io/badge/nginx-1.20.1-blue" />
<img src="https://img.shields.io/github/last-commit/bunkerity/bunkerized-nginx" />
<img src="https://img.shields.io/github/workflow/status/bunkerity/bunkerized-nginx/Automatic%20test?label=automatic%20test" />
@@ -432,8 +432,8 @@ bunkerized-nginx comes with a set of predefined security settings that you can (
# License
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerized-nginx/LICENSE.md).
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerized-nginx/blob/master/LICENSE.md).
# Contributing
If you would like to contribute to the project you can read the [contributing guidelines](https://github.com/bunkerity/bunkerized-nginx/CONTRIBUTING.md) to get started.
If you would like to contribute to the project you can read the [contributing guidelines](https://github.com/bunkerity/bunkerized-nginx/blob/master/CONTRIBUTING.md) to get started.

2
VERSION
View File

@@ -1 +1 @@
1.2.7
1.2.8

2
autoconf/AutoConf.py
View File

@@ -173,7 +173,7 @@ class AutoConf :
self.__servers[id].reload()
utils.log("[*] Deactivating config for " + vars["SERVER_NAME"])
self.__gen_env()
if self.__config.reload() :
if self.__config.reload(self.__instances) :
utils.log("[*] Deactivated config for " + vars["SERVER_NAME"])
else :
utils.log("[!] Can't deactivate config for " + vars["SERVER_NAME"])

2
docs/conf.py
View File

@@ -50,7 +50,7 @@ copyright = '2021, bunkerity'
author = 'bunkerity'
# The full version, including alpha/beta/rc tags
release = 'v1.2.7'
release = 'v1.2.8'
# -- General configuration ---------------------------------------------------

14
gen/main.py
View File

@@ -1,6 +1,6 @@
#!/usr/bin/python3
import argparse, os, sys, shutil
import argparse, os, sys, shutil, glob
import utils
from Configurator import Configurator
@@ -51,14 +51,10 @@ if __name__ == "__main__" :
config = configurator.get_config()
#print(config)
# Remove old config
# TODO : remove unnecessary files after rendering
# for filename in os.listdir(args.output):
# file_path = os.path.join(args.output, filename)
# if os.path.isfile(file_path) or os.path.islink(file_path):
# os.unlink(file_path)
# elif os.path.isdir(file_path):
# shutil.rmtree(file_path)
# TODO : find a proper way to remove old sites
env_list = glob.glob(args.output + "/**/*.env", recursive=True)
for env in env_list :
os.remove(env)
# Generate the files from templates and config
templator = Templator(config, args.templates, args.output, args.target)

18
settings.json
View File

@@ -525,7 +525,7 @@
"env": "EMAIL_LETS_ENCRYPT",
"id": "email-lets-encrypt",
"label": "Email lets encrypt",
"regex": "^([a-z0-9\\-\\.]+@([a-z\\-0-9]+\\.?)|.{0})$",
"regex": "^([a-z0-9\\-\\.]+@[a-z\\-0-9\\.]+|.{0})$",
"type": "text"
},
{
@@ -615,7 +615,7 @@
"env": "SELF_SIGNED_SSL_COUNTRY",
"id": "self-signed-ssl-country",
"label": "Country of the self-signed certificate",
"regex": "^[:print:]+$",
"regex": "^[A-Z]{2}$",
"type": "text"
},
{
@@ -624,7 +624,7 @@
"env": "SELF_SIGNED_SSL_STATE",
"id": "self-signed-ssl-state",
"label": "State of the self-signed certificate",
"regex": "^[:print:]+$",
"regex": "^[A-Za-z\\- ]+$",
"type": "text"
},
{
@@ -633,7 +633,7 @@
"env": "SELF_SIGNED_SSL_CITY",
"id": "self-signed-ssl-city",
"label": "City of the self-signed certificate",
"regex": "^[:print:]+$",
"regex": "^[A-Za-z\\- ]+$",
"type": "text"
},
{
@@ -642,7 +642,7 @@
"env": "SELF_SIGNED_SSL_OU",
"id": "self-signed-ssl-ou",
"label": "Organizational Unit of the self-signed certificate",
"regex": "^[:print:]+$",
"regex": "^[A-Za-z\\- ]+$",
"type": "text"
},
{
@@ -651,7 +651,7 @@
"env": "SELF_SIGNED_SSL_ORG",
"id": "self-signed-ssl-org",
"label": "Organization name of the self-signed certificate",
"regex": "^[:print:]+$",
"regex": "^[A-Za-z\\- ]+$",
"type": "text"
},
{
@@ -660,7 +660,7 @@
"env": "SELF_SIGNED_SSL_CN",
"id": "self-signed-ssl-cn",
"label": "Common Name of the self-signed certificate",
"regex": "^[:print:]+$",
"regex": "^[A-Za-z\\-\\.0-9]+$",
"type": "text"
}
]
@@ -947,7 +947,7 @@
"env": "REMOTE_PHP",
"id": "remote-php",
"label": "Remote php",
"regex": "^([a-z\\-0-9\\_]+\\.?)*$",
"regex": "^[a-z\\-0-9_\\.]*$",
"type": "text"
},
{
@@ -956,7 +956,7 @@
"env": "REMOTE_PHP_PATH",
"id": "remote-php-path",
"label": "Remote php path",
"regex": "^/([A-Za-z0-9\\-]/?)*$",
"regex": "^\\/[a-zA-Z\\-0-9_\\.\\/]*$",
"type": "text"
}
]

16
ui/Config.py
View File

@@ -1,4 +1,4 @@
import json, uuid, glob, copy, re, subprocess
import json, uuid, glob, copy, re, subprocess, os
class Config :
@@ -7,6 +7,8 @@ class Config :
self.__settings = json.loads(f.read())
def __env_to_dict(self, filename) :
if not os.path.isfile(filename) :
return {}
with open(filename, "r") as f :
env = f.read()
data = {}
@@ -25,6 +27,8 @@ class Config :
def __gen_conf(self, global_conf, services_conf) :
conf = copy.deepcopy(global_conf)
if not "SERVER_NAME" in conf :
conf["SERVER_NAME"] = ""
servers = conf["SERVER_NAME"].split(" ")
if conf["SERVER_NAME"] == "" :
servers = []
@@ -37,11 +41,11 @@ class Config :
conf["SERVER_NAME"] = " ".join(servers)
env_file = "/tmp/" + str(uuid.uuid4()) + ".env"
self.__dict_to_env(env_file, conf)
proc = subprocess.run(["/bin/su", "-c", "/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables " + env_file, "nginx"], capture_output=True)
proc = subprocess.run(["/opt/gen/main.py", "--settings", "/opt/settings.json", "--templates", "/opt/confs", "--output", "/etc/nginx", "--variables", env_file], capture_output=True)
stderr = proc.stderr.decode("ascii")
#stdout = proc.stdout.decode("ascii")
stdout = proc.stdout.decode("ascii")
if stderr != "" or proc.returncode != 0 :
raise Exception("Error from generator (return code = " + str(proc.returncode) + ") : " + stderr)
raise Exception("Error from generator (return code = " + str(proc.returncode) + ") : " + stderr + "\n" + stdout)
def get_settings(self) :
return self.__settings
@@ -54,6 +58,9 @@ class Config :
for filename in glob.iglob("/etc/nginx/**/site.env") :
env = self.__env_to_dict(filename)
services.append(env)
no_multisite = self.__env_to_dict("/etc/nginx/site.env")
if len(no_multisite) > 0 :
services.append(no_multisite)
return services
def check_variables(self, variables) :
@@ -111,3 +118,4 @@ class Config :
self.__gen_conf(global_env, new_services)
return "Configuration for " + server_name + " has been deleted."

2
ui/Docker.py
View File

@@ -17,8 +17,10 @@ class Docker :
return self.__client.containers.get(id)
def reload_instance(self, id) :
if self.get_instance(id).status == "running" :
self.get_instance(id).kill(signal="SIGHUP")
return "Instance " + id + " has been reloaded."
return "Instance " + id + " is not running, skipping reload."
def start_instance(self, id) :
self.get_instance(id).start()

2
ui/templates/services-new.html
View File

@@ -25,7 +25,7 @@
{% if param["type"] != "multiple" and param["context"] == "multisite" %}
<div class="row mb-3" id="form-new-{{ param["id"] }}">
{% set default = {"value": param["default"]} %}
{% if param["env"] in config["CONFIG"].get_config() %}
{% if param["env"] in config["CONFIG"].get_config() and param["env"] != "SERVER_NAME" %}
{% set x = default.update({"value": config["CONFIG"].get_config()[param["env"]]}) %}
{% endif %}
{{ form_service_gen("form-new-" + param["id"], param["label"], param["type"], default["value"], param["env"])|safe }}

3
ui/templates/services.html
View File

@@ -58,12 +58,13 @@
</div>
</div>
{% include "services-new.html" %}
{% include "services-edit.html" %}
{% include "services-delete.html" %}
{% endfor %}
{% include "services-new.html" %}
</div>
{% endblock %}