init_by_lua_block { local dataloader = require "dataloader" local logger = require "logger" local cjson = require "cjson" local remoteapi = require "remoteapi" local iputils = require "resty.iputils" local use_redis = {% if USE_REDIS == "yes" %}true{% else %}false{% endif +%} local use_proxies = {% if has_value("BLOCK_PROXIES", "yes") %}true{% else %}false{% endif +%} local use_abusers = {% if has_value("BLOCK_ABUSERS", "yes") %}true{% else %}false{% endif +%} local use_tor_exit_nodes = {% if has_value("BLOCK_TOR_EXIT_NODE", "yes") %}true{% else %}false{% endif +%} local use_user_agents = {% if has_value("BLOCK_USER_AGENT", "yes") %}true{% else %}false{% endif +%} local use_referrers = {% if has_value("BLOCK_REFERRER", "yes") %}true{% else %}false{% endif +%} local use_remote_api = {% if has_value("USE_REMOTE_API", "yes") %}true{% else %}false{% endif +%} -- Load reserved IPs local reserved_ips = { "0.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "127.0.0.0/8", "169.254.0.0/16", "172.16.0.0/12", "192.0.0.0/24", "192.0.2.0/24", "192.88.99.0/24", "192.168.0.0/16", "198.18.0.0/15", "198.51.100.0/24", "203.0.113.0/24", "224.0.0.0/4", "233.252.0.0/24", "240.0.0.0/4", "255.255.255.255/32" } ngx.shared.reserved_ips:safe_set("cidrs", iputils.parse_cidrs(reserved_ips), 0) -- Load blacklists if not use_redis then if use_proxies then dataloader.load_ip("/etc/nginx/proxies.list", ngx.shared.proxies_data) end if use_abusers then dataloader.load_ip("/etc/nginx/abusers.list", ngx.shared.abusers_data) end if use_tor_exit_nodes then dataloader.load_ip("/etc/nginx/tor-exit-nodes.list", ngx.shared.tor_exit_nodes_data) end if use_user_agents then dataloader.load_raw("/etc/nginx/user-agents.list", ngx.shared.user_agents_data) end if use_referrers then dataloader.load_raw("/etc/nginx/referrers.list", ngx.shared.referrers_data) end end -- Load plugins ngx.shared.plugins_data:safe_set("plugins", nil, 0) local p = io.popen("find /opt/bunkerized-nginx/plugins -maxdepth 1 -type d ! -path /opt/bunkerized-nginx/plugins") for dir in p:lines() do -- read JSON local file = io.open(dir .. "/plugin.json") if file then -- store settings local data = cjson.decode(file:read("*a")) for k, v in pairs(data.settings) do ngx.shared.plugins_data:safe_set(data.id .. "_" .. k, v, 0) end file:close() -- call init local plugin = require(data.id .. "/" .. data.id) local init = true if plugin["init"] ~= nil then init = plugin.init() end -- store plugin if init then local plugins, flags = ngx.shared.plugins_data:get("plugins") if plugins == nil then ngx.shared.plugins_data:safe_set("plugins", data.id, 0) else ngx.shared.plugins_data:safe_set("plugins", plugins .. " " .. data.id, 0) end logger.log(ngx.ERR, "PLUGINS", "*NOT AN ERROR* plugin " .. data.name .. "/" .. data.version .. " has been loaded") else logger.log(ngx.ERR, "PLUGINS", "init failed for plugin " .. data.name .. "/" .. data.version) end else logger.log(ngx.ERR, "PLUGINS", "Can't load " .. dir .. "/plugin.json") end end p:close() -- Remote API if use_remote_api then -- Save server ngx.shared.remote_api:set("server", "{{ REMOTE_API_SERVER }}", 0) -- Save version local f = io.open("/opt/bunkerized-nginx/VERSION", "r") ngx.shared.remote_api:set("version", f:read("*all"):gsub("[\r\n]", ""), 0) f:close() -- Save machine ID local id = "empty" local f = io.open("/etc/nginx/machine.id", "r") if f == nil then logger.log(ngx.ERR, "REMOTE API", "USE_REMOTE_API is set to yes but machine ID is not generated - communication with {{ REMOTE_API_SERVER }} won't work") else id = f:read("*all"):gsub("[\r\n]", "") logger.log(ngx.ERR, "REMOTE API", "*NOT AN ERROR* Using existing machine ID (" .. id .. ")") f:close() end ngx.shared.remote_api:set("id", id, 0) -- Ping the remote API local ping = "ko" if id ~= "empty" then if remoteapi.ping2() then ping = "ok" logger.log(ngx.ERR, "REMOTE API", "*NOT AN ERROR* Successfully requested the remote API") else logger.log(ngx.ERR, "REMOTE API", "Can't contact the remote API, feature will be disabled") end end ngx.shared.remote_api:set("ping", ping, 0) -- Load the database if ping ~= "ko" then dataloader.load_ip("/etc/nginx/remote-api.db", ngx.shared.remote_api_db) end end }