78 lines
2.1 KiB
Bash
78 lines
2.1 KiB
Bash
#!/bin/sh
|
|
|
|
# prepare /www
|
|
mkdir /www
|
|
chown -R root:nginx /www
|
|
chmod -R 770 /www
|
|
|
|
# prepare /opt
|
|
chown -R root:nginx /opt
|
|
find /opt -type f -exec chmod 0740 {} \;
|
|
find /opt -type d -exec chmod 0750 {} \;
|
|
chmod ugo+x /opt/bunkerized-nginx/entrypoint/* /opt/bunkerized-nginx/scripts/*
|
|
chmod ugo+x /opt/bunkerized-nginx/gen/main.py
|
|
chmod 770 /opt/bunkerized-nginx
|
|
chmod 440 /opt/bunkerized-nginx/settings.json
|
|
|
|
# prepare /etc/nginx
|
|
chown -R root:nginx /etc/nginx
|
|
chmod -R 770 /etc/nginx
|
|
|
|
# prepare /var/log
|
|
rm -f /var/log/nginx/*
|
|
chown root:nginx /var/log/nginx
|
|
chmod -R 770 /var/log/nginx
|
|
ln -s /proc/1/fd/2 /var/log/nginx/error.log
|
|
ln -s /proc/1/fd/2 /var/log/nginx/modsec_audit.log
|
|
ln -s /proc/1/fd/1 /var/log/nginx/access.log
|
|
ln -s /proc/1/fd/1 /var/log/nginx/jobs.log
|
|
mkdir /var/log/letsencrypt
|
|
chown nginx:nginx /var/log/letsencrypt
|
|
chmod 770 /var/log/letsencrypt
|
|
|
|
# prepare /acme-challenge
|
|
mkdir /acme-challenge
|
|
chown root:nginx /acme-challenge
|
|
chmod 770 /acme-challenge
|
|
|
|
# prepare /etc/letsencrypt
|
|
mkdir /etc/letsencrypt
|
|
chown root:nginx /etc/letsencrypt
|
|
chmod 770 /etc/letsencrypt
|
|
|
|
# prepare /var/lib/letsencrypt
|
|
mkdir /var/lib/letsencrypt
|
|
chown root:nginx /var/lib/letsencrypt
|
|
chmod 770 /var/lib/letsencrypt
|
|
|
|
# prepare /usr/local/lib/lua
|
|
chown -R root:nginx /usr/local/lib/lua
|
|
chmod 770 /usr/local/lib/lua
|
|
find /usr/local/lib/lua -type f -name "*.lua" -exec chmod 0760 {} \;
|
|
find /usr/local/lib/lua -type d -exec chmod 0770 {} \;
|
|
|
|
# prepare /cache
|
|
mkdir /cache
|
|
chown root:nginx /cache
|
|
chmod 770 /cache
|
|
|
|
# prepare /etc/crontabs/nginx
|
|
chown root:nginx /etc/crontabs/nginx
|
|
chmod 440 /etc/crontabs/nginx
|
|
|
|
# prepare /plugins
|
|
mkdir /plugins
|
|
chown root:nginx /plugins
|
|
chmod 770 /plugins
|
|
|
|
# prepare symlinks
|
|
ln -s /www /opt/bunkerized-nginx/www
|
|
ln -s /http-confs /opt/bunkerized-nginx/http-confs
|
|
ln -s /server-confs /opt/bunkerized-nginx/server-confs
|
|
ln -s /modsec-confs /opt/bunkerized-nginx/modsec-confs
|
|
ln -s /modsec-crs-confs /opt/bunkerized-nginx/modsec-crs-confs
|
|
ln -s /cache /opt/bunkerized-nginx/cache
|
|
ln -s /pre-server-confs /opt/bunkerized-nginx/pre-server-confs
|
|
ln -s /acme-challenge /opt/bunkerized-nginx/acme-challenge
|
|
ln -s /plugins /opt/bunkerized-nginx/plugins
|