From fe774e0009ce7bc95db33ffc6f30f2f9dc6a6ae1 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Thu, 20 Oct 2022 17:11:12 +0200 Subject: [PATCH] temp nginx is dead, long live to the IS_LOADING setting --- Dockerfile | 6 +- bw/confs/default-server-http.conf | 6 + bw/confs/http.conf | 4 +- bw/confs/nginx.conf | 4 - bw/helpers/entrypoint.sh | 6 +- bw/{temp_nginx/www => loading}/index.html | 0 bw/settings.json | 9 +- bw/temp_nginx/access-lua.conf | 64 ---- bw/temp_nginx/api.conf | 38 --- bw/temp_nginx/default-server-http.conf | 63 ---- .../default-server-http/disable.conf | 0 .../default-server-http/lets-encrypt.conf | 4 - .../default-server-http/whitelist.conf | 1 - bw/temp_nginx/dhparam | 8 - bw/temp_nginx/fastcgi.conf | 25 -- bw/temp_nginx/fastcgi_params | 25 -- bw/temp_nginx/healthcheck.conf | 25 -- bw/temp_nginx/http.conf | 67 ---- bw/temp_nginx/http/antibot.conf | 9 - bw/temp_nginx/http/client-cache.conf | 4 - bw/temp_nginx/http/headers.conf | 4 - bw/temp_nginx/http/limitconn.conf | 19 -- bw/temp_nginx/http/reverse-proxy.conf | 5 - bw/temp_nginx/init-lua.conf | 118 ------- bw/temp_nginx/log-lua.conf | 44 --- bw/temp_nginx/mime.types | 99 ------ bw/temp_nginx/modsec/ui.conf | 0 bw/temp_nginx/nginx.conf | 61 ---- bw/temp_nginx/scgi_params | 17 - .../server-http/allowed-methods.conf | 4 - bw/temp_nginx/server-http/auth-basic.conf | 0 bw/temp_nginx/server-http/brotli.conf | 0 bw/temp_nginx/server-http/client-cache.conf | 0 bw/temp_nginx/server-http/cors.conf | 0 bw/temp_nginx/server-http/custom-cert.conf | 0 bw/temp_nginx/server-http/custom-headers.conf | 317 ------------------ bw/temp_nginx/server-http/errors.conf | 314 ----------------- bw/temp_nginx/server-http/fastcgi_params | 27 -- bw/temp_nginx/server-http/gzip.conf | 0 bw/temp_nginx/server-http/htpasswd | 0 bw/temp_nginx/server-http/inject.conf | 0 bw/temp_nginx/server-http/lets-encrypt.conf | 5 - bw/temp_nginx/server-http/limitconn.conf | 5 - .../server-http/max-client-size.conf | 1 - .../server-http/modsecurity-rules.conf.modsec | 84 ----- bw/temp_nginx/server-http/modsecurity.conf | 3 - .../server-http/open-file-cache.conf | 4 - bw/temp_nginx/server-http/php.conf | 0 bw/temp_nginx/server-http/real-ip.conf | 0 .../server-http/redirect-http-to-https.conf | 3 - bw/temp_nginx/server-http/redirect.conf | 0 bw/temp_nginx/server-http/remove-headers.conf | 8 - bw/temp_nginx/server-http/reverse-proxy.conf | 0 .../server-http/security-headers.conf | 34 -- bw/temp_nginx/server-http/self-signed.conf | 0 bw/temp_nginx/server-http/serve-files.conf | 3 - bw/temp_nginx/server-http/whitelist.conf | 1 - bw/temp_nginx/server.conf | 28 -- bw/temp_nginx/stream.conf | 47 --- bw/temp_nginx/uwsgi_params | 17 - bw/temp_nginx/variables.env | 184 ---------- 61 files changed, 22 insertions(+), 1802 deletions(-) rename bw/{temp_nginx/www => loading}/index.html (100%) delete mode 100644 bw/temp_nginx/access-lua.conf delete mode 100644 bw/temp_nginx/api.conf delete mode 100644 bw/temp_nginx/default-server-http.conf delete mode 100644 bw/temp_nginx/default-server-http/disable.conf delete mode 100644 bw/temp_nginx/default-server-http/lets-encrypt.conf delete mode 100644 bw/temp_nginx/default-server-http/whitelist.conf delete mode 100644 bw/temp_nginx/dhparam delete mode 100644 bw/temp_nginx/fastcgi.conf delete mode 100644 bw/temp_nginx/fastcgi_params delete mode 100644 bw/temp_nginx/healthcheck.conf delete mode 100644 bw/temp_nginx/http.conf delete mode 100644 bw/temp_nginx/http/antibot.conf delete mode 100644 bw/temp_nginx/http/client-cache.conf delete mode 100644 bw/temp_nginx/http/headers.conf delete mode 100644 bw/temp_nginx/http/limitconn.conf delete mode 100644 bw/temp_nginx/http/reverse-proxy.conf delete mode 100644 bw/temp_nginx/init-lua.conf delete mode 100644 bw/temp_nginx/log-lua.conf delete mode 100644 bw/temp_nginx/mime.types delete mode 100644 bw/temp_nginx/modsec/ui.conf delete mode 100644 bw/temp_nginx/nginx.conf delete mode 100644 bw/temp_nginx/scgi_params delete mode 100644 bw/temp_nginx/server-http/allowed-methods.conf delete mode 100644 bw/temp_nginx/server-http/auth-basic.conf delete mode 100644 bw/temp_nginx/server-http/brotli.conf delete mode 100644 bw/temp_nginx/server-http/client-cache.conf delete mode 100644 bw/temp_nginx/server-http/cors.conf delete mode 100644 bw/temp_nginx/server-http/custom-cert.conf delete mode 100644 bw/temp_nginx/server-http/custom-headers.conf delete mode 100644 bw/temp_nginx/server-http/errors.conf delete mode 100644 bw/temp_nginx/server-http/fastcgi_params delete mode 100644 bw/temp_nginx/server-http/gzip.conf delete mode 100644 bw/temp_nginx/server-http/htpasswd delete mode 100644 bw/temp_nginx/server-http/inject.conf delete mode 100644 bw/temp_nginx/server-http/lets-encrypt.conf delete mode 100644 bw/temp_nginx/server-http/limitconn.conf delete mode 100644 bw/temp_nginx/server-http/max-client-size.conf delete mode 100644 bw/temp_nginx/server-http/modsecurity-rules.conf.modsec delete mode 100644 bw/temp_nginx/server-http/modsecurity.conf delete mode 100644 bw/temp_nginx/server-http/open-file-cache.conf delete mode 100644 bw/temp_nginx/server-http/php.conf delete mode 100644 bw/temp_nginx/server-http/real-ip.conf delete mode 100644 bw/temp_nginx/server-http/redirect-http-to-https.conf delete mode 100644 bw/temp_nginx/server-http/redirect.conf delete mode 100644 bw/temp_nginx/server-http/remove-headers.conf delete mode 100644 bw/temp_nginx/server-http/reverse-proxy.conf delete mode 100644 bw/temp_nginx/server-http/security-headers.conf delete mode 100644 bw/temp_nginx/server-http/self-signed.conf delete mode 100644 bw/temp_nginx/server-http/serve-files.conf delete mode 100644 bw/temp_nginx/server-http/whitelist.conf delete mode 100644 bw/temp_nginx/server.conf delete mode 100644 bw/temp_nginx/stream.conf delete mode 100644 bw/temp_nginx/uwsgi_params delete mode 100644 bw/temp_nginx/variables.env diff --git a/Dockerfile b/Dockerfile index 6730be2c7..1684ff572 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,7 +33,11 @@ COPY bw/cli /opt/bunkerweb/cli COPY bw/helpers /opt/bunkerweb/helpers COPY bw/lua /opt/bunkerweb/lua COPY bw/misc /opt/bunkerweb/misc -COPY bw/temp_nginx /etc/nginx +COPY bw/gen /opt/bunkerweb/gen +COPY bw/settings.json /opt/bunkerweb/settings.json +COPY db /opt/bunkerweb/db +COPY bw/confs /opt/bunkerweb/confs +COPY bw/loading /opt/bunkerweb/loading COPY utils /opt/bunkerweb/utils COPY VERSION /opt/bunkerweb/VERSION diff --git a/bw/confs/default-server-http.conf b/bw/confs/default-server-http.conf index 413720c67..dfc8a4e07 100644 --- a/bw/confs/default-server-http.conf +++ b/bw/confs/default-server-http.conf @@ -10,6 +10,12 @@ server { listen 0.0.0.0:{{ HTTP_PORT }} default_server {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %}; {% endif %} + +{% if IS_LOADING == "yes" +%} + root /opt/bunkerweb/loading; + index index.html; +{% endif %} + # include core and plugins default-server configurations include /etc/nginx/default-server-http/*.conf; diff --git a/bw/confs/http.conf b/bw/confs/http.conf index 031bdd34f..824254522 100644 --- a/bw/confs/http.conf +++ b/bw/confs/http.conf @@ -56,7 +56,7 @@ include /etc/nginx/init-lua.conf; include /etc/nginx/healthcheck.conf; # default server -{% if MULTISITE == "yes" or DISABLE_DEFAULT_SERVER == "yes" or TEMP_NGINX == "yes" +%} +{% if MULTISITE == "yes" or DISABLE_DEFAULT_SERVER == "yes" or IS_LOADING == "yes" +%} include /etc/nginx/default-server-http.conf; {% endif +%} @@ -64,7 +64,6 @@ include /etc/nginx/default-server-http.conf; server_tokens off; # server config(s) -{% if TEMP_NGINX != "yes" +%} {% if MULTISITE == "yes" and SERVER_NAME != "" %} {% set map_servers = {} %} {% for server_name in SERVER_NAME.split(" ") %} @@ -91,4 +90,3 @@ include /etc/nginx/{{ first_server }}/server.conf; {% elif MULTISITE == "no" and SERVER_NAME != "" +%} include /etc/nginx/server.conf; {% endif %} -{% endif %} \ No newline at end of file diff --git a/bw/confs/nginx.conf b/bw/confs/nginx.conf index 27be6b333..153945771 100644 --- a/bw/confs/nginx.conf +++ b/bw/confs/nginx.conf @@ -12,11 +12,7 @@ load_module /opt/bunkerweb/modules/ngx_http_brotli_static_module.so; #load_module /opt/bunkerweb/modules/ngx_stream_lua_module.so; # PID file -{% if TEMP_NGINX != "yes" +%} pid /opt/bunkerweb/tmp/nginx.pid; -{% else +%} -pid /opt/bunkerweb/tmp/nginx-temp.pid; -{% endif %} # worker number (default = auto) worker_processes {{ WORKER_PROCESSES }}; diff --git a/bw/helpers/entrypoint.sh b/bw/helpers/entrypoint.sh index dbfe7a316..15f080a5a 100644 --- a/bw/helpers/entrypoint.sh +++ b/bw/helpers/entrypoint.sh @@ -32,6 +32,10 @@ function trap_reload() { } trap "trap_reload" HUP +# generate "temp" config +echo -e "IS_LOADING=yes\nSERVER_NAME=\nAPI_HTTP_PORT=${API_HTTP_PORT:-5000}\nAPI_SERVER_NAME=${API_SERVER_NAME:-bwapi}\nAPI_WHITELIST_IP=${API_WHITELIST_IP:-127.0.0.0/8}" > /tmp/variables.env +python3 /opt/bunkerweb/gen/main.py --variables /tmp/variables.env + # start nginx log "ENTRYPOINT" "ℹ️" "Starting nginx ..." nginx -g "daemon off;" & @@ -44,4 +48,4 @@ while [ -f "/opt/bunkerweb/tmp/nginx.pid" ] ; do done log "ENTRYPOINT" "ℹ️" "BunkerWeb stopped" -exit 0 \ No newline at end of file +exit 0 diff --git a/bw/temp_nginx/www/index.html b/bw/loading/index.html similarity index 100% rename from bw/temp_nginx/www/index.html rename to bw/loading/index.html diff --git a/bw/settings.json b/bw/settings.json index 4d658119f..e29205e56 100644 --- a/bw/settings.json +++ b/bw/settings.json @@ -1,11 +1,12 @@ { - "TEMP_NGINX": { + "IS_LOADING": { "context": "global", "default": "no", - "help": "internal-use", + "help": "Internal use : set to yes when BW is loading.", "id": "internal-use", - "regex": ".*", - "type": "text" + "label": "internal use", + "regex": "^(yes|no)$", + "type": "check" }, "NGINX_PREFIX": { "context": "global", diff --git a/bw/temp_nginx/access-lua.conf b/bw/temp_nginx/access-lua.conf deleted file mode 100644 index cb0fcb417..000000000 --- a/bw/temp_nginx/access-lua.conf +++ /dev/null @@ -1,64 +0,0 @@ -access_by_lua_block { - -local logger = require "logger" -local datastore = require "datastore" -local plugins = require "plugins" -local utils = require "utils" - --- Don't process internal requests -if ngx.req.is_internal() then - logger.log(ngx.INFO, "ACCESS", "Skipped access phase because request is internal") - return -end - -logger.log(ngx.INFO, "ACCESS", "Access phase started") - --- Process bans as soon as possible -local banned, err = datastore:get("bans_ip_" .. ngx.var.remote_addr) -if banned then - logger.log(ngx.WARN, "ACCESS", "IP " .. ngx.var.remote_addr .. " is banned with reason : " .. banned) - ngx.exit(utils.get_deny_status()) -end - --- List all plugins -local list, err = plugins:list() -if not list then - logger.log(ngx.ERR, "ACCESS", "Can't list loaded plugins : " .. err) - list = {} -end - --- Call access method of plugins -for i, plugin in ipairs(list) do - local ret, plugin_lua = pcall(require, plugin.id .. "/" .. plugin.id) - if ret then - local plugin_obj = plugin_lua.new() - if plugin_obj.access ~= nil then - logger.log(ngx.INFO, "ACCESS", "Executing access() of " .. plugin.id) - local ok, err, ret, value = plugin_obj:access() - if not ok then - logger.log(ngx.ERR, "ACCESS", "Error while calling access() on plugin " .. plugin.id .. " : " .. err) - else - logger.log(ngx.INFO, "ACCESS", "Return value from " .. plugin.id .. ".access() is : " .. err) - end - if ret then - if type(value) == "number" then - if value == utils.get_deny_status() then - logger.log(ngx.WARN, "ACCESS", "Denied access from " .. plugin.id .. " : " .. err) - ngx.var.reason = plugin.id - else - logger.log(ngx.NOTICE, "ACCESS", plugin.id .. " returned status " .. tostring(value) .. " : " .. err) - end - return ngx.exit(value) - else - return value - end - end - else - logger.log(ngx.INFO, "ACCESS", "access() method not found in " .. plugin.id .. ", skipped execution") - end - end -end - -logger.log(ngx.INFO, "ACCESS", "Access phase ended") - -} \ No newline at end of file diff --git a/bw/temp_nginx/api.conf b/bw/temp_nginx/api.conf deleted file mode 100644 index 718303e24..000000000 --- a/bw/temp_nginx/api.conf +++ /dev/null @@ -1,38 +0,0 @@ -server { - server_name bwapi; - - # HTTP listen - listen 0.0.0.0:5000; - listen 127.0.0.1:5000; - - # maximum body size for API - client_max_body_size 1G; - - # default mime type is JSON - default_type 'application/json'; - - # check IP and do the API call - access_by_lua_block { - local api = require "api" - local logger = require "logger" - if not ngx.var.http_host or ngx.var.http_host ~= "bwapi" then - logger.log(ngx.WARN, "API", "Wrong Host header from IP " .. ngx.var.remote_addr) - return ngx.exit(ngx.HTTP_CLOSE) - end - local ok, err = api:is_allowed_ip() - if not ok then - logger.log(ngx.WARN, "API", "Can't validate access from IP " .. ngx.var.remote_addr .. " : " .. err) - return ngx.exit(ngx.HTTP_CLOSE) - end - logger.log(ngx.NOTICE, "API", "Validated access from IP " .. ngx.var.remote_addr) - local ok, err, status, resp = api:do_api_call() - if not ok then - logger.log(ngx.WARN, "API", "Call from " .. ngx.var.remote_addr .. " on " .. ngx.var.uri .. " failed : " .. err) - else - logger.log(ngx.NOTICE, "API", "Successful call from " .. ngx.var.remote_addr .. " on " .. ngx.var.uri .. " : " .. err) - end - ngx.status = status - ngx.say(resp) - return ngx.exit(status) - } -} \ No newline at end of file diff --git a/bw/temp_nginx/default-server-http.conf b/bw/temp_nginx/default-server-http.conf deleted file mode 100644 index 82f6e5025..000000000 --- a/bw/temp_nginx/default-server-http.conf +++ /dev/null @@ -1,63 +0,0 @@ -server { - - # reason variable - set $reason ''; - - server_name _; - - # HTTP listen - - listen 0.0.0.0:8080 default_server ; - - # include core and plugins default-server configurations - include /etc/nginx/default-server-http/*.conf; - - # include custom default-server configurations - include /opt/bunkerweb/configs/default-server-http/*.conf; - - log_by_lua_block { - - local utils = require "utils" - local logger = require "logger" - local datastore = require "datastore" - local plugins = require "plugins" - - logger.log(ngx.INFO, "LOG", "Log phase started") - - -- List all plugins - local list, err = plugins:list() - if not list then - logger.log(ngx.ERR, "LOG", "Can't list loaded plugins : " .. err) - list = {} - end - - -- Call log_default method of plugins - for i, plugin in ipairs(list) do - local ret, plugin_lua = pcall(require, plugin.id .. "/" .. plugin.id) - if ret then - local plugin_obj = plugin_lua.new() - if plugin_obj.log_default ~= nil then - logger.log(ngx.INFO, "LOG", "Executing log_default() of " .. plugin.id) - local ok, err = plugin_obj:log_default() - if not ok then - logger.log(ngx.ERR, "LOG", "Error while calling log_default() on plugin " .. plugin.id .. " : " .. err) - else - logger.log(ngx.INFO, "LOG", "Return value from " .. plugin.id .. ".log_default() is : " .. err) - end - else - logger.log(ngx.INFO, "LOG", "log_default() method not found in " .. plugin.id .. ", skipped execution") - end - end - end - - -- Display reason at info level - local reason = utils.get_reason() - if reason then - logger.log(ngx.INFO, "LOG", "Client was denied with reason : " .. reason) - end - - logger.log(ngx.INFO, "LOG", "Log phase ended") - - } - -} \ No newline at end of file diff --git a/bw/temp_nginx/default-server-http/disable.conf b/bw/temp_nginx/default-server-http/disable.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/default-server-http/lets-encrypt.conf b/bw/temp_nginx/default-server-http/lets-encrypt.conf deleted file mode 100644 index 1111bf69f..000000000 --- a/bw/temp_nginx/default-server-http/lets-encrypt.conf +++ /dev/null @@ -1,4 +0,0 @@ -# set location for challenges -location ~ ^/.well-known/acme-challenge/ { - root /opt/bunkerweb/tmp/lets-encrypt; -} \ No newline at end of file diff --git a/bw/temp_nginx/default-server-http/whitelist.conf b/bw/temp_nginx/default-server-http/whitelist.conf deleted file mode 100644 index 32e1a56a2..000000000 --- a/bw/temp_nginx/default-server-http/whitelist.conf +++ /dev/null @@ -1 +0,0 @@ -set $is_whitelisted ''; \ No newline at end of file diff --git a/bw/temp_nginx/dhparam b/bw/temp_nginx/dhparam deleted file mode 100644 index 088f9673d..000000000 --- a/bw/temp_nginx/dhparam +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== ------END DH PARAMETERS----- \ No newline at end of file diff --git a/bw/temp_nginx/fastcgi.conf b/bw/temp_nginx/fastcgi.conf deleted file mode 100644 index 238f7869f..000000000 --- a/bw/temp_nginx/fastcgi.conf +++ /dev/null @@ -1,25 +0,0 @@ -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/bw/temp_nginx/fastcgi_params b/bw/temp_nginx/fastcgi_params deleted file mode 100644 index 22b99551e..000000000 --- a/bw/temp_nginx/fastcgi_params +++ /dev/null @@ -1,25 +0,0 @@ - -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/bw/temp_nginx/healthcheck.conf b/bw/temp_nginx/healthcheck.conf deleted file mode 100644 index 4184eb845..000000000 --- a/bw/temp_nginx/healthcheck.conf +++ /dev/null @@ -1,25 +0,0 @@ -server { - - # healthcheck service for docker, swarm and k8s - server_name healthcheck.bunkerweb.io; - - # only listen on localhost - listen 127.0.0.1:6000; - - # healthcheck endpoint - location ~ ^/healthz$ { - keepalive_timeout 0; - default_type "text/plain"; - content_by_lua_block { - ngx.say("ok") - } - } - - # disable logging - access_log off; - - # don't respond to other requests - location / { - return 444; - } -} \ No newline at end of file diff --git a/bw/temp_nginx/http.conf b/bw/temp_nginx/http.conf deleted file mode 100644 index 11bf8f199..000000000 --- a/bw/temp_nginx/http.conf +++ /dev/null @@ -1,67 +0,0 @@ -# /etc/nginx/base_http.conf - -# zero copy within the kernel -sendfile on; - -# send packets only if filled -tcp_nopush on; - -# remove 200ms delay -tcp_nodelay on; - -# load mime types and set default one -include /etc/nginx/mime.types; -default_type application/octet-stream; - -# access log format -log_format logf '$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; -access_log /var/log/nginx/access.log logf; - -# temp paths -proxy_temp_path /opt/bunkerweb/tmp/proxy_temp; -client_body_temp_path /opt/bunkerweb/tmp/client_temp; -fastcgi_temp_path /opt/bunkerweb/tmp/fastcgi_temp; -uwsgi_temp_path /opt/bunkerweb/tmp/uwsgi_temp; -scgi_temp_path /opt/bunkerweb/tmp/scgi_temp; - -# close connections in FIN_WAIT1 state -reset_timedout_connection on; - -# timeouts -client_body_timeout 10; -client_header_timeout 10; -keepalive_timeout 15; -send_timeout 10; - -# resolvers to use -resolver 127.0.0.11 ipv6=off; - -# remove ports when sending redirects -port_in_redirect off; - -# lua path and dicts -lua_package_path "/opt/bunkerweb/lua/?.lua;/opt/bunkerweb/core/?.lua;/opt/bunkerweb/plugins/?.lua;/opt/bunkerweb/deps/lib/lua/?.lua;;"; -lua_package_cpath "/opt/bunkerweb/deps/lib/?.so;/opt/bunkerweb/deps/lib/lua/?.so;;"; -lua_ssl_trusted_certificate "/opt/bunkerweb/misc/root-ca.pem"; -lua_ssl_verify_depth 2; -lua_shared_dict datastore 256m; - -# LUA init block -include /etc/nginx/init-lua.conf; - -# API server -include /etc/nginx/api.conf; - -# healthcheck server -include /etc/nginx/healthcheck.conf; - -# default server - - -# disable sending nginx version globally -server_tokens off; - -# server config(s) - - -include /etc/nginx/server.conf; diff --git a/bw/temp_nginx/http/antibot.conf b/bw/temp_nginx/http/antibot.conf deleted file mode 100644 index 003c6dd03..000000000 --- a/bw/temp_nginx/http/antibot.conf +++ /dev/null @@ -1,9 +0,0 @@ -map "random" $session_secret { - default "random"; - "random" "C5rVWIkDAQrYckTEHCMfcdFaEN9kz7oG"; -} - -map "random" $session_name { - default "random"; - "random" "045T9173ACZquAQh"; -} \ No newline at end of file diff --git a/bw/temp_nginx/http/client-cache.conf b/bw/temp_nginx/http/client-cache.conf deleted file mode 100644 index b9c30b8ca..000000000 --- a/bw/temp_nginx/http/client-cache.conf +++ /dev/null @@ -1,4 +0,0 @@ -map $uri $cache_control { - default ""; - "~\.(jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2)$" "public, max-age=15552000"; -} \ No newline at end of file diff --git a/bw/temp_nginx/http/headers.conf b/bw/temp_nginx/http/headers.conf deleted file mode 100644 index 2502cb55f..000000000 --- a/bw/temp_nginx/http/headers.conf +++ /dev/null @@ -1,4 +0,0 @@ -map $scheme $header_cookie_secure { - default ""; - "https" "secure"; -} \ No newline at end of file diff --git a/bw/temp_nginx/http/limitconn.conf b/bw/temp_nginx/http/limitconn.conf deleted file mode 100644 index 6db6ce4c4..000000000 --- a/bw/temp_nginx/http/limitconn.conf +++ /dev/null @@ -1,19 +0,0 @@ - - -map $http2 $v1ip { - default ""; - "" $binary_remote_addr; -} - -map $http2 $v2ip { - default $binary_remote_addr; - "" ""; -} - -limit_conn_zone $v1ip zone=v1ips:10m; -limit_conn_zone $v2ip zone=v2ips:10m; - -limit_conn_log_level warn; - -limit_conn_status 429; - diff --git a/bw/temp_nginx/http/reverse-proxy.conf b/bw/temp_nginx/http/reverse-proxy.conf deleted file mode 100644 index 1e4817142..000000000 --- a/bw/temp_nginx/http/reverse-proxy.conf +++ /dev/null @@ -1,5 +0,0 @@ - -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} \ No newline at end of file diff --git a/bw/temp_nginx/init-lua.conf b/bw/temp_nginx/init-lua.conf deleted file mode 100644 index 735206847..000000000 --- a/bw/temp_nginx/init-lua.conf +++ /dev/null @@ -1,118 +0,0 @@ -init_by_lua_block { - -local logger = require "logger" -local datastore = require "datastore" -local plugins = require "plugins" -local utils = require "utils" -local cjson = require "cjson" - -logger.log(ngx.NOTICE, "INIT", "Init phase started") - --- Remove previous data from the datastore -local data_keys = {"^plugin_", "^variable_", "^plugins$", "^api_", "^misc_"} -for i, key in pairs(data_keys) do - local ok, err = datastore:delete_all(key) - if not ok then - logger.log(ngx.ERR, "INIT", "Can't delete " .. key .. " from datastore : " .. err) - return false - end - logger.log(ngx.INFO, "INIT", "Deleted " .. key .. " from datastore") -end - --- Load variables into the datastore -local file = io.open("/etc/nginx/variables.env") -if not file then - logger.log(ngx.ERR, "INIT", "Can't open /etc/nginx/variables.env file") - return false -end -file:close() -for line in io.lines("/etc/nginx/variables.env") do - local variable, value = line:match("(.+)=(.*)") - ok, err = datastore:set("variable_" .. variable, value) - if not ok then - logger.log(ngx.ERR, "INIT", "Can't save variable " .. variable .. " into datastore") - return false - end -end - --- Set default values into the datastore -ok, err = datastore:set("plugins", cjson.encode({})) -if not ok then - logger.log(ngx.ERR, "INIT", "Can't set default value for plugins into the datastore : " .. err) - return false -end -ok, err = utils.set_values() -if not ok then - logger.log(ngx.ERR, "INIT", "Error while setting default values : " .. err) - return false -end - --- API setup -local value, err = datastore:get("variable_USE_API") -if not value then - logger.log(ngx.ERR, "INIT", "Can't get variable USE_API from the datastore") - return false -end -if value == "yes" then - value, err = datastore:get("variable_API_WHITELIST_IP") - if not value then - logger.log(ngx.ERR, "INIT", "Can't get variable API_WHITELIST_IP from the datastore") - return false - end - local whitelists = { data = {}} - for whitelist in value:gmatch("%S+") do - table.insert(whitelists.data, whitelist) - end - ok, err = datastore:set("api_whitelist_ip", cjson.encode(whitelists)) - if not ok then - logger.log(ngx.ERR, "INIT", "Can't save api_whitelist_ip to datastore : " .. err) - return false - end -end - --- Load plugins into the datastore -local plugin_paths = {"/opt/bunkerweb/core", "/opt/bunkerweb/plugins"} -for i, plugin_path in ipairs(plugin_paths) do - local paths = io.popen("find -L " .. plugin_path .. " -maxdepth 1 -type d ! -path " .. plugin_path) - for path in paths:lines() do - plugin, err = plugins:load(path) - if not plugin then - logger.log(ngx.ERR, "INIT", "Error while loading plugin from " .. path .. " : " .. err) - return false - end - logger.log(ngx.NOTICE, "INIT", "Loaded plugin " .. plugin.id .. " v" .. plugin.version) - end -end - --- Call init method of plugins -local list, err = plugins:list() -if not list then - logger.log(ngx.ERR, "INIT", "Can't list loaded plugins : " .. err) - list = {} -end -for i, plugin in ipairs(list) do - local ret, plugin_lua = pcall(require, plugin.id .. "/" .. plugin.id) - if ret then - local plugin_obj = plugin_lua.new() - if plugin_obj.init ~= nil then - ok, err = plugin_obj:init() - if not ok then - logger.log(ngx.ERR, "INIT", "Plugin " .. plugin.id .. " failed on init() : " .. err) - else - logger.log(ngx.INFO, "INIT", "Successfull init() call for plugin " .. plugin.id .. " : " .. err) - end - else - logger.log(ngx.INFO, "INIT", "init() method not found in " .. plugin.id .. ", skipped execution") - end - else - if plugin_lua:match("not found") then - logger.log(ngx.INFO, "INIT", "can't require " .. plugin.id .. " : not found") - else - logger.log(ngx.ERR, "INIT", "can't require " .. plugin.id .. " : " .. plugin_lua) - end - end -end - -logger.log(ngx.NOTICE, "INIT", "Init phase ended") - -} \ No newline at end of file diff --git a/bw/temp_nginx/log-lua.conf b/bw/temp_nginx/log-lua.conf deleted file mode 100644 index b3448d129..000000000 --- a/bw/temp_nginx/log-lua.conf +++ /dev/null @@ -1,44 +0,0 @@ -log_by_lua_block { - -local utils = require "utils" -local logger = require "logger" -local datastore = require "datastore" -local plugins = require "plugins" - -logger.log(ngx.INFO, "LOG", "Log phase started") - --- List all plugins -local list, err = plugins:list() -if not list then - logger.log(ngx.ERR, "LOG", "Can't list loaded plugins : " .. err) - list = {} -end - --- Call log method of plugins -for i, plugin in ipairs(list) do - local ret, plugin_lua = pcall(require, plugin.id .. "/" .. plugin.id) - if ret then - local plugin_obj = plugin_lua.new() - if plugin_obj.log ~= nil then - logger.log(ngx.INFO, "LOG", "Executing log() of " .. plugin.id) - local ok, err = plugin_obj:log() - if not ok then - logger.log(ngx.ERR, "LOG", "Error while calling log() on plugin " .. plugin.id .. " : " .. err) - else - logger.log(ngx.INFO, "LOG", "Return value from " .. plugin.id .. ".log() is : " .. err) - end - else - logger.log(ngx.INFO, "LOG", "log() method not found in " .. plugin.id .. ", skipped execution") - end - end -end - --- Display reason at info level -local reason = utils.get_reason() -if reason then - logger.log(ngx.INFO, "LOG", "Client was denied with reason : " .. reason) -end - -logger.log(ngx.INFO, "LOG", "Log phase ended") - -} \ No newline at end of file diff --git a/bw/temp_nginx/mime.types b/bw/temp_nginx/mime.types deleted file mode 100644 index b4828d669..000000000 --- a/bw/temp_nginx/mime.types +++ /dev/null @@ -1,99 +0,0 @@ - -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/avif avif; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/wasm wasm; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} \ No newline at end of file diff --git a/bw/temp_nginx/modsec/ui.conf b/bw/temp_nginx/modsec/ui.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/nginx.conf b/bw/temp_nginx/nginx.conf deleted file mode 100644 index 13acc67eb..000000000 --- a/bw/temp_nginx/nginx.conf +++ /dev/null @@ -1,61 +0,0 @@ -# /etc/nginx/nginx.conf - -# load dynamic modules -load_module /opt/bunkerweb/modules/ngx_http_cookie_flag_filter_module.so; -#load_module /opt/bunkerweb/modules/ngx_http_geoip2_module.so; -load_module /opt/bunkerweb/modules/ngx_http_headers_more_filter_module.so; -load_module /opt/bunkerweb/modules/ngx_http_lua_module.so; -load_module /opt/bunkerweb/modules/ngx_http_modsecurity_module.so; -load_module /opt/bunkerweb/modules/ngx_http_brotli_filter_module.so; -load_module /opt/bunkerweb/modules/ngx_http_brotli_static_module.so; -#load_module /opt/bunkerweb/modules/ngx_stream_geoip2_module.so; -#load_module /opt/bunkerweb/modules/ngx_stream_lua_module.so; - -# PID file - -pid /opt/bunkerweb/tmp/nginx.pid; - -# worker number (default = auto) -worker_processes auto; - -# faster regexp -pcre_jit on; - -# max open files for each worker -worker_rlimit_nofile 2048; - -# error log level -error_log /var/log/nginx/error.log notice; - -# reason env var -env REASON; - -events { - # max connections per worker - worker_connections 1024; - - # epoll seems to be the best on Linux - use epoll; -} - -http { - # include base http configuration - include /etc/nginx/http.conf; - - # include core and plugins http configurations - include /etc/nginx/http/*.conf; - - # include custom http configurations - include /opt/bunkerweb/configs/http/*.conf; -} - -#stream { - # include base stream configuration -# include /etc/nginx/stream.conf; - - # include core and plugins stream configurations -# include /etc/nginx/stream/*.conf; - - # include custom stream configurations -# include /opt/bunkerweb/configs/stream/*.conf; -#} \ No newline at end of file diff --git a/bw/temp_nginx/scgi_params b/bw/temp_nginx/scgi_params deleted file mode 100644 index 1d56c8bb3..000000000 --- a/bw/temp_nginx/scgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -scgi_param REQUEST_METHOD $request_method; -scgi_param REQUEST_URI $request_uri; -scgi_param QUERY_STRING $query_string; -scgi_param CONTENT_TYPE $content_type; - -scgi_param DOCUMENT_URI $document_uri; -scgi_param DOCUMENT_ROOT $document_root; -scgi_param SCGI 1; -scgi_param SERVER_PROTOCOL $server_protocol; -scgi_param REQUEST_SCHEME $scheme; -scgi_param HTTPS $https if_not_empty; - -scgi_param REMOTE_ADDR $remote_addr; -scgi_param REMOTE_PORT $remote_port; -scgi_param SERVER_PORT $server_port; -scgi_param SERVER_NAME $server_name; \ No newline at end of file diff --git a/bw/temp_nginx/server-http/allowed-methods.conf b/bw/temp_nginx/server-http/allowed-methods.conf deleted file mode 100644 index 331bbc451..000000000 --- a/bw/temp_nginx/server-http/allowed-methods.conf +++ /dev/null @@ -1,4 +0,0 @@ - -if ($request_method !~ ^(GET|POST|HEAD)$) { - return 405; -} diff --git a/bw/temp_nginx/server-http/auth-basic.conf b/bw/temp_nginx/server-http/auth-basic.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/brotli.conf b/bw/temp_nginx/server-http/brotli.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/client-cache.conf b/bw/temp_nginx/server-http/client-cache.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/cors.conf b/bw/temp_nginx/server-http/cors.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/custom-cert.conf b/bw/temp_nginx/server-http/custom-cert.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/custom-headers.conf b/bw/temp_nginx/server-http/custom-headers.conf deleted file mode 100644 index 50ec74cca..000000000 --- a/bw/temp_nginx/server-http/custom-headers.conf +++ /dev/null @@ -1,317 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bw/temp_nginx/server-http/errors.conf b/bw/temp_nginx/server-http/errors.conf deleted file mode 100644 index 4a33cf3e7..000000000 --- a/bw/temp_nginx/server-http/errors.conf +++ /dev/null @@ -1,314 +0,0 @@ - - - - -error_page 400 @400; - -location @400 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 400 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 401 @401; - -location @401 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 401 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 403 @403; - -location @403 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 403 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 404 @404; - -location @404 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 404 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 405 =200 @405; - -location @405 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 405 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 413 @413; - -location @413 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 413 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 429 @429; - -location @429 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 429 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 500 @500; - -location @500 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 500 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 501 @501; - -location @501 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 501 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 502 @502; - -location @502 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 502 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 503 @503; - -location @503 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 503 : " .. err) - else - ngx.say(html) - end - } -} - - - -error_page 504 @504; - -location @504 { - auth_basic off; - internal; - modsecurity off; - default_type 'text/html'; - content_by_lua_block { - local logger = require "logger" - local errors = require "errors.errors" - local html, err - if ngx.status == 200 then - html, err = errors.error_html(tostring(405)) - else - html, err = errors.error_html(tostring(ngx.status)) - end - if not html then - logger.log(ngx.ERR, "ERRORS", "Error while computing HTML error template for 504 : " .. err) - else - ngx.say(html) - end - } -} - diff --git a/bw/temp_nginx/server-http/fastcgi_params b/bw/temp_nginx/server-http/fastcgi_params deleted file mode 100644 index 011606708..000000000 --- a/bw/temp_nginx/server-http/fastcgi_params +++ /dev/null @@ -1,27 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; - -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/bw/temp_nginx/server-http/gzip.conf b/bw/temp_nginx/server-http/gzip.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/htpasswd b/bw/temp_nginx/server-http/htpasswd deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/inject.conf b/bw/temp_nginx/server-http/inject.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/lets-encrypt.conf b/bw/temp_nginx/server-http/lets-encrypt.conf deleted file mode 100644 index b7e715617..000000000 --- a/bw/temp_nginx/server-http/lets-encrypt.conf +++ /dev/null @@ -1,5 +0,0 @@ -# set location for challenges -location ~ ^/.well-known/acme-challenge/ { - root /opt/bunkerweb/tmp/lets-encrypt; -} - diff --git a/bw/temp_nginx/server-http/limitconn.conf b/bw/temp_nginx/server-http/limitconn.conf deleted file mode 100644 index 316b499e6..000000000 --- a/bw/temp_nginx/server-http/limitconn.conf +++ /dev/null @@ -1,5 +0,0 @@ - - -limit_conn v1ips 10; -limit_conn v2ips 100; - diff --git a/bw/temp_nginx/server-http/max-client-size.conf b/bw/temp_nginx/server-http/max-client-size.conf deleted file mode 100644 index cf510b15c..000000000 --- a/bw/temp_nginx/server-http/max-client-size.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 10m; \ No newline at end of file diff --git a/bw/temp_nginx/server-http/modsecurity-rules.conf.modsec b/bw/temp_nginx/server-http/modsecurity-rules.conf.modsec deleted file mode 100644 index def21efd1..000000000 --- a/bw/temp_nginx/server-http/modsecurity-rules.conf.modsec +++ /dev/null @@ -1,84 +0,0 @@ -# process rules with disruptive actions -SecRuleEngine On - -# allow body checks -SecRequestBodyAccess On - -# enable XML parsing -SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \ - "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" - -# enable JSON parsing -SecRule REQUEST_HEADERS:Content-Type "application/json" \ - "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" - -# maximum data size -SecRequestBodyLimit 10485760 -SecRequestBodyNoFilesLimit 131072 - -# reject requests if bigger than max data size -SecRequestBodyLimitAction Reject - -# reject if we can't process the body -SecRule REQBODY_ERROR "!@eq 0" \ -"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" - -# be strict with multipart/form-data body -SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ -"id:'200003',phase:2,t:none,log,deny,status:400, \ -msg:'Multipart request body failed strict validation: \ -PE %{REQBODY_PROCESSOR_ERROR}, \ -BQ %{MULTIPART_BOUNDARY_QUOTED}, \ -BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ -DB %{MULTIPART_DATA_BEFORE}, \ -DA %{MULTIPART_DATA_AFTER}, \ -HF %{MULTIPART_HEADER_FOLDING}, \ -LF %{MULTIPART_LF_LINE}, \ -SM %{MULTIPART_MISSING_SEMICOLON}, \ -IQ %{MULTIPART_INVALID_QUOTING}, \ -IP %{MULTIPART_INVALID_PART}, \ -IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ -FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" -SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \ - "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" - -# enable response body checks -SecResponseBodyAccess On -SecResponseBodyMimeType text/plain text/html text/xml application/json -SecResponseBodyLimit 524288 -SecResponseBodyLimitAction ProcessPartial - -# log usefull stuff -SecAuditEngine RelevantOnly -SecAuditLogParts ABCFHZ -SecAuditLogType Serial -SecAuditLog /var/log/nginx/modsec_audit.log - -# include OWASP CRS configurations -include /opt/bunkerweb/core/modsecurity/files/crs-setup.conf - -# custom CRS configurations before loading rules (e.g. exclusions) - -# unset REASON env var -SecAction "nolog,phase:1,setenv:REASON=none" - -# Auto update allowed methods - -SecAction \ - "id:900200,\ - phase:1,\ - nolog,\ - pass,\ - t:none,\ - setvar:'tx.allowed_methods=GET POST HEAD'" - - -# include OWASP CRS rules -include /opt/bunkerweb/core/modsecurity/files/coreruleset/rules/*.conf - -# custom rules after loading the CRS -include /etc/nginx/modsec/*.conf - -# set REASON env var -SecRuleUpdateActionById 949110 "t:none,deny,status:403,setenv:REASON=modsecurity" -SecRuleUpdateActionById 959100 "t:none,deny,status:403,setenv:REASON=modsecurity" diff --git a/bw/temp_nginx/server-http/modsecurity.conf b/bw/temp_nginx/server-http/modsecurity.conf deleted file mode 100644 index db4fd8976..000000000 --- a/bw/temp_nginx/server-http/modsecurity.conf +++ /dev/null @@ -1,3 +0,0 @@ - -modsecurity on; -modsecurity_rules_file /etc/nginx/server-http/modsecurity-rules.conf.modsec; diff --git a/bw/temp_nginx/server-http/open-file-cache.conf b/bw/temp_nginx/server-http/open-file-cache.conf deleted file mode 100644 index 59830ea6b..000000000 --- a/bw/temp_nginx/server-http/open-file-cache.conf +++ /dev/null @@ -1,4 +0,0 @@ -open_file_cache max=1000 inactive=20s; -open_file_cache_errors on ; -open_file_cache_min_uses 2; -open_file_cache_valid 30s; \ No newline at end of file diff --git a/bw/temp_nginx/server-http/php.conf b/bw/temp_nginx/server-http/php.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/real-ip.conf b/bw/temp_nginx/server-http/real-ip.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/redirect-http-to-https.conf b/bw/temp_nginx/server-http/redirect-http-to-https.conf deleted file mode 100644 index b28b04f64..000000000 --- a/bw/temp_nginx/server-http/redirect-http-to-https.conf +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/bw/temp_nginx/server-http/redirect.conf b/bw/temp_nginx/server-http/redirect.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/remove-headers.conf b/bw/temp_nginx/server-http/remove-headers.conf deleted file mode 100644 index 57b593b83..000000000 --- a/bw/temp_nginx/server-http/remove-headers.conf +++ /dev/null @@ -1,8 +0,0 @@ - -more_clear_headers 'Server'; - -more_clear_headers 'X-Powered-By'; - -more_clear_headers 'X-AspNet-Version'; - -more_clear_headers 'X-AspNetMvc-Version'; diff --git a/bw/temp_nginx/server-http/reverse-proxy.conf b/bw/temp_nginx/server-http/reverse-proxy.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/security-headers.conf b/bw/temp_nginx/server-http/security-headers.conf deleted file mode 100644 index 91181807f..000000000 --- a/bw/temp_nginx/server-http/security-headers.conf +++ /dev/null @@ -1,34 +0,0 @@ - - - - -set_cookie_flag * HttpOnly SameSite=Lax; - - - - -more_set_headers "Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';"; - - - -more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; - - - -more_set_headers "Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"; - - - -more_set_headers "Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';"; - - - -more_set_headers "X-Frame-Options: SAMEORIGIN"; - - - -more_set_headers "X-Content-Type-Options: nosniff"; - - - -more_set_headers "X-XSS-Protection: 1; mode=block"; diff --git a/bw/temp_nginx/server-http/self-signed.conf b/bw/temp_nginx/server-http/self-signed.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/bw/temp_nginx/server-http/serve-files.conf b/bw/temp_nginx/server-http/serve-files.conf deleted file mode 100644 index 0191f1100..000000000 --- a/bw/temp_nginx/server-http/serve-files.conf +++ /dev/null @@ -1,3 +0,0 @@ - - root /opt/bunkerweb/www/; - try_files $uri $uri/ =404; diff --git a/bw/temp_nginx/server-http/whitelist.conf b/bw/temp_nginx/server-http/whitelist.conf deleted file mode 100644 index 32e1a56a2..000000000 --- a/bw/temp_nginx/server-http/whitelist.conf +++ /dev/null @@ -1 +0,0 @@ -set $is_whitelisted ''; \ No newline at end of file diff --git a/bw/temp_nginx/server.conf b/bw/temp_nginx/server.conf deleted file mode 100644 index c75f3a19e..000000000 --- a/bw/temp_nginx/server.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - # server name (vhost) - server_name www.example.com; - - # HTTP listen - - listen 0.0.0.0:8080 default_server; - - index index.php index.html index.htm; - - # custom config - include /opt/bunkerweb/configs/server-http/*.conf; - - # reason variable - set $reason ''; - - # include LUA files - include /etc/nginx/access-lua.conf; - include /etc/nginx/log-lua.conf; - - # include config files - include /etc/nginx/server-http/*.conf; - - location / { - root /etc/nginx/www/; - try_files $uri /index.html; - } -} \ No newline at end of file diff --git a/bw/temp_nginx/stream.conf b/bw/temp_nginx/stream.conf deleted file mode 100644 index c92fa50bb..000000000 --- a/bw/temp_nginx/stream.conf +++ /dev/null @@ -1,47 +0,0 @@ -# /etc/nginx/stream.conf - -# size of the preread buffer -preread_buffer_size 16k; - -# timeout of the preread phase -preread_timeout 30s; - -# proxy protocol timeout -proxy_protocol_timeout 30s; - -# resolvers to use -resolver 127.0.0.11 ipv6=off; - -# resolver timeout -resolver_timeout 30s; - -# remove 200ms delay -tcp_nodelay on; - -# bucket hash size -variables_hash_bucket_size 64; -variables_hash_max_size 1024; - -# log format and level -log_format proxy '$remote_addr [$time_local] ' - '$protocol $status $bytes_sent $bytes_received ' - '$session_time "$upstream_addr" ' - '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"'; -access_log /var/log/nginx/access.log proxy; - -# lua path and dicts -lua_package_path "/opt/bunkerweb/lua/?.lua;/opt/bunkerweb/core/?.lua;/opt/bunkerweb/plugins/?.lua;/opt/bunkerweb/deps/lib/lua/?.lua;;"; -lua_package_cpath "/opt/bunkerweb/deps/lib/?.so;/opt/bunkerweb/deps/lib/lua/?.so;;"; -lua_ssl_trusted_certificate "/opt/bunkerweb/misc/root-ca.pem"; -lua_ssl_verify_depth 2; -lua_shared_dict datastore 256m; - -# LUA init block -include /etc/nginx/init-lua.conf; - -# default server when MULTISITE=yes - - -# server config(s) - -include /etc/nginx/server.conf; diff --git a/bw/temp_nginx/uwsgi_params b/bw/temp_nginx/uwsgi_params deleted file mode 100644 index e42d9a910..000000000 --- a/bw/temp_nginx/uwsgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -uwsgi_param QUERY_STRING $query_string; -uwsgi_param REQUEST_METHOD $request_method; -uwsgi_param CONTENT_TYPE $content_type; -uwsgi_param CONTENT_LENGTH $content_length; - -uwsgi_param REQUEST_URI $request_uri; -uwsgi_param PATH_INFO $document_uri; -uwsgi_param DOCUMENT_ROOT $document_root; -uwsgi_param SERVER_PROTOCOL $server_protocol; -uwsgi_param REQUEST_SCHEME $scheme; -uwsgi_param HTTPS $https if_not_empty; - -uwsgi_param REMOTE_ADDR $remote_addr; -uwsgi_param REMOTE_PORT $remote_port; -uwsgi_param SERVER_PORT $server_port; -uwsgi_param SERVER_NAME $server_name; \ No newline at end of file diff --git a/bw/temp_nginx/variables.env b/bw/temp_nginx/variables.env deleted file mode 100644 index b6255230d..000000000 --- a/bw/temp_nginx/variables.env +++ /dev/null @@ -1,184 +0,0 @@ -TEMP_NGINX=yes -NGINX_PREFIX=/etc/nginx/ -HTTP_PORT=8080 -HTTPS_PORT=8443 -MULTISITE=no -SERVER_NAME=www.example.com -WORKER_PROCESSES=auto -WORKER_RLIMIT_NOFILE=2048 -WORKER_CONNECTIONS=1024 -LOG_FORMAT=$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" -LOG_LEVEL=notice -DNS_RESOLVERS=127.0.0.11 -DATASTORE_MEMORY_SIZE=256m -USE_API=yes -API_HTTP_PORT=5000 -API_SERVER_NAME=bwapi -API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 -AUTOCONF_MODE=no -SWARM_MODE=no -KUBERNETES_MODE=no -USE_BROTLI=no -BROTLI_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml -BROTLI_MIN_LENGTH=1000 -BROTLI_COMP_LEVEL=6 -USE_CUSTOM_HTTPS=no -CUSTOM_HTTPS_CERT= -CUSTOM_HTTPS_KEY= -USE_AUTH_BASIC=no -AUTH_BASIC_LOCATION=sitewide -AUTH_BASIC_USER=changeme -AUTH_BASIC_PASSWORD=changeme -AUTH_BASIC_TEXT=Restricted area -DATABASE_URI=sqlite:////data/db.sqlite3 -ERRORS= -REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version -STRICT_TRANSPORT_SECURITY=max-age=31536000 -COOKIE_FLAGS=* HttpOnly SameSite=Lax -COOKIE_AUTO_SECURE_FLAG=yes -CONTENT_SECURITY_POLICY=object-src 'none'; form-action 'self'; frame-ancestors 'self'; -REFERRER_POLICY=strict-origin-when-cross-origin -PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=() -FEATURE_POLICY=accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none'; -X_FRAME_OPTIONS=SAMEORIGIN -X_CONTENT_TYPE_OPTIONS=nosniff -X_XSS_PROTECTION=1; mode=block -USE_MODSECURITY=yes -USE_MODSECURITY_CRS=yes -MODSECURITY_SEC_AUDIT_ENGINE=RelevantOnly -MODSECURITY_SEC_RULE_ENGINE=On -MODSECURITY_SEC_AUDIT_LOG_PARTS=ABCFHZ -USE_REVERSE_PROXY=no -REVERSE_PROXY_INTERCEPT_ERRORS=yes -USE_PROXY_CACHE=no -PROXY_CACHE_PATH_LEVELS=1:2 -PROXY_CACHE_PATH_ZONE_SIZE=10m -PROXY_CACHE_PATH_PARAMS=max_size=100m -PROXY_CACHE_METHODS=GET HEAD -PROXY_CACHE_MIN_USES=2 -PROXY_CACHE_KEY=$scheme$host$request_uri -PROXY_CACHE_VALID=200=24h 301=1h 302=24h -PROXY_NO_CACHE=$http_pragma $http_authorization -PROXY_CACHE_BYPASS=0 -DISABLE_DEFAULT_SERVER=no -REDIRECT_HTTP_TO_HTTPS=no -AUTO_REDIRECT_HTTP_TO_HTTPS=yes -ALLOWED_METHODS=GET|POST|HEAD -MAX_CLIENT_SIZE=10m -SERVE_FILES=yes -ROOT_FOLDER= -HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3 -HTTP2=yes -LISTEN_HTTP=yes -USE_OPEN_FILE_CACHE=no -OPEN_FILE_CACHE=max=1000 inactive=20s -OPEN_FILE_CACHE_ERRORS=yes -OPEN_FILE_CACHE_MIN_USES=2 -OPEN_FILE_CACHE_VALID=30s -EXTERNAL_PLUGIN_URLS= -DENY_HTTP_STATUS=403 -USE_BAD_BEHAVIOR=yes -BAD_BEHAVIOR_STATUS_CODES=400 401 403 404 405 429 444 -BAD_BEHAVIOR_BAN_TIME=86400 -BAD_BEHAVIOR_THRESHOLD=10 -BAD_BEHAVIOR_COUNT_TIME=60 -AUTO_LETS_ENCRYPT=no -EMAIL_LETS_ENCRYPT= -USE_LETS_ENCRYPT_STAGING=no -GENERATE_SELF_SIGNED_SSL=no -SELF_SIGNED_SSL_EXPIRY=365 -SELF_SIGNED_SSL_SUBJ=/CN=www.example.com/ -REMOTE_PHP= -REMOTE_PHP_PATH= -LOCAL_PHP= -LOCAL_PHP_PATH= -REDIRECT_TO= -REDIRECT_TO_REQUEST_URI=no -USE_CLIENT_CACHE=no -CLIENT_CACHE_EXTENSIONS=jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2 -CLIENT_CACHE_ETAG=yes -CLIENT_CACHE_CONTROL=public, max-age=15552000 -USE_REAL_IP=no -USE_PROXY_PROTOCOL=no -REAL_IP_FROM=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 -REAL_IP_FROM_URLS= -REAL_IP_HEADER=X-Forwarded-For -REAL_IP_RECURSIVE=yes -USE_GZIP=no -GZIP_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml -GZIP_MIN_LENGTH=1000 -GZIP_COMP_LEVEL=5 -INJECT_BODY= -USE_CORS=no -CORS_ALLOW_ORIGIN=* -CORS_EXPOSE_HEADERS=Content-Length,Content-Range -CORS_MAX_AGE=86400 -CORS_ALLOW_CREDENTIALS=no -CORS_ALLOW_METHODS=GET, POST, OPTIONS -CORS_ALLOW_HEADERS=DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range -USE_UI=no -USE_DNSBL=yes -DNSBL_LIST=bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org -USE_ANTIBOT=no -ANTIBOT_URI=/challenge -ANTIBOT_SESSION_SECRET=random -ANTIBOT_SESSION_NAME=random -ANTIBOT_RECAPTCHA_SCORE=0.7 -ANTIBOT_RECAPTCHA_SITEKEY= -ANTIBOT_RECAPTCHA_SECRET= -ANTIBOT_HCAPTCHA_SITEKEY= -ANTIBOT_HCAPTCHA_SECRET= -USE_WHITELIST=yes -WHITELIST_IP_URLS= -WHITELIST_IP=20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8 -WHITELIST_RDNS=.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com -WHITELIST_RDNS_URLS= -WHITELIST_RDNS_GLOBAL=yes -WHITELIST_ASN=32934 -WHITELIST_ASN_URLS= -WHITELIST_USER_AGENT= -WHITELIST_USER_AGENT_URLS= -WHITELIST_URI= -WHITELIST_URI_URLS= -USE_BLACKLIST=yes -BLACKLIST_IP_URLS=https://www.dan.me.uk/torlist/?exit -BLACKLIST_IP= -BLACKLIST_RDNS=.shodan.io .censys.io -BLACKLIST_RDNS_URLS= -BLACKLIST_RDNS_GLOBAL=yes -BLACKLIST_ASN= -BLACKLIST_ASN_URLS= -BLACKLIST_USER_AGENT= -BLACKLIST_USER_AGENT_URLS=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list -BLACKLIST_URI= -BLACKLIST_URI_URLS= -BLACKLIST_IGNORE_IP_URLS= -BLACKLIST_IGNORE_IP= -BLACKLIST_IGNORE_RDNS= -BLACKLIST_IGNORE_RDNS_URLS= -BLACKLIST_IGNORE_ASN= -BLACKLIST_IGNORE_ASN_URLS= -BLACKLIST_IGNORE_USER_AGENT= -BLACKLIST_IGNORE_USER_AGENT_URLS= -BLACKLIST_IGNORE_URI= -BLACKLIST_IGNORE_URI_URLS= -USE_GREYLIST=no -GREYLIST_IP_URLS= -GREYLIST_IP= -GREYLIST_RDNS= -GREYLIST_RDNS_URLS= -GREYLIST_RDNS_GLOBAL=yes -GREYLIST_ASN= -GREYLIST_ASN_URLS= -GREYLIST_USER_AGENT= -GREYLIST_USER_AGENT_URLS= -GREYLIST_URI= -GREYLIST_URI_URLS= -USE_LIMIT_REQ=yes -USE_LIMIT_CONN=yes -LIMIT_CONN_MAX_HTTP1=10 -LIMIT_CONN_MAX_HTTP2=100 -BLACKLIST_COUNTRY= -WHITELIST_COUNTRY= -USE_BUNKERNET=yes -BUNKERNET_SERVER=https://api.bunkerweb.io \ No newline at end of file