diff --git a/docs/assets/img/core-order.svg b/docs/assets/img/core-order.svg
new file mode 100755
index 000000000..6b2f0bce6
--- /dev/null
+++ b/docs/assets/img/core-order.svg
@@ -0,0 +1,4 @@
+
+
+
+
\ No newline at end of file
diff --git a/docs/backup-new-integrations.md b/docs/backup-new-integrations.md
new file mode 100644
index 000000000..062900669
--- /dev/null
+++ b/docs/backup-new-integrations.md
@@ -0,0 +1,441 @@
+****** INTEGRATIONS ******
+=== "RHEL"
+
+ The first step is to add NGINX official repository. Create the following file at `/etc/yum.repos.d/nginx.repo` :
+ ```conf
+ [nginx-stable]
+ name=nginx stable repo
+ baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
+ gpgcheck=1
+ enabled=1
+ gpgkey=https://nginx.org/keys/nginx_signing.key
+ module_hotfixes=true
+ ```
+
+ You should now be able to install NGINX 1.20.2 :
+ ```shell
+ sudo dnf install nginx-1.20.2
+ ```
+
+ And finally install BunkerWeb 1.4.4 :
+ ```shell
+ wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+ rpm -Uvh epel-release*rpm && \
+ curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
+ sudo dnf check-update && \
+ sudo dnf install -y bunkerweb-1.4.4
+ ```
+
+ To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
+ ```shell
+ sudo dnf versionlock add nginx && \
+ sudo dnf versionlock add bunkerweb
+ ```
+
+## Vagrant
+
+
+ { align=center }
+ Vagrant integration
+
+
+List of supported Linux distros :
+
+- Ubuntu 22.04 "Jammy"
+
+[Vagrant](https://www.vagrantup.com/docs) is a tool for building and managing virtual machine environments in a single workflow. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases production parity, and makes the "works on my machine" excuse a relic of the past.
+
+A specific BunkerWeb box is available on vagrantup.
+
+First of all download the box from vagrantup : ```shell vagrant box add bunkerity/bunkerity```
+
+Then an list of boxes should appear, select the one whith your provider (virtualbox, vmware, libvirt).
+
+This will download the box named bunkerity/bunkerity from [HashiCorp's Vagrant Cloud box catalog](https://vagrantcloud.com/boxes/search), where you can find and host boxes.
+
+Now you've added a box to Vagrant either by initializing or adding it explicitly, you need to configure your project to use it as a base.
+For initializing a new Vagrant project, you can use the `vagrant init bunkerity/bunkerity` command. This will create a Vagrantfile in the current directory.
+
+Open the Vagrantfile and replace the contents with the following.
+
+ ```shell
+ Vagrant.configure("2") do |config|
+ config.vm.box = "bunkerity/bunkerity"
+ end
+ ```
+
+Vagrant will automatically download the box in his latest version and add it to your Vagrant environment. If you want to use a specific version of the box, you can use the `config.vm.box_version` option.
+
+For exemple:
+
+ ```shell
+ Vagrant.configure("2") do |config|
+ config.vm.box = "bunkerity/bunkerity"
+ config.vm.box_version = "1.4.2"
+ end
+ ```
+
+Now you can start the box :
+```shell
+vagrant up
+```
+
+And then connect to it :
+```shell
+vagrant ssh
+```
+
+****** QUICKSTART ******
+
+=== "Vagrant"
+
+ We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
+
+ The following command will run a basic HTTP server on the port 8000 and deliver the files in the current directory :
+ ```shell
+ python3 -m http.server -b 127.0.0.1
+ ```
+
+ Configuration of BunkerWeb is done by editing the `/etc/bunkerweb/variables.env` file.
+
+ Connect to your vagrant machine :
+ ```shell
+ vagrant ssh
+ ```
+
+ And then you can edit the `variables.env` file in your host machine like this :
+
+ ```conf
+ SERVER_NAME=www.example.com
+ HTTP_PORT=80
+ HTTPS_PORT=443
+ DNS_RESOLVERS=8.8.8.8 8.8.4.4
+ USE_REVERSE_PROXY=yes
+ REVERSE_PROXY_URL=/
+ REVERSE_PROXY_HOST=http://127.0.0.1:8000
+ ```
+
+ If it's already running we can restart it :
+ ```shell
+ systemctl restart bunkerweb
+ ```
+
+ Otherwise, we will need to start it :
+ ```shell
+ systemctl start bunkerweb
+ ```
+
+ Let's check the status of BunkerWeb :
+ ```shell
+ systemctl status bunkerweb
+ ```
+
+=== "Vagrant"
+
+ We will assume that you already have the [Vagrant integration](/1.4/integrations/#Vagrant) stack running on your machine with some web applications running on the same machine as BunkerWeb.
+
+ Let's assume that you have some web applications running on the same machine as BunkerWeb :
+
+ === "App #1"
+ The following command will run a basic HTTP server on the port 8001 and deliver the files in the current directory :
+ ```shell
+ python3 -m http.server -b 127.0.0.1 8001
+ ```
+
+ === "App #2"
+ The following command will run a basic HTTP server on the port 8002 and deliver the files in the current directory :
+ ```shell
+ python3 -m http.server -b 127.0.0.1 8002
+ ```
+
+ === "App #3"
+ The following command will run a basic HTTP server on the port 8003 and deliver the files in the current directory :
+ ```shell
+ python3 -m http.server -b 127.0.0.1 8003
+ ```
+
+ Connect to your vagrant machine :
+ ```shell
+ vagrant ssh
+ ```
+
+ Configuration of BunkerWeb is done by editing the /etc/bunkerweb/variables.env file :
+ ```conf
+ SERVER_NAME=app1.example.com app2.example.com app3.example.com
+ HTTP_PORT=80
+ HTTPS_PORT=443
+ MULTISITE=yes
+ DNS_RESOLVERS=8.8.8.8 8.8.4.4
+ USE_REVERSE_PROXY=yes
+ REVERSE_PROXY_URL=/
+ app1.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8001
+ app2.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8002
+ app3.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8003
+ ```
+
+ If it's already running we can restart it :
+ ```shell
+ systemctl restart bunkerweb
+ ```
+
+ Otherwise, we will need to start it :
+ ```shell
+ systemctl start bunkerweb
+ ```
+
+ Let's check the status of BunkerWeb :
+ ```shell
+ systemctl status bunkerweb
+ ```
+
+=== "Vagrant"
+
+ You will need to add the settings to the `/etc/bunkerweb/variables.env` file :
+
+ ```conf
+ ...
+ USE_REAL_IP=yes
+ REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16
+ REAL_IP_HEADER=X-Forwarded-For
+ ...
+ ```
+
+ Don't forget to restart the BunkerWeb service once it's done.
+
+=== "Vagrant"
+
+ You will need to add the settings to the `/etc/bunkerweb/variables.env` file :
+
+ ```conf
+ ...
+ USE_REAL_IP=yes
+ USE_PROXY_PROTOCOL=yes
+ REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16
+ REAL_IP_HEADER=proxy_protocol
+ ...
+ ```
+
+ Don't forget to restart the BunkerWeb service once it's done.
+
+=== "Vagrant"
+
+ When using the [Vagrant integration](/1.4/integrations/#vagrant), custom configurations must be written to the `/etc/bunkerweb/configs` folder.
+
+ Here is an example for server-http/hello-world.conf :
+ ```conf
+ location /hello {
+ default_type 'text/plain';
+ content_by_lua_block {
+ ngx.say('world')
+ }
+ }
+ ```
+
+ Because BunkerWeb runs as an unprivileged user (nginx:nginx), you will need to edit the permissions :
+ ```shell
+ chown -R root:nginx /etc/bunkerweb/configs && \
+ chmod -R 770 /etc/bunkerweb/configs
+ ```
+
+ Don't forget to restart the BunkerWeb service once it's done.
+
+=== "Vagrant"
+
+ We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
+
+ By default, BunkerWeb will search for web files inside the `/var/www/html` folder. You can use it to store your PHP application. Please note that you will need to configure your PHP-FPM service to get or set the user/group of the running processes and the UNIX socket file used to communicate with BunkerWeb.
+
+ First of all, you will need to make sure that your PHP-FPM instance can access the files inside the `/var/www/html` folder and also that BunkerWeb can access the UNIX socket file in order to communicate with PHP-FPM. We recommend to set a different user like `www-data` for the PHP-FPM service and to give the nginx group access to the UNIX socket file. Here is corresponding PHP-FPM configuration :
+ ```ini
+ ...
+ [www]
+ user = www-data
+ group = www-data
+ listen = /run/php/php-fpm.sock
+ listen.owner = www-data
+ listen.group = nginx
+ listen.mode = 0660
+ ...
+ ```
+
+ Don't forget to restart your PHP-FPM service :
+ ```shell
+ systemctl restart php8.1-fpm
+ ```
+
+ Once your application is copied to the `/var/www/html` folder, you will need to fix the permissions so BunkerWeb (user/group nginx) can at least read files and list folders and PHP-FPM (user/group www-data) is the owner of the files and folders :
+ ```shell
+ chown -R www-data:nginx /var/www/html && \
+ find /var/www/html -type f -exec chmod 0640 {} \; && \
+ find /var/www/html -type d -exec chmod 0750 {} \;
+ ```
+
+ You can now edit the `/etc/bunkerweb/variable.env` file :
+ ```env
+ HTTP_PORT=80
+ HTTPS_PORT=443
+ DNS_RESOLVERS=8.8.8.8 8.8.4.4
+ SERVER_NAME=www.example.com
+ AUTO_LETS_ENCRYPT=yes
+ LOCAL_PHP=/run/php/php-fpm.sock
+ LOCAL_PHP_PATH=/var/www/html/
+ ```
+
+ Let's check the status of BunkerWeb :
+ ```shell
+ systemctl status bunkerweb
+ ```
+ If it's already running we can restart it :
+ ```shell
+ systemctl restart bunkerweb
+ ```
+
+ Otherwise, we will need to start it :
+ ```shell
+ systemctl start bunkerweb
+ ```
+
+ === "Vagrant"
+
+ We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
+
+ By default, BunkerWeb will search for web files inside the `/var/www/html` folder. You can use it to store your PHP applications : each application will be in its own subfolder named the same as the primary server name. Please note that you will need to configure your PHP-FPM service to get or set the user/group of the running processes and the UNIX socket file used to communicate with BunkerWeb.
+
+ First of all, you will need to make sure that your PHP-FPM instance can access the files inside the `/var/www/html` folder and also that BunkerWeb can access the UNIX socket file in order to communicate with PHP-FPM. We recommend to set a different user like `www-data` for the PHP-FPM service and to give the nginx group access to the UNIX socket file. Here is corresponding PHP-FPM configuration :
+ ```ini
+ ...
+ [www]
+ user = www-data
+ group = www-data
+ listen = /run/php/php-fpm.sock
+ listen.owner = www-data
+ listen.group = nginx
+ listen.mode = 0660
+ ...
+ ```
+
+ Don't forget to restart your PHP-FPM service :
+ ```shell
+ systemctl restart php8.1-fpm
+ ```
+
+ Once your application is copied to the `/var/www/html` folder, you will need to fix the permissions so BunkerWeb (user/group nginx) can at least read files and list folders and PHP-FPM (user/group www-data) is the owner of the files and folders :
+ ```shell
+ chown -R www-data:nginx /var/www/html && \
+ find /var/www/html -type f -exec chmod 0640 {} \; && \
+ find /var/www/html -type d -exec chmod 0750 {} \;
+ ```
+
+ You can now edit the `/etc/bunkerweb/variable.env` file :
+ ```env
+ HTTP_PORT=80
+ HTTPS_PORT=443
+ DNS_RESOLVERS=8.8.8.8 8.8.4.4
+ SERVER_NAME=app1.example.com app2.example.com app3.example.com
+ MULTISITE=yes
+ AUTO_LETS_ENCRYPT=yes
+ app1.example.com_LOCAL_PHP=/run/php/php-fpm.sock
+ app1.example.com_LOCAL_PHP_PATH=/var/www/html/app1.example.com
+ app2.example.com_LOCAL_PHP=/run/php/php-fpm.sock
+ app2.example.com_LOCAL_PHP_PATH=/var/www/html/app2.example.com
+ app3.example.com_LOCAL_PHP=/run/php/php-fpm.sock
+ app3.example.com_LOCAL_PHP_PATH=/var/www/html/app3.example.com
+ ```
+
+ Let's check the status of BunkerWeb :
+ ```shell
+ systemctl status bunkerweb
+ ```
+ If it's already running we can restart it :
+ ```shell
+ systemctl restart bunkerweb
+ ```
+
+ Otherwise, we will need to start it :
+ ```shell
+ systemctl start bunkerweb
+ ```
+
+****** PLUGINS ******
+
+=== "Vagrant"
+
+ When using the [Linux integration](/1.4/integrations/#linux), plugins must be written to the `/etc/bunkerweb/plugins` folder :
+ ```shell
+ git clone https://github.com/bunkerity/bunkerweb-plugins && \
+ cp -rp ./bunkerweb-plugins/* /data/plugins
+ ```
+
+****** UI ******
+
+=== "Vagrant"
+
+ The installation of the web UI using the [Vagrant integration](/1.4/integrations/#vagrant) is pretty straightforward because it is installed with BunkerWeb.
+
+ The first thing to do is to edit the BunkerWeb configuration located at **/etc/bunkerweb/variables.env** to add settings related to the web UI :
+ ```conf
+ HTTP_PORT=80
+ HTTPS_PORT=443
+ DNS_RESOLVERS=8.8.8.8 8.8.4.4
+ ...
+ SERVER_NAME=bwadm.example.com
+ MULTISITE=yes
+ USE_API=yes
+ API_WHITELIST_IP=127.0.0.0/8
+ bwadm.example.com_USE_UI=yes
+ bwadm.example.com_USE_REVERSE_PROXY=yes
+ bwadm.example.com_REVERSE_PROXY_URL=/changeme/
+ bwadm.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
+ bwadm.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
+ bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
+ ...
+ ```
+
+ Important things to note :
+
+ * `bwadm.example.com` is the dedicated (sub)domain for accessing the web UI
+ * replace the `/changeme` URLs with a custom one of your choice
+
+ Once the configuration file is edited, you will need to restart BunkerWeb :
+ ```shell
+ systemctl restart bunkerweb
+ ```
+
+ You can edit the **/etc/bunkerweb/ui.env** file containing the settings of the web UI :
+ ```conf
+ ADMIN_USERNAME=admin
+ ADMIN_PASSWORD=changeme
+ ABSOLUTE_URI=http(s)://bwadm.example.com/changeme/
+ ```
+
+ Important things to note :
+
+ * `http(s)://bwadmin.example.com/changeme/` is the full base URL of the web UI (must match the sub(domain) and /changeme URL used in **/etc/bunkerweb/variables.env**)
+ * replace the username `admin` and password `changeme` with strong ones
+
+ Restart the BunkerWeb UI service and you are now ready to access it :
+ ```shell
+ systemctl restart bunkerweb-ui
+ ```
+
+****** TROUBLE ******
+
+=== "Vagrant"
+
+ For errors related to BunkerWeb services (e.g. not starting), you can use `journalctl` :
+ ```shell
+ journalctl -u bunkerweb --no-pager
+ ```
+
+ Common logs are located inside the `/var/log/nginx` directory :
+ ```shell
+ cat /var/log/nginx/error.log
+ cat /var/log/nginx/access.log
+ ```
+
+=== "Vagrant"
+
+ You can use the `bwcli` command (as root) :
+ ```shell
+ sudo bwcli unban 1.2.3.4
+ ```
\ No newline at end of file
diff --git a/docs/diagrams/core-order.drawio b/docs/diagrams/core-order.drawio
new file mode 100755
index 000000000..fce63caf1
--- /dev/null
+++ b/docs/diagrams/core-order.drawio
@@ -0,0 +1 @@
+7Z1df6I4FIc/jZfdHxDevFSkrVuHzqjdrntHlVF20HQR2zqffkMhAglqtEJoYW4Gjrz/z3OScxJoCxjLtxvffl58gzPHa0nC7K0Fei1JkkRdR/+Flm1sAWo7ssx9dxbZxMQwcn87sVGIrRt35qwzGwYQeoH7nDVO4WrlTIOMzfZ9+Jrd7Cf0smd9tucOZRhNbY+2PrqzYBFZdUlL7LeOO1/gM4v4/pY23ji+k/XCnsHXlAmYLWD4EAbR0vLNcLzw6eHn8tjfPnqDX+rNnz/W/9kP3bux9ddVdLDrU3bZ3YLvrIKzD73a2Lf9lfFyfbUdXc2DjvjPuH8lg+jYL7a3iR9YfLPBFj9BZ4YeaLwK/WAB53Ble2Zi7fpws5o54XkEtJZsM4DwGRlFZPzXCYJt7B32JoDItAiWXvxrdM7wRIRoR+443m4NN/7UOXCbsYKB7c+d4NDjkHa6IiIcuHQCf4t29B3PDtyX7NXZsWfOd9slTx8txAKcIIaQo4XqoevtztwXtDgPFzuGYY5G+Ad0ntRvOZt3zZu+he1PPrkluT8pvechTkOJXxdu4Iye7ffH/IpiRZ6AL44fOG9nSEg/cRyA2nJ0nDj8KNHaa0KyiPFcpCjWhYIkwnh8cV5kRl6kPeqVw4tMafF42x+bg/5obKI19GyvKXH8BVw+bdbHPfqn63kG9KD/vh8QRUXVtNAOV0HKfv3+r0ACVFXIEHCF/T3NgJLDgAgKg4B+8F8Rgl135SgFgCcF+MBHmo3B0Oz0JiEVzI0B3Zh0LCsh68w2hZ3APaTtI7MoAvV29QhU60EgYCVQ4Uog3YnuDjrG3YUaoopgIO56WhXiQK8HBworBxpXDhRKjZuhOfliGAClehhoLF0A4/7BGg8nTWt/WF9Fr5y+oB5Zp9RmDHOAa9qJL/Mwbbuol5RfjhLXs0bdQe2BE9v8gatHhgtYM1zANcMFTBnuOcB1H6w7c2iZ49pBR/ZiqgBdXi+mfOjQY/W3f6dXJuHB/lDwau8tPni0to3XCoeVNRkG+gdhjXf9Dl104YnLCHLWZSRFyR4jurJ4N8IZdtfxAf/IG6uikB52xiYz/4P+t/64hn1cMpWvAv108niQfsd7gq9p8N8N6IfwcblT23sHdNYJh5CRderZ67U7zeqRjRXngu+8ucFuN7Sc2gutJTuFK2UFC5wRHq8YtPM9JeUIeX6AbR+NKaqWdUSF9K/oTqmYQh9JI1xaJscA90Qn5CD2NrXZc7jB+sAla8SAjKhmxt3RQnTIi8Y+WWmaQrKFYxnP55oogrzqJD0yY4373fuwB2rcmsYdc9tlmWavfk2X1q5cy4W7RRedt2Fava8zawMpQotU6rwNWW3iJxkWWeKnkK9zSfM7mPL+UQqVo1gZt53BwLRu9qYIZHzcuYDIECOzsRB1BAxVPxA7i8JPJgpqzNOm1MLwk7niJ1QMP4kVP670SSz0fR/en9SuDc0fD+ZofH6H5SsAydocFscj04Bhz7TYRwsbYdMq8lP2xBkRBZZRUoF2komzh8soeLkKZRSZtYyyr6NUThll97JF7IaA7EezVlEkorYByKTpQkUUmaw/KmXUUPLGbT9VhTHBYdJK6o2cKozMOcSeOUnloLErKOKyIBl5WdEgR6llsRg0qAJHGWgoeSWMBo2ip63yRUMjau9y+0w0dLL0LheDRlvggUZeEaJBo+iZrJxbDeFSrYZSTqshCjx6VEpeiaBho+gxW85skEO2pEuzsqGSzQYJ2aXYEAEPNk58s7rqbAh82WCdGsyZDfVIT4iZDTKjJ/tmn5uNE6fXNmwcYoN5Fi/ndIPwtLOn+mhkJl7UTB8+fapPPw+uUmx8jlScDPfntxtkAbegdqMt8kCDbT7VYHD/2Axb5XrznmErgN2N27CV0tTmecyPVPa8KlBSb5kojijnDlupwpGuxYWiHjlbGWglRD3MXAXQIEZ0RVY00t0BziO6CvPUYa4juoB412ZXkDwVDUAMJ8lKMWjIZMJaBhpasXnkCq6cg1yc0eFFh792w7ssZ/4CTx/WyfB+bqFQJI+EneviGR8gP7ZVxrsdGkvGV0pf5oPuWPHuxnE3Yq5AENGZtXJ9MY+hEyHrnvIZlDQEWS9ZBz785eBMIw5v6aQkNtmeO1+FroZkd5C9i+NjJ/5h6c5m7wE0L+HJ+mKroByGHHSmp1SqOa5U2EsgGp3A1E4SUSAjPl9NdLrnXD9NJL1amtDTKSbmqG6iKGK1RJEaUChN8mbpl6sKPYJcP1U08jslgLcqdM5ZP1XIRoU/K3QOVT9VBKFqqtCfqa1fY08WjfmrQr/8VTtWdLJcib+ozE0UOqWvISrkpzfxRCFeqrTpDLJ+qlBj/XidmypNDhmqIFdNliaLROmJVjVV6CyyhrAoxBdp+MtCp5GNLLtvqfGThc4jaygLFcS4y9IkknktfnGyoNXkDxtGw5bJ34cE5v8=
\ No newline at end of file
diff --git a/docs/integrations.md b/docs/integrations.md
index db05c5ea9..49c621f65 100644
--- a/docs/integrations.md
+++ b/docs/integrations.md
@@ -12,7 +12,7 @@ Using BunkerWeb as a [Docker](https://www.docker.com/) container is a quick and
We provide ready-to-use prebuilt images for x64, x86 armv8 and armv7 architectures on [Docker Hub](https://hub.docker.com/r/bunkerity/bunkerweb) :
```shell
-docker pull bunkerity/bunkerweb:1.4.3
+docker pull bunkerity/bunkerweb:1.4.4
```
Alternatively, you can build the Docker images directly from the [source](https://github.com/bunkerity/bunkerweb) (and get a coffee ☕ because it may take a long time depending on your hardware) :
@@ -39,7 +39,7 @@ docker run \
-e MY_SETTING=value \
-e "MY_OTHER_SETTING=value with spaces" \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
@@ -48,7 +48,7 @@ Here is the docker-compose equivalent :
...
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
environment:
- MY_SETTING=value
```
@@ -73,7 +73,7 @@ docker run \
...
-v bw_data:/data \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
@@ -82,7 +82,7 @@ Here is the docker-compose equivalent :
...
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
volumes:
- bw_data:/data
...
@@ -152,7 +152,7 @@ docker run \
...
--network mynetwork \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
You will also need to do the same with your web application(s). Please note that the other containers are accessible using their name as the hostname.
@@ -163,7 +163,7 @@ Here is the docker-compose equivalent :
...
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
networks:
- bw-net
...
@@ -204,7 +204,7 @@ docker network create bw-services
- One for communication between **BunkerWeb** and **autoconf**
- Another one for communication between **BunkerWeb** and **web applications**
-You can now create the BunkerWeb container with the `AUTOCONF_MODE=yes` setting and the `bunkerweb.INSTANCE` label (replace 10.20.30.0/24 with the subnet specified before) :
+You can now create the BunkerWeb container with the `AUTOCONF_MODE=yes` setting and the `bunkerweb.AUTOCONF` label (replace 10.20.30.0/24 with the subnet specified before) :
```shell
docker run \
@@ -217,8 +217,8 @@ docker run \
-e MULTISITE=yes \
-e SERVER_NAME= \
-e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \
- -l bunkerweb.INSTANCE \
- bunkerity/bunkerweb:1.4.3 && \
+ -l bunkerweb.AUTOCONF \
+ bunkerity/bunkerweb:1.4.4 && \
docker network connect bw-services mybunker
```
@@ -235,7 +235,7 @@ docker run \
--network bw-autoconf \
-v bw-data:/data \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
- bunkerity/bunkerweb-autoconf:1.4.3
+ bunkerity/bunkerweb-autoconf:1.4.4
```
Here is the docker-compose equivalent for the BunkerWeb autoconf stack :
@@ -246,7 +246,7 @@ version: '3.5'
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
ports:
- 80:8080
- 443:8443
@@ -256,13 +256,13 @@ services:
- SERVER_NAME=
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
labels:
- - "bunkerweb.INSTANCE"
+ - "bunkerweb.AUTOCONF"
networks:
- bw-autoconf
- bw-services
myautoconf:
- image: bunkerity/bunkerweb-autoconf:1.4.3
+ image: bunkerity/bunkerweb-autoconf:1.4.4
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
@@ -363,8 +363,8 @@ docker service create \
-e SERVER_NAME= \
-e MULTISITE=yes \
-e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \
- -l bunkerweb.INSTANCE \
- bunkerity/bunkerweb:1.4.3
+ -l bunkerweb.AUTOCONF \
+ bunkerity/bunkerweb:1.4.4
```
And the autoconf one :
@@ -378,7 +378,7 @@ docker service \
--mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock,ro \
--mount type=volume,source=bw-data,destination=/data \
-e SWARM_MODE=yes \
- bunkerity/bunkerweb-autoconf:1.4.3
+ bunkerity/bunkerweb-autoconf:1.4.4
```
Here is the docker-compose equivalent (using `docker stack deploy`) :
@@ -389,7 +389,7 @@ version: '3.5'
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
ports:
- published: 80
target: 8080
@@ -413,10 +413,10 @@ services:
constraints:
- "node.role==worker"
labels:
- - "bunkerweb.INSTANCE"
+ - "bunkerweb.AUTOCONF"
myautoconf:
- image: bunkerity/bunkerweb-autoconf:1.4.3
+ image: bunkerity/bunkerweb-autoconf:1.4.4
environment:
- SWARM_MODE=yes
volumes:
@@ -544,7 +544,7 @@ spec:
app: bunkerweb
# mandatory annotation
annotations:
- bunkerweb.io/INSTANCE: "yes"
+ bunkerweb.io/AUTOCONF: "yes"
spec:
containers:
- name: bunkerweb
@@ -703,14 +703,14 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
You should now be able to install NGINX 1.20.2 :
```shell
sudo apt update && \
- sudo apt install -y nginx=1.20.2-1~bullseye
+ sudo apt install -y nginx=1.20.2-1~$(lsb_release -cs)
```
- And finally install BunkerWeb 1.4.3 :
+ And finally install BunkerWeb 1.4.4 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
- sudo apt install -y bunkerweb=1.4.3
+ sudo apt install -y bunkerweb=1.4.4
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
@@ -736,11 +736,11 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
sudo apt install -y nginx=1.20.2-1~jammy
```
- And finally install BunkerWeb 1.4.3 :
+ And finally install BunkerWeb 1.4.4 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
- sudo apt install -y bunkerweb=1.4.3
+ sudo apt install -y bunkerweb=1.4.4
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
@@ -758,7 +758,7 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
- sudo dnf install -y bunkerweb-1.4.3
+ sudo dnf install -y bunkerweb-1.4.4
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@@ -785,12 +785,12 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
sudo dnf install nginx-1.20.2
```
- And finally install BunkerWeb 1.4.3 :
+ And finally install BunkerWeb 1.4.4 :
```shell
dnf install -y epel-release && \
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
- sudo dnf install -y bunkerweb-1.4.3
+ sudo dnf install -y bunkerweb-1.4.4
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@@ -818,13 +818,12 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
mkdir /usr/share/bunkerweb/deps && \
/tmp/bunkerweb/deps/install.sh
```
-
+
Additional Python dependencies needs to be installed into the `/usr/share/bunkerweb/deps/python` folder :
```shell
- mkdir /usr/share/bunkerweb/deps/python && \
+ mkdir -p /usr/share/bunkerweb/deps/python && \
+ cat src/scheduler/requirements.txt src/ui/requirements.txt src/common/gen/requirements.txt src/common/db/requirements.txt > /tmp/bunkerweb/deps/requirements.txt && \
pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt && \
- pip install --no-cache-dir --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/ui/requirements.txt && \
- pip install --no-cache-dir gunicorn
```
Once dependencies are installed, you will be able to copy the BunkerWeb sources to the target `/usr/share/bunkerweb` folder :
@@ -894,11 +893,11 @@ List of supported Linux distros :
[Ansible](https://docs.ansible.com/ansible/latest/index.html) is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
-A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/fl0ppy_d1sk/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
+A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/bunkerity/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
First of all, download the role from ansible-galaxy :
```shell
-ansible-galaxy install fl0ppy_d1sk.bunkerweb
+ansible-galaxy install bunkerity.bunkerweb
```
Next, create an inventory by adding the IP adress or FQDN of one or more remote systems, either in `/etc/ansible/hosts` or in your own playbook `inventory.yml` :
@@ -917,7 +916,7 @@ In order to use the role, we will create the playbook file named `playbook.yml`
- hosts: all
become: true
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
Run the playbook :
@@ -927,16 +926,16 @@ ansible-playbook -i inventory.yml playbook.yml
Configuration of BunkerWeb is done by using specific role variables :
-| Name | Type | Description | Default value |
-| :-------------------: | :--------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
-| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.4.3` |
-| `nginx_version` | string | Version of NGINX to install. | `1.20.2` |
-| `freeze_versions` | boolean | Prevent upgrade of BunkerWeb and NGINX when performing packages upgrades. | `true` |
-| `variables_env` | string | Path of the variables.env file to configure BunkerWeb. | `files/variables.env` |
-| `enable_ui` | boolean | Activate the web UI. | `false` |
-| `custom_ui` | string | Path of the ui.env file to configure the web UI. | `files/ui.env` |
-| `custom_configs_path` | Dictionary | Each entry is a path of the folder containing custom configurations. Keys are the type of custom configs : `http`, `server-http`, `modsec`, `modsec-crs` and `default-server-http` | empty values |
-| `custom_www` | string | Path of the www directory to upload. | empty value |
-| `custom_plugins` | string | Path of the plugins directory to upload. | empty value |
-| `custom_www_owner` | string | Default owner for www files and folders. | `nginx` |
-| `custom_www_group` | string | Default group for www files and folders. | `nginx` |
+| Name | Type | Description | Default value |
+|:-----:|:-----:|--------------|----------------|
+| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.4.4` |
+| `nginx_version` | string | Version of NGINX to install. | `1.20.2` |
+| `freeze_versions` | boolean | Prevent upgrade of BunkerWeb and NGINX when performing packages upgrades. | `true` |
+| `variables_env` | string | Path of the variables.env file to configure BunkerWeb. | `files/variables.env` |
+| `enable_ui` | boolean | Activate the web UI. | `false` |
+| `custom_ui` | string | Path of the ui.env file to configure the web UI. | `files/ui.env` |
+| `custom_configs_path` | Dictionary | Each entry is a path of the folder containing custom configurations. Keys are the type of custom configs : `http`, `server-http`, `modsec`, `modsec-crs` and `default-server-http` | empty values |
+| `custom_www` | string | Path of the www directory to upload. | empty value |
+| `custom_plugins` | string | Path of the plugins directory to upload. | empty value |
+| `custom_www_owner` | string | Default owner for www files and folders. | `nginx` |
+| `custom_www_group` | string | Default group for www files and folders. | `nginx` |
diff --git a/docs/mike.sh b/docs/mike.sh
index c55e1c7db..6daa14e4f 100755
--- a/docs/mike.sh
+++ b/docs/mike.sh
@@ -8,6 +8,6 @@ fi
if [ "$1" == "dev" ] ; then
mike deploy --push --update-aliases dev
else
- mike deploy --push --update-aliases "$(cat src/VERSION | sed -E 's/([0-9]+)\.([0-9]+)\.([0-9]+)/\1\.\2/')" latest
+ mike deploy --push --update-aliases "$(cat VERSION | sed -E 's/([0-9]+)\.([0-9]+)\.([0-9]+)/\1\.\2/')" latest
mike set-default --push latest
fi
\ No newline at end of file
diff --git a/docs/plugins.md b/docs/plugins.md
index ece3387a1..90034f390 100644
--- a/docs/plugins.md
+++ b/docs/plugins.md
@@ -53,13 +53,13 @@ The first step is to install the plugin by putting the plugin files inside the c
...
-v "${PWD}/bw-data:/data" \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
```yaml
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
volumes:
- ./bw-data:/data
...
@@ -140,7 +140,7 @@ The first step is to install the plugin by putting the plugin files inside the c
vars:
- custom_plugins: "{{ playbook_dir }}/bunkerweb-plugins"
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
Run the playbook :
diff --git a/docs/quickstart-guide.md b/docs/quickstart-guide.md
index cebadeded..65681b383 100644
--- a/docs/quickstart-guide.md
+++ b/docs/quickstart-guide.md
@@ -54,7 +54,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
-e USE_REVERSE_PROXY=yes \
-e REVERSE_PROXY_URL=/ \
-e REVERSE_PROXY_HOST=http://myapp \
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
@@ -64,7 +64,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
ports:
- 80:8080
- 443:8443
@@ -223,7 +223,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
metadata:
name: ingress
annotations:
- bunkerweb.io/INSTANCE: "yes"
+ bunkerweb.io/AUTOCONF: "yes"
spec:
rules:
- host: www.example.com
@@ -306,7 +306,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
You can now run the playbook :
@@ -379,7 +379,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
-e app1.example.com_REVERSE_PROXY_HOST=http://myapp1 \
-e app2.example.com_REVERSE_PROXY_HOST=http://myapp2 \
-e app3.example.com_REVERSE_PROXY_HOST=http://myapp3 \
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
@@ -389,7 +389,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
ports:
- 80:8080
- 443:8443
@@ -793,7 +793,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
metadata:
name: ingress
annotations:
- bunkerweb.io/INSTANCE: "yes"
+ bunkerweb.io/AUTOCONF: "yes"
spec:
rules:
- host: app1.example.com
@@ -880,7 +880,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
```shell
systemctl start bunkerweb
```
-
+
=== "Ansible"
Let's assume that you have some web applications running on the same machine as BunkerWeb :
@@ -930,7 +930,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
[]()
Run the playbook :
@@ -981,13 +981,13 @@ REAL_IP_HEADER=X-Forwarded-For
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=X-Forwarded-For \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
```yaml
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
...
environment:
- USE_REAL_IP=yes
@@ -1006,13 +1006,13 @@ REAL_IP_HEADER=X-Forwarded-For
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=X-Forwarded-For \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
```yaml
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
...
environment:
- USE_REAL_IP=yes
@@ -1031,13 +1031,13 @@ REAL_IP_HEADER=X-Forwarded-For
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=X-Forwarded-For \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent (using `docker stack deploy`) :
```yaml
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
...
environment:
- USE_REAL_IP=yes
@@ -1062,7 +1062,7 @@ REAL_IP_HEADER=X-Forwarded-For
spec:
containers:
- name: bunkerweb
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
...
env:
- name: USE_REAL_IP
@@ -1111,7 +1111,7 @@ REAL_IP_HEADER=X-Forwarded-For
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
Run the playbook :
@@ -1146,13 +1146,13 @@ REAL_IP_HEADER=proxy_protocol
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=proxy_protocol \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
```yaml
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
...
environment:
- USE_REAL_IP=yes
@@ -1173,13 +1173,13 @@ REAL_IP_HEADER=proxy_protocol
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=proxy_protocol \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
```yaml
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
...
environment:
- USE_REAL_IP=yes
@@ -1200,13 +1200,13 @@ REAL_IP_HEADER=proxy_protocol
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=proxy_protocol \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent (using `docker stack deploy`) :
```yaml
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
...
environment:
- USE_REAL_IP=yes
@@ -1232,7 +1232,7 @@ REAL_IP_HEADER=proxy_protocol
spec:
containers:
- name: bunkerweb
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
...
env:
- name: USE_REAL_IP
@@ -1285,7 +1285,7 @@ REAL_IP_HEADER=proxy_protocol
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
Run the playbook :
@@ -1327,7 +1327,7 @@ Some integrations offer a more convenient way of applying configurations such as
Here is a dummy example using a docker-compose file :
```yaml
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@@ -1369,13 +1369,13 @@ Some integrations offer a more convenient way of applying configurations such as
...
-v "${PWD}/bw-data:/data" \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
```yaml
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
volumes:
- ./bw-data:/data
...
@@ -1436,13 +1436,13 @@ Some integrations offer a more convenient way of applying configurations such as
...
-v "${PWD}/bw-data:/data" \
...
- bunkerity/bunkerweb-autoconf:1.4.3
+ bunkerity/bunkerweb-autoconf:1.4.4
```
Here is the docker-compose equivalent :
```yaml
myautoconf:
- image: bunkerity/bunkerweb-autoconf:1.4.3
+ image: bunkerity/bunkerweb-autoconf:1.4.4
volumes:
- ./bw-data:/data
...
@@ -1551,7 +1551,7 @@ Some integrations offer a more convenient way of applying configurations such as
server-http: "{{ playbook_dir }}/server-http"
}
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
Run the playbook :
@@ -1622,7 +1622,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
-e AUTO_LETS_ENCRYPT=yes \
-e REMOTE_PHP=myphp \
-e REMOTE_PHP_PATH=/app \
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
@@ -1632,7 +1632,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
ports:
- 80:8080
- 443:8443
@@ -1674,7 +1674,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
...
-v "${PWD}/myapp:/app" \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Once BunkerWeb and autoconf are ready, you will be able to create the PHP-FPM container, mount the application folder inside the container and configure it using specific labels :
@@ -1738,7 +1738,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
...
-v "/shared/myapp:/app" \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Once BunkerWeb and autoconf are ready, you will be able to create the PHP-FPM service, mount the application folder inside the container and configure it using specific labels :
@@ -1891,7 +1891,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- custom_www: "{{ playbook_dir }}/my_app"
- custom_www_owner: "www-data"
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
You can now run the playbook :
@@ -1984,7 +1984,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
-e app2.example.com_REMOTE_PHP_PATH=/app \
-e app3.example.com_REMOTE_PHP=myphp3 \
-e app3.example.com_REMOTE_PHP_PATH=/app \
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Here is the docker-compose equivalent :
@@ -1994,7 +1994,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
ports:
- 80:8080
- 443:8443
@@ -2055,7 +2055,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
...
-v "${PWD}/myapps:/apps" \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Once BunkerWeb and autoconf are ready, you will be able to create the PHP-FPM containers, mount the right application folder inside each container and configure them using specific labels :
@@ -2179,7 +2179,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
...
-v "/shared/myapps:/apps" \
...
- bunkerity/bunkerweb:1.4.3
+ bunkerity/bunkerweb:1.4.4
```
Once BunkerWeb and autoconf are ready, you will be able to create the PHP-FPM service, mount the application folder inside the container and configure it using specific labels :
@@ -2406,7 +2406,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- custom_www: "{{ playbook_dir }}/my_app"
- custom_www_owner: "www-data"
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
You can now run the playbook :
diff --git a/docs/requirements.txt b/docs/requirements.txt
index c2cf17f14..506ec24ee 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -1,5 +1,5 @@
-mkdocs==1.4.2
-mkdocs-material==8.5.9
+mkdocs==1.2.3
+mkdocs-material==8.2.5
pytablewriter==0.64.2
mike==1.1.2
jinja2<3.1.0
diff --git a/docs/security-tuning.md b/docs/security-tuning.md
index 8656856c8..fea885eee 100644
--- a/docs/security-tuning.md
+++ b/docs/security-tuning.md
@@ -5,6 +5,11 @@ BunkerWeb offers many security features that you can configure with [settings](/
!!! tip "Other settings"
This section only focuses on security tuning, see the [settings section](/1.4/settings) of the documentation for other settings.
+
+ { align=center }
+ Overview and order of the core security plugins
+
+
## HTTP protocol
### Deny status code
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 4f966120d..303981262 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -260,4 +260,4 @@ If you have bots that need to access your website, the recommended way to avoid
- Healthcheck / status bot
- Callback like IPN or webhook
-- Social media crawler
+- Social media crawler
\ No newline at end of file
diff --git a/docs/web-ui.md b/docs/web-ui.md
index 7dd86c343..0bc6ac267 100644
--- a/docs/web-ui.md
+++ b/docs/web-ui.md
@@ -1,7 +1,7 @@
# Web UI
!!! note "Supported integrations"
- At the moment, the web UI is only supported with the [Docker](/1.4/integrations/#docker), [Linux](/1.4/integrations/#linux) and [Ansible](/1.4/integrations/#ansible) integrations. Please note that we plan to support more integrations as the project evolves.
+ At the moment, the web UI is only supported with the [Docker](/1.4/integrations/#docker), [Linux](/1.4/integrations/#linux) and [Ansible](/1.4/integrations/#ansible) integrations. It's not possible to use the web UI with other integrations like [Docker autoconf](/1.4/integrations/#docker-autoconf), [Swarm](/1.4/integrations/#swarm) or [Kubernetes](/1.4/integrations/#kubernetes). Please note that we plan to support more integrations as the project evolves.
## Overview
@@ -76,7 +76,7 @@ Because the web UI is a web application, the recommended installation procedure
-e "bwadm.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme" \
-e bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no \
-l bunkerweb.UI \
- bunkerity/bunkerweb:1.4.3 && \
+ bunkerity/bunkerweb:1.4.4 && \
docker network connect bw-ui mybunker
```
@@ -115,7 +115,7 @@ Because the web UI is a web application, the recommended installation procedure
-e ADMIN_USERNAME=admin \
-e ADMIN_PASSWORD=changeme \
-e ABSOLUTE_URI=http(s)://bwadm.example.com/changeme/ \
- bunkerity/bunkerweb-ui:1.4.3 && \
+ bunkerity/bunkerweb-ui:1.4.4 && \
docker network connect bw-docker myui
```
@@ -131,7 +131,7 @@ Because the web UI is a web application, the recommended installation procedure
services:
mybunker:
- image: bunkerity/bunkerweb:1.4.3
+ image: bunkerity/bunkerweb:1.4.4
networks:
- bw-services
- bw-ui
@@ -154,7 +154,7 @@ Because the web UI is a web application, the recommended installation procedure
- "bunkerweb.UI"
myui:
- image: bunkerity/bunkerweb-ui:1.4.3
+ image: bunkerity/bunkerweb-ui:1.4.4
depends_on:
- mydocker
networks:
@@ -297,10 +297,10 @@ Because the web UI is a web application, the recommended installation procedure
- enable_ui: true
- custom_ui: "{{ playbook_dir }}/my_ui.env"
roles:
- - fl0ppy_d1sk.bunkerweb
+ - bunkerity.bunkerweb
```
You can now run the playbook and be able to access the web UI :
```shell
ansible-playbook -i inventory.yml playbook.yml
- ```
\ No newline at end of file
+ ```
diff --git a/src/autoconf/DockerController.py b/src/autoconf/DockerController.py
index 232dd07bd..e5d7911fb 100644
--- a/src/autoconf/DockerController.py
+++ b/src/autoconf/DockerController.py
@@ -111,23 +111,21 @@ class DockerController(Controller, ConfigCaller):
return ret
def process_events(self):
- for event in self.__client.events(decode=True, filters={"type": "container"}):
- self._instances = self.get_instances()
- self._services = self.get_services()
- self._configs = self.get_configs()
- if not self._config.update_needed(
- self._instances, self._services, configs=self._configs
- ):
- continue
- self.__logger.info(
- "Catched docker event, deploying new configuration ...",
- )
+ for _ in self.__client.events(decode=True, filters={"type": "container"}):
try:
+ self._instances = self.get_instances()
+ self._services = self.get_services()
+ self._configs = self.get_configs()
+ if not self._config.update_needed(
+ self._instances, self._services, configs=self._configs
+ ):
+ continue
+ self.__logger.info(
+ "Catched Docker event, deploying new configuration ..."
+ )
ret = self.apply_config()
if not ret:
- self.__logger.error(
- "Error while deploying new configuration",
- )
+ self.__logger.error("Error while deploying new configuration")
else:
self.__logger.info(
"Successfully deployed new configuration 🚀",
@@ -136,10 +134,10 @@ class DockerController(Controller, ConfigCaller):
if not self._config._db.is_autoconf_loaded():
ret = self._config._db.set_autoconf_load(True)
if ret:
- self.__logger.error(
+ self.__logger.warning(
f"Can't set autoconf loaded metadata to true in database: {ret}",
)
except:
self.__logger.error(
- f"Exception while deploying new configuration :\n{format_exc()}",
+ f"Exception while processing events :\n{format_exc()}"
)
diff --git a/src/autoconf/Dockerfile b/src/autoconf/Dockerfile
index e20bbae1b..6c22b03d3 100644
--- a/src/autoconf/Dockerfile
+++ b/src/autoconf/Dockerfile
@@ -39,7 +39,7 @@ RUN apk add --no-cache bash && \
chown root:nginx /usr/bin/bwcli
# Fix CVEs
-RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1"
+RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0"
VOLUME /data /etc/nginx
diff --git a/src/autoconf/IngressController.py b/src/autoconf/IngressController.py
index e6ad785ba..a11003f05 100644
--- a/src/autoconf/IngressController.py
+++ b/src/autoconf/IngressController.py
@@ -1,4 +1,5 @@
from os import getenv
+from time import sleep
from traceback import format_exc
from kubernetes import client, config, watch
from kubernetes.client.exceptions import ApiException
@@ -224,8 +225,9 @@ class IngressController(Controller, ConfigCaller):
raise Exception(f"unsupported watch_type {watch_type}")
while True:
locked = False
+ error = False
try:
- for event in w.stream(what):
+ for _ in w.stream(what):
self.__internal_lock.acquire()
locked = True
self._instances = self.get_instances()
@@ -246,6 +248,7 @@ class IngressController(Controller, ConfigCaller):
self.__logger.error(
"Error while deploying new configuration ...",
)
+ error = True
else:
self.__logger.info(
"Successfully deployed new configuration 🚀",
@@ -254,28 +257,31 @@ class IngressController(Controller, ConfigCaller):
if not self._config._db.is_autoconf_loaded():
ret = self._config._db.set_autoconf_load(True)
if ret:
- self.__logger.error(
+ self.__logger.warning(
f"Can't set autoconf loaded metadata to true in database: {ret}",
)
except:
self.__logger.error(
f"Exception while deploying new configuration :\n{format_exc()}",
)
- self.__internal_lock.release()
- locked = False
+ error = True
except ApiException as e:
if e.status != 410:
self.__logger.error(
f"Exception while reading k8s event (type = {watch_type}) :\n{format_exc()}",
)
- sys_exit(1)
- if locked:
- self.__internal_lock.release()
except:
self.__logger.error(
f"Unknown exception while reading k8s event (type = {watch_type}) :\n{format_exc()}",
)
- sys_exit(2)
+ finally :
+ if locked:
+ self.__internal_lock.release()
+ locked = False
+
+ if error is True:
+ self.__logger.warning("Got exception, retrying in 10 seconds ...")
+ sleep(10)
def apply_config(self):
ret = self._config.apply(self._instances, self._services, configs=self._configs)
diff --git a/src/autoconf/SwarmController.py b/src/autoconf/SwarmController.py
index 1dc928e60..d36375b26 100644
--- a/src/autoconf/SwarmController.py
+++ b/src/autoconf/SwarmController.py
@@ -110,23 +110,20 @@ class SwarmController(Controller, ConfigCaller):
def __event(self, event_type):
for event in self.__client.events(decode=True, filters={"type": event_type}):
self.__internal_lock.acquire()
- self._instances = self.get_instances()
- self._services = self.get_services()
- self._configs = self.get_configs()
- if not self._config.update_needed(
- self._instances, self._services, configs=self._configs
- ):
- self.__internal_lock.release()
- continue
- self.__logger.info(
- "Catched Swarm event, deploying new configuration ...",
- )
try:
+ self._instances = self.get_instances()
+ self._services = self.get_services()
+ self._configs = self.get_configs()
+ if not self._config.update_needed(
+ self._instances, self._services, configs=self._configs
+ ):
+ continue
+ self.__logger.info(
+ "Catched Swarm event, deploying new configuration ..."
+ )
ret = self.apply_config()
if not ret:
- self.__logger.error(
- "Error while deploying new configuration ...",
- )
+ self.__logger.error("Error while deploying new configuration")
else:
self.__logger.info(
"Successfully deployed new configuration 🚀",
@@ -135,12 +132,12 @@ class SwarmController(Controller, ConfigCaller):
if not self._config._db.is_autoconf_loaded():
ret = self._config._db.set_autoconf_load(True)
if ret:
- self.__logger.error(
+ self.__logger.warning(
f"Can't set autoconf loaded metadata to true in database: {ret}",
)
except:
self.__logger.error(
- f"Exception while deploying new configuration :\n{format_exc()}",
+ f"Exception while processing events :\n{format_exc()}"
)
self.__internal_lock.release()
diff --git a/src/bw/Dockerfile b/src/bw/Dockerfile
index 478ff5c94..d79d870af 100644
--- a/src/bw/Dockerfile
+++ b/src/bw/Dockerfile
@@ -75,7 +75,7 @@ RUN apk add --no-cache bash python3 && \
chmod 660 /usr/share/bunkerweb/INTEGRATION
# Fix CVEs
-RUN apk add "freetype>=2.10.4-r3" "curl>=7.79.1-r2" "libcurl>=7.79.1-r2" "openssl>=1.1.1q-r0" "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1"
+RUN apk add "freetype>=2.10.4-r3" "curl>=7.79.1-r2" "libcurl>=7.79.1-r2" "openssl>=1.1.1q-r0" "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0"
VOLUME /data /etc/nginx
diff --git a/src/bw/lua/api.lua b/src/bw/lua/api.lua
index 145d1e617..68bce8d72 100644
--- a/src/bw/lua/api.lua
+++ b/src/bw/lua/api.lua
@@ -103,6 +103,44 @@ api.global.POST["^/unban$"] = function(api)
return api:response(ngx.HTTP_OK, "success", "ip " .. ip["ip"] .. " unbanned")
end
+api.global.POST["^/ban$"] = function(api)
+ ngx.req.read_body()
+ local data = ngx.req.get_body_data()
+ if not data then
+ local data_file = ngx.req.get_body_file()
+ if data_file then
+ local file = io.open(data_file)
+ data = file:read("*a")
+ file:close()
+ end
+ end
+ local ok, ip = pcall(cjson.decode, data)
+ if not ok then
+ return api:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't decode JSON : " .. env)
+ end
+ datastore:set("bans_ip_" .. ip["ip"], "manual", ip["exp"])
+ return api:response(ngx.HTTP_OK, "success", "ip " .. ip["ip"] .. " banned")
+end
+
+api.global.GET["^/bans$"] = function(api)
+ local data = {}
+ for i, k in ipairs(datastore:keys()) do
+ if k:find("^bans_ip_") then
+ local ret, reason = datastore:get(k)
+ if not ret then
+ return api:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't access " .. k .. " from datastore : " + reason)
+ end
+ local ret, exp = datastore:exp(k)
+ if not ret then
+ return api:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't access exp " .. k .. " from datastore : " + exp)
+ end
+ local ban = { ip = k:sub(9, #k), reason = reason, exp = exp }
+ table.insert(data, ban)
+ end
+ end
+ return api:response(ngx.HTTP_OK, "success", data)
+end
+
api.is_allowed_ip = function(self)
local data, err = datastore:get("api_whitelist_ip")
if not data then
diff --git a/src/bw/lua/datastore.lua b/src/bw/lua/datastore.lua
index c623a8f17..f983b129f 100644
--- a/src/bw/lua/datastore.lua
+++ b/src/bw/lua/datastore.lua
@@ -1,4 +1,4 @@
-local datastore = {dict = ngx.shared.datastore }
+local datastore = { dict = ngx.shared.datastore }
datastore.get = function(self, key)
local value, err = self.dict:get(key)
@@ -22,6 +22,14 @@ datastore.delete = function(self, key)
return true, "success"
end
+datastore.exp = function(self, key)
+ local ttl, err = self.dict:ttl(key)
+ if not ttl then
+ return false, err
+ end
+ return true, ttl
+end
+
datastore.delete_all = function(self, pattern)
local keys = self.dict:get_keys(0)
for i, key in ipairs(keys) do
diff --git a/src/common/cli/CLI.py b/src/common/cli/CLI.py
index 895026362..314504349 100644
--- a/src/common/cli/CLI.py
+++ b/src/common/cli/CLI.py
@@ -117,3 +117,18 @@ class CLI(ApiCaller):
if self._send_to_apis("POST", "/unban", data={"ip": ip}):
return True, f"IP {ip} has been unbanned"
return False, "error"
+
+ def ban(self, ip, exp):
+ if self._send_to_apis("POST", "/ban", data={"ip": ip, "exp": exp}):
+ return True, f"IP {ip} has been banned"
+ return False, "error"
+
+ def bans(self):
+ ret, resp = self._send_to_apis("GET", "/bans", response=True)
+ if ret:
+ bans = resp["bans"]
+ cli_str = "List of bans :\n"
+ for ban in bans:
+ cli_str += f"- {ban['ip']} for {ban['exp']}s : {ban['reason']}\n"
+ return True, cli_str
+ return False, "error"
diff --git a/src/common/cli/main.py b/src/common/cli/main.py
index 8d12e7848..4328fbc1e 100644
--- a/src/common/cli/main.py
+++ b/src/common/cli/main.py
@@ -27,6 +27,19 @@ if __name__ == "__main__":
)
parser_unban.add_argument("ip", type=str, help="IP address to unban")
+ # Ban subparser
+ parser_ban = subparsers.add_parser("ban", help="add a ban to the cache")
+ parser_ban.add_argument("ip", type=str, help="IP address to ban")
+ parser_ban.add_argument(
+ "exp",
+ type=int,
+ help="banning time in seconds (default : 86400)",
+ default=86400,
+ )
+
+ # Bans subparser
+ parser_bans = subparsers.add_parser("bans", help="list current bans")
+
# Parse args
args = parser.parse_args()
@@ -37,6 +50,10 @@ if __name__ == "__main__":
ret, err = False, "unknown command"
if args.command == "unban":
ret, err = cli.unban(args.ip)
+ elif args.command == "ban":
+ ret, err = cli.ban(args.ip, args.exp)
+ elif args.command == "bans":
+ ret, err = cli.bans()
if not ret:
logger.error(f"CLI command status : ❌ (fail)\n{err}")
@@ -50,5 +67,3 @@ if __name__ == "__main__":
except:
logger.error(f"Error while executing bwcli :\n{format_exc()}")
sys_exit(1)
-
- sys_exit(0)
diff --git a/src/common/core/bunkernet/jobs/bunkernet-data.py b/src/common/core/bunkernet/jobs/bunkernet-data.py
index e6c3e6cfb..8c2b96038 100755
--- a/src/common/core/bunkernet/jobs/bunkernet-data.py
+++ b/src/common/core/bunkernet/jobs/bunkernet-data.py
@@ -113,7 +113,7 @@ try:
checksum=new_hash,
)
if err:
- logger.warning(f"Couldn't update db cache: {err}")
+ logger.warning(f"Couldn't update db ip.list cache: {err}")
logger.info("Successfully saved BunkerNet data")
diff --git a/src/common/core/bunkernet/jobs/bunkernet-register.py b/src/common/core/bunkernet/jobs/bunkernet-register.py
index ca7167a54..78fa25750 100755
--- a/src/common/core/bunkernet/jobs/bunkernet-register.py
+++ b/src/common/core/bunkernet/jobs/bunkernet-register.py
@@ -117,15 +117,15 @@ try:
with open("/var/cache/bunkerweb/bunkernet/instance.id", "w") as f:
f.write(bunkernet_id)
- # Update db
- err = db.update_job_cache(
- "bunkernet-register",
- None,
- "instance.id",
- f"{bunkernet_id}".encode("utf-8"),
- )
- if err:
- logger.warning(f"Couldn't update db cache: {err}")
+ # Update db
+ err = db.update_job_cache(
+ "bunkernet-register",
+ None,
+ "instance.id",
+ f"{bunkernet_id}".encode("utf-8"),
+ )
+ if err:
+ logger.warning(f"Couldn't update db cache: {err}")
else:
logger.error("Connectivity with BunkerWeb failed ...")
status = 2
diff --git a/src/common/core/letsencrypt/jobs/certbot-deploy.py b/src/common/core/letsencrypt/jobs/certbot-deploy.py
index 41218c966..3d2b6305f 100755
--- a/src/common/core/letsencrypt/jobs/certbot-deploy.py
+++ b/src/common/core/letsencrypt/jobs/certbot-deploy.py
@@ -1,10 +1,9 @@
#!/usr/bin/python3
-from asyncio import run
from io import BytesIO
from os import environ, getenv
from os.path import exists
-from subprocess import DEVNULL, STDOUT
+from subprocess import run, DEVNULL, STDOUT
from sys import exit as sys_exit, path as sys_path
from tarfile import open as tar_open
from traceback import format_exc
@@ -34,6 +33,8 @@ try:
with open("/usr/share/bunkerweb/INTEGRATION", "r") as f:
bw_integration = f.read().strip()
token = getenv("CERTBOT_TOKEN")
+
+ logger.info(f"Certificates renewal for {getenv('RENEWED_DOMAINS')} successful")
# Cluster case
if bw_integration in ("Swarm", "Kubernetes", "Autoconf"):
diff --git a/src/common/core/letsencrypt/jobs/certbot-renew.py b/src/common/core/letsencrypt/jobs/certbot-renew.py
index 237bc8a2c..9e7951f1e 100755
--- a/src/common/core/letsencrypt/jobs/certbot-renew.py
+++ b/src/common/core/letsencrypt/jobs/certbot-renew.py
@@ -28,7 +28,6 @@ logger = setup_logger("LETS-ENCRYPT", getenv("LOG_LEVEL", "INFO"))
status = 0
try:
-
if getenv("MULTISITE") == "yes":
for first_server in getenv("SERVER_NAME").split(" "):
if first_server == "":
@@ -46,11 +45,6 @@ try:
logger.error(
f"Certificates renewal for {first_server} failed",
)
- else:
- logger.info(
- f"Certificates renewal for {first_server} successful",
- )
-
elif getenv("AUTO_LETS_ENCRYPT") == "yes" and getenv("SERVER_NAME") != "":
first_server = getenv("SERVER_NAME").split(" ")[0]
if exists(f"/etc/letsencrypt/live/{first_server}/cert.pem"):
@@ -60,10 +54,6 @@ try:
logger.error(
f"Certificates renewal for {first_server} failed",
)
- else:
- logger.info(
- f"Certificates renewal for {first_server} successful",
- )
except:
status = 2
diff --git a/src/common/utils/ApiCaller.py b/src/common/utils/ApiCaller.py
index eaf8698f2..a359bf3ad 100644
--- a/src/common/utils/ApiCaller.py
+++ b/src/common/utils/ApiCaller.py
@@ -100,7 +100,7 @@ class ApiCaller:
def _get_apis(self):
return self.__apis
- def _send_to_apis(self, method, url, files=None, data=None):
+ def _send_to_apis(self, method, url, files=None, data=None, response=False):
ret = True
for api in self.__apis:
if files is not None:
@@ -122,6 +122,9 @@ class ApiCaller:
self.__logger.info(
f"Successfully sent API request to {api.get_endpoint()}{url}",
)
+
+ if response:
+ return ret, resp.json()
return ret
def _send_files(self, path, url):
diff --git a/src/linux/Dockerfile-centos b/src/linux/Dockerfile-centos
index 203e3da48..65625c1e2 100644
--- a/src/linux/Dockerfile-centos
+++ b/src/linux/Dockerfile-centos
@@ -31,7 +31,9 @@ RUN dnf install -y python39-pip brotli brotli-devel gperftools-devel perl libxsl
chmod +x /tmp/bunkerweb/deps/install.sh && \
bash /tmp/bunkerweb/deps/install.sh && \
mkdir /usr/share/bunkerweb/deps/python && \
- pip3.9 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt
+ # Dirty fix to avoid errors with --target and packages same namespace
+ cp -r /usr/lib64/python3.9/* /usr/lib/python3.9/ && \
+ PYTHONPLATLIBDIR=lib pip3.9 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt
# Copy files
# can't exclude deps from . so we are copying everything by hand
diff --git a/src/linux/Dockerfile-fedora b/src/linux/Dockerfile-fedora
index 52f609f91..e4da5c9c0 100644
--- a/src/linux/Dockerfile-fedora
+++ b/src/linux/Dockerfile-fedora
@@ -29,7 +29,9 @@ RUN dnf install -y python3-pip brotli brotli-devel gperftools-devel perl libxslt
chmod +x /tmp/bunkerweb/deps/install.sh && \
bash /tmp/bunkerweb/deps/install.sh && \
mkdir /usr/share/bunkerweb/deps/python && \
- pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt
+ # Dirty fix to avoid errors with --target and packages same namespace
+ cp -r /usr/lib64/python3.10/* /usr/lib/python3.10/ && \
+ PYTHONPLATLIBDIR=lib pip3.10 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt
# Copy files
# can't exclude deps from . so we are copying everything by hand
@@ -56,7 +58,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir /var/cache/bunkerweb/ && \
mkdir /etc/bunkerweb/plugins && \
mkdir /var/tmp/bunkerweb/ && \
- #mkdir /var/www/html && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/deps -prune -o -type d -exec chmod 0750 {} \; && \
@@ -79,4 +80,4 @@ COPY src/linux/bunkerweb-ui.service /usr/share/bunkerweb-ui.service
# Generate DEB at startup
VOLUME /data
WORKDIR /usr/share/
-ENTRYPOINT ["/usr/share/fpm.sh", "deb"]
\ No newline at end of file
+ENTRYPOINT ["/usr/share/fpm.sh", "deb"]
diff --git a/src/linux/Dockerfile-rhel b/src/linux/Dockerfile-rhel
new file mode 100644
index 000000000..b8ebc0f35
--- /dev/null
+++ b/src/linux/Dockerfile-rhel
@@ -0,0 +1,87 @@
+FROM redhat/ubi8:8.6
+
+ENV OS=rhel
+ENV NGINX_VERSION 1.20.2
+
+# RHEL subscription
+RUN subscription-manager register --username=username --password=password --auto-attach
+
+# Install fpm
+RUN dnf install -y ruby ruby-devel make gcc redhat-rpm-config rpm-build wget && \
+ wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+ rpm -Uvh epel-release*rpm && \
+ dnf module -y reset ruby && dnf module -y enable ruby:2.6 && dnf module -y install ruby:2.6/common && \
+ gem install fpm
+
+# Nginx
+COPY linux/nginx.repo /etc/yum.repos.d/nginx.repo
+RUN dnf install yum-utils -y && \
+ dnf install nginx-1.20.2 -y
+
+# Copy dependencies sources folder
+COPY src/common/deps /tmp/bunkerweb/deps
+COPY src/scheduler/requirements.txt /tmp/req/requirements.txt
+COPY src/ui/requirements.txt /tmp/req/requirements.txt.1
+COPY src/common/gen/requirements.txt /tmp/req/requirements.txt.2
+COPY src/common/db/requirements.txt /tmp/req/requirements.txt.3
+
+RUN mkdir -p /usr/share/bunkerweb/deps && \
+ cat /tmp/req/requirements.txt /tmp/req/requirements.txt.1 /tmp/req/requirements.txt.2 /tmp/req/requirements.txt.3 > /tmp/bunkerweb/deps/requirements.txt && \
+ rm -rf /tmp/req
+
+# Compile and install dependencies
+RUN dnf install -y python39-pip brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 libxslt bash gd gd-devel gcc-c++ kernel-devel curl znc-modtcl libmpc-devel gmp-devel gawk mpfr-devel libtool pcre-devel automake autoconf readline-devel gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel lmdb-libs && \
+ mkdir -p /usr/share/bunkerweb/deps && \
+ chmod +x /tmp/bunkerweb/deps/install.sh && \
+ bash /tmp/bunkerweb/deps/install.sh && \
+ mkdir /usr/share/bunkerweb/deps/python && \
+ pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt
+
+# Copy BW files
+# can't exclude deps from . so we are copying everything by hand
+COPY src/bw/loading /usr/share/bunkerweb/loading
+COPY src/bw/lua /usr/share/bunkerweb/lua
+COPY src/bw/misc /usr/share/bunkerweb/misc
+COPY src/common/api /usr/share/bunkerweb/api
+COPY src/common/cli /usr/share/bunkerweb/cli
+COPY src/common/confs /usr/share/bunkerweb/confs
+COPY src/common/core /usr/share/bunkerweb/core
+COPY src/common/db /usr/share/bunkerweb/db
+COPY src/common/gen /usr/share/bunkerweb/gen
+COPY src/common/helpers /usr/share/bunkerweb/helpers
+COPY src/common/settings.json /usr/share/bunkerweb/settings.json
+COPY src/common/utils /usr/share/bunkerweb/utils
+COPY src/scheduler /usr/share/bunkerweb/scheduler
+COPY src/ui /usr/share/bunkerweb/ui
+COPY src/VERSION /usr/share/bunkerweb/VERSION
+
+# Setup BW
+RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
+ chmod 755 /usr/bin/bwcli && \
+ mkdir /etc/bunkerweb/configs && \
+ mkdir /var/cache/bunkerweb/ && \
+ mkdir /etc/bunkerweb/plugins && \
+ mkdir /var/tmp/bunkerweb/ && \
+ echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
+ find /usr/share/bunkerweb -path /usr/share/bunkerweb/deps -prune -o -type f -exec chmod 0740 {} \; && \
+ find /usr/share/bunkerweb -path /usr/share/bunkerweb/deps -prune -o -type d -exec chmod 0750 {} \; && \
+ chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ && \
+ chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/ui/main.py && \
+ find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \
+ pip install --no-cache-dir --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/ui/deps/requirements.txt && \
+ chmod 755 /usr/share/bunkerweb
+
+# Copy Linux files
+COPY src/linux/variables.env /etc/bunkerweb/variables.env
+COPY src/linux/ui.env /etc/bunkerweb/ui.env
+COPY src/linux/scripts /usr/share/bunkerweb/scripts
+COPY src/linux/fpm.sh /usr/share/fpm.sh
+RUN chmod +x /usr/share/bunkerweb/scripts/*.sh /usr/share/fpm.sh
+COPY src/linux/fpm-rhel /usr/share/.fpm
+COPY src/linux/bunkerweb.service /usr/share/bunkerweb.service
+COPY src/linux/bunkerweb-ui.service /usr/share/bunkerweb-ui.service
+
+# Generate RPM at startup
+VOLUME /data
+WORKDIR /usr/share/
+ENTRYPOINT ["/usr/share/fpm.sh", "rpm"]
\ No newline at end of file
diff --git a/src/linux/bunkerweb.service b/src/linux/bunkerweb.service
index 1a9608b0e..5e598d193 100644
--- a/src/linux/bunkerweb.service
+++ b/src/linux/bunkerweb.service
@@ -4,6 +4,7 @@ Documentation=https://docs.bunkerweb.io
After=network.target
[Service]
+Restart=always
User=root
PIDFile=/var/tmp/bunkerweb/scheduler.pid
ExecStart=/usr/share/bunkerweb/scripts/start.sh start
diff --git a/src/linux/fpm-rhel b/src/linux/fpm-rhel
new file mode 100644
index 000000000..26452e295
--- /dev/null
+++ b/src/linux/fpm-rhel
@@ -0,0 +1,13 @@
+-s dir
+--name bunkerweb
+--license agpl3
+--version %VERSION%
+--architecture x86_64
+--depends bash --depends epel-release --depends python39 --depends 'nginx = 1:1.20.2-1.el8.ngx' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends GeoIP-devel --depends file-libs --depends net-tools --depends gd --depends sudo
+--description "BunkerWeb %VERSION% for Rhel 8"
+--url "https://www.bunkerweb.io"
+--maintainer "Bunkerity "
+--after-install /usr/share/bunkerweb/scripts/postinstall.sh
+--before-remove /usr/share/bunkerweb/scripts/beforeRemove.sh
+--after-remove /usr/share/bunkerweb/scripts/afterRemove.sh
+/usr/share/bunkerweb/=/usr/share/bunkerweb/ bunkerweb.service=/etc/systemd/system/bunkerweb.service bunkerweb-ui.service=/etc/systemd/system/bunkerweb-ui.service /usr/bin/bwcli=/usr/bin/bwcli
\ No newline at end of file
diff --git a/src/scheduler/Dockerfile b/src/scheduler/Dockerfile
index 00626fbe5..01f403f3b 100644
--- a/src/scheduler/Dockerfile
+++ b/src/scheduler/Dockerfile
@@ -58,7 +58,7 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \
chmod 660 /usr/share/bunkerweb/INTEGRATION
# Fix CVEs
-RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1"
+RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0"
VOLUME /data /etc/nginx
diff --git a/src/ui/Dockerfile b/src/ui/Dockerfile
index cc30e5718..e9b2f6077 100755
--- a/src/ui/Dockerfile
+++ b/src/ui/Dockerfile
@@ -48,7 +48,7 @@ RUN apk add --no-cache bash file && \
chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/deps/python/bin/*
# Fix CVEs
-RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1"
+RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0"
VOLUME /data /etc/nginx
diff --git a/src/ui/src/Config.py b/src/ui/src/Config.py
index b3bbcdb9b..5f1963340 100644
--- a/src/ui/src/Config.py
+++ b/src/ui/src/Config.py
@@ -24,14 +24,14 @@ class Config:
self.__logger.warning(
"Database is not initialized, retrying in 5s ...",
)
- sleep(3)
+ sleep(5)
env = self.__db.get_config()
while not self.__db.is_first_config_saved() or not env:
self.__logger.warning(
"Database doesn't have any config saved yet, retrying in 5s ...",
)
- sleep(3)
+ sleep(5)
env = self.__db.get_config()
self.reload_plugins()