mirror of
https://github.com/bunkerity/bunkerweb
synced 2026-05-24 09:28:37 +00:00
Squashed 'src/deps/src/libmaxminddb/' changes from 93a7e0e56..f24301d52
f24301d52Update version to v1.5.6 and fix database and ModSecurity-nginx issuese8a9a338fUpdate CHANGELOG.mdaa4f40497Update python deps and hashesa08beb843fix misspelled banner949bf545cfix safari home cards0044e68c8update style0b2a78425Merge remote-tracking branch 'origin/dev' into ui6b25619c5Merge branch 'dev' of github.com:bunkerity/bunkerweb into devd1a8b99befix Linux versions in README, fix UI not working when serve behind / and revert back to bullseye for tests machinesf8f4db910add go back btn on totp pageeb2042a0etests - downgrade docker-py package to fix breaking changeecada3d70tests - update bullseye to bookwormb585376f1tests - update ansible version8ad1adb92Merge branch 'dev' into stagingb7bc89adetests - update ansible role for swarm and replace profile with account for ui9d274afe2tests - fix selector for account page6a33859d2Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev0bcb4e19cedit external plugins link and fix ui tests menu selector369972e57add menu image to access account page7af34f33dhighlight manage account + new position54e76dae4update js for account pagebeee0bf97safari fix + update profile34ce47079update doc for web UI account, add ISO format to country core and update version of plugins80983f3fechange alert to warningfd66075e4update docb8df6611eUpdate mkdocs markdown_extensionse2bfa8560Add lost 2FA recovery procedureb1d5ab260Update database metadata initialization logic7e0d9c78bAdd automatic DB migration between any 1.5.x version and the latest one6d5a6a9b9add web-ui manage profile section7e018e984Merge branch 'dev' into stagingf2ceca82dMerge pull request #837 from bunkerity/devaec4021b2Fix UI tests with wrong redirection17c3eae3eApply pre-commit-config to all filesf6d7d177aUpdate CLI.py with environment variable handlingf4c07bca6Downgrade prettier pre-commit hook as the latest one isn't an official release0ec97a77cUpdate shebang to use env python3c4bcaba03Lint and format lua files + Fix luacheck warnings and errors + Update pre-commit-config hooks4cb896cfcMerge remote-tracking branch 'origin/dev' into ui83854838aupdate logo on error and misc files2c548657eenhance ui85e0a8292fix country core tests and reflect changes on redis core tests19a2c08c5fix country core typo, add missing tls to magento tests and add local cachestored3ba9720cUpdate password input field in UI tests and profile page + edit back logic with profile page form submissionb3a5dfeaatests - add tls checks on common name748a56811Merge pull request #835 from bunkerity/devf843cbda5Fix weird behavior when MULTISITE mode is set to no and the SERVER_NAME is empty7a80516fbFix core country test as 2.0.0.3 as country code GB and not US anymoree36dc32bcMerge branch 'dev' of github.com:bunkerity/bunkerweb into devb2c58a76fbw - fix colors752317f1cRemove no longer used zope deps init740018e26Fix shenanigans with BunkerNet and the instance.id filea55e2699bUpdate gunicorn worker class to gthread90f6ceea1Revert "Test weird bug with ui linux tests"46e3a10e4Test weird bug with ui linux testsbcfe623e0Update how the python deps are installed in linux tests (core & ui)676afd4c1Allow web UI to use multiple workers309c5d0feFix weird shenanigans with zope python depscff05457dMove monkey patch command in web UI and add dynamic threadingff7cb04c3Remove useless code in web UI tests3e63f2ad0Fix potential python deps not being imported in web UI413500e5dUse Python 3.12 in workflows3e0a987a6Remove the need for codeql job to complete before going to the next stage in dev workflow624ed08afUpdate ui startup scriptd5732b697Deactivate anonymous reporting at first startup6fc5ca745Merge pull request #816 from bunkerity/dependabot/terraform/tests/terraform/dev/scaleway/scaleway-2.35.0dcb924f54Merge pull request #772 from bunkerity/dependabot/terraform/tests/terraform/dev/hashicorp/kubernetes-2.24.0fecf4a898update version to 1.5.5d3cfbfec6bw - fix typo in blacklist core0867846f8bw - fix typo in server.confe108d3f53bw - init work on reason data and fix nil REDIS_SENTINEL_HOSTS for sessions68b3d6785bw - fix redis error when using sessions and fix redis connection pool not usedd475a4e31scheduler - fix missing custom configs when instances change37f11eadejobs - remove certbot renew delay3ba295d14Fix firefox installation in linux tests109b9cc6aadd operation valuecd5ee103dAdd cooldown to anonymous report job9e8afa18badd tab switch related to formed45e2290Update ui tests with new profile page formatbba987904Merge pull request #834 from bunkerity/devd7c49e237Update sqlalchemy to version 2.0.25 & update python deps hashes957817926Pin aquasecurity/trivy-action version in workflows2b0540f44Fix UI defaults with Linux Integration7a247e643Fix wizard redirection even when the UI isn't configured355d67164bw - dont retrieve ctx when using apia21ab3ca7add profile dark mode + enhance flash48ea94f11update ui2197f72beFix ui linux tests getting the wrong id of the totp button8d900437fMerge branch 'dev' of github.com:bunkerity/bunkerweb into deva8bfd0336Update and fix the whole user management of the web UIce8022a43Fix bwcli shenanigans with external databases7759338e3Update python deps6e70da4a5Switch gunicorn worker_class back to geventd4ef6fdffMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev5ad99ac82bw - various improvements to redis sentinelbeaf868fdMerge pull request #831 from bunkerity/uid091e5299enhance stylead2253f89totp form name different from user onedb0f23855delete totp duplicate logo66fa2df6cMerge remote-tracking branch 'origin/dev' into ui0a130c404Fix tests ui Linux env file having the default values98b4c0631Fix problems with ui tests and the ui.env file for Linux and the IP address of the container for DOcker935650900Update cached mmdb files379cf17e7Update tests ui linux workflow file to have the right BunkerWeb config551a0b520bw - clusterstore fixesaeedf30fabw - redis sentinel support (WIP)1b0c1cdb7Merge commit '8f051820b9c885fd6bbe4c8fdbb0dc1f888aaae2' as 'src/deps/src/lua-resty-redis-connector'8f051820bSquashed 'src/deps/src/lua-resty-redis-connector/' content from commit 02a29f93af8fa60e2bw - fix is_whitelisted function and fix typo in country corea4f72f1c1bw - various fixes after LUA improvements077b2c1c1bw - various improvements and refactoring (WIP)020ec53e0Merge pull request #830 from bunkerity/devaea3fae2bUpdate CHANGELOG.mda5e0ceed3[#795] Add setting REVERSE_PROXY_INCLUDES to manually add "include" directives in the reverse proxiesfdb01b305Fix shenanigans with the ui user edition91448f1f4Add a log in the UI when a login attempt is maded1d82aa30Add UI tests for the profile page and the Wizard13f477b75Merge pull request #829 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.165.132777c25eMerge commit 'dda63ddceeb1f4ffdd97d6aa95ac24a1a7eeede7' into devdda63ddceSquashed 'src/deps/src/lua-resty-openssl/' changes from 5aba923e7..7f25f00ba116ca2226Update lua-resty-openssl to version v1.2.080f8d1548Update CHANGELOG.md22c6e1c6dUpdate python depsc7e690d94deps/gha: bump ruby/setup-ruby from 1.165.0 to 1.165.1364a779b2Merge pull request #827 from bunkerity/uibd23ae609Merge pull request #826 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.165.0b3462dc95enhance profile page1bd0dcbd7deps/gha: bump ruby/setup-ruby from 1.163.0 to 1.165.0556fc6936update totp and profile style1920d89b4Add back-end logic for 2FA in UI398be9147fix password submit behavior783d83094add 2FA pagesbafd3a5b6Add more security to UI by checking client IP and UA with a sessionfbbe6b49dUpdate regex for url in wizard5f74b357cAdd profile editing logic in the UIe938d48ffenhance error pagea950f55e7Merge pull request #825 from bunkerity/uiffbe1e3b6Update ui tests to new formats38eb98c39update setup.html and popover33211902dfix ui height + select auto submite348e92bcMerge pull request #824 from bunkerity/dev9eb816ef3Add flash messages to setup.html as wellaa9bcdc3dMerge pull request #823 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.163.0a85297c61Merge pull request #818 from bunkerity/dependabot/github_actions/dev/github/codeql-action-3.22.12f3c4415f5Merge pull request #817 from bunkerity/dependabot/github_actions/dev/actions/setup-node-4.0.13d59f7697Update CHANGELOG.mddba906db0Update python images in Dockerfile to 3.12.1-alpine3.18a458e650fUpdate python depsdcf6fc1cebw - various fixes for tls management and init work on shared ctx on subrequests9d74de299deps/gha: bump ruby/setup-ruby from 1.162.0 to 1.163.034c065722road to certificate fallback35d46f424deps - patch modsecurity-nginx to load it before brotli module8b0c8de42add defaul ssl cert and patch modsec to execute after brotli8dfd8dc9bdeps/gha: bump github/codeql-action from 3.22.11 to 3.22.1256f350d62deps/gha: bump actions/setup-node from 4.0.0 to 4.0.163a90005cMerge branch 'dev' into ui20c2f4ffdprecommit config29c88027eenhance ui5c10eaeb7Merge pull request #808 from bunkerity/dependabot/github_actions/dev/github/codeql-action-3.22.11093366d15Merge pull request #810 from bunkerity/dependabot/github_actions/dev/actions/upload-artifact-4.0.0ac3fc2a78Merge pull request #815 from bunkerity/dependabot/github_actions/dev/docker/metadata-action-5.4.04f28cfbbcMerge pull request #814 from bunkerity/dependabot/github_actions/dev/actions/download-artifact-4.1.0cd7ef7448Merge pull request #813 from bunkerity/dependabot/github_actions/dev/aquasecurity/trivy-action-91713af97dc80187565512baba96e4364e983601e3d21c647start adding aria0e3c32213deps/terraform: bump scaleway/scaleway in /tests/terraform6a5616472Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev436208007continue work on dynamic TLS cert/key with fallback7fbf17a0eupdate doc0945f2052Merge branch 'dev' into uiaab019d17Fix SERVER_NAME setting when not in multisite modec39793a31Fix shenanigans when SERVER_NAME is emptyde3ba0a57precommit done3e51cc78fFix error with selects when trying to add a new settings in the database init_tables809c5f45edeps/gha: bump docker/metadata-action from 5.3.0 to 5.4.0c344b302cdeps/gha: bump actions/download-artifact from 3.0.2 to 4.1.0504aeb9d0enhance uib41bd619clighter error file73f3a7ac8deps/gha: bump aquasecurity/trivy-action1dd85364dadd example and test for k8s/tls support53a143d71init work on supporting tls ingress on k8s62449f84ccontinue work on ssl/tls fallback and management8efcd2b8assl refactoring - wip946e292b3ssl refactoring - wipc5d9c6936docs - add ecosystem section to intro and fix social cards text color98ac205eadeps/gha: bump actions/upload-artifact from 3.1.3 to 4.0.0056eb0375fix some stylecab17e061add profile page5b5898eacAdd support for soft database update when updating the version18adaee07deps/gha: bump github/codeql-action from 2.22.10 to 3.22.1171acbbc0bdocs - add social cards549bbe170fix news + enhance style6c5169473Update settings.mded06c513cudpate ui and utm0657b7b29Update CHANGELOG.mdda9fb7af7Add support for fallback Referrer-Policies747cbe13eMerge pull request #807 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.10a9ac4f298Update python depsa478905beUpdate BunkerWeb logo and asciib08c53365Soft merge branch "ui" into branch "dev"0811d2821deps/gha: bump github/codeql-action from 2.22.9 to 2.22.10cf2a5ed84add panel on about and troubledc55beaabadd ecosystem page on doc4f43f6165Merge pull request #805 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.162.05f72dbf6fMerge pull request #803 from bunkerity/dependabot/docker/src/autoconf/dev/python-3.12.1-alpine3.18ce728cf90Merge pull request #802 from bunkerity/dependabot/docker/src/scheduler/dev/python-3.12.1-alpine3.1883b06abe7Merge pull request #801 from bunkerity/dependabot/docker/src/ui/dev/python-3.12.1-alpine3.18f7d250504Merge pull request #800 from bunkerity/dependabot/github_actions/dev/rickstaa/action-create-tag-1.7.2e4888197aMerge pull request #799 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.902d6c4111add utm716e69027deps/gha: bump ruby/setup-ruby from 1.161.0 to 1.162.047350f5f0update compose to test uiea45f3c11docs - update logos6ef1513d7start adding banner5b236e769Merge branch 'dev' into uie6c5df12dadd utm8eff772fedeps/autoconf: bump python in /src/autoconf0f2bf17a5deps/scheduler: bump python in /src/schedulerde30a734fdeps/ui: bump python in /src/ui10f0ee7eedeps/gha: bump rickstaa/action-create-tag from 1.7.1 to 1.7.2456b6a424update utm readme5eb5625a2docs - add basic info about bw panelcb76d1c09deps/gha: bump github/codeql-action from 2.22.8 to 2.22.9e9737dcf4Update API endpoint URL of anonymous report2ee63c0ddMerge pull request #798 from bunkerity/dev607a201c7Update CHANGELOG.mdd3752d25fMerge commit 'cfc32af85c09dcebe4a185e7f1252bfba460bebb' into devcfc32af85Squashed 'src/deps/src/modsecurity/' changes from ccc2d9b536..bbde9381cb4f6c6ae6cUpdate ModSecurity version to v3.0.119dd2b9537Merge pull request #797 from bunkerity/dev2b11f24a3Fix db core testa0765085dRevert "Test CVE fixes on bw"220450d4aTest CVE fixes on bwc471ccbf6Remove no longer necessary CVE fixesdfae6be47Merge pull request #792 from bunkerity/dependabot/github_actions/dev/docker/metadata-action-5.3.0531555941Merge pull request #796 from bunkerity/dependabot/github_actions/dev/actions/setup-python-5.0.0ff0f61136Test CVE fixes74dff7665Add anonymous-report job4c7bc9f99Update python deps25cba9febdeps/gha: bump actions/setup-python from 4.7.1 to 5.0.0a5e403426ci/cd - update linux versions when pushing packagesb9ff3911fv1.5.4 releasee1210137bdeps/gha: bump docker/metadata-action from 5.2.0 to 5.3.0588d04c7dMerge branch 'staging' of github.com:bunkerity/bunkerweb into staging0d5ea43fflinux - fix nginx version dependency for rpm builds1fbd3dd51ci/cd - fix k8s/configs test and fix haproxy not working with debian 1282fcff293Add Linux dependencies for Docker in dependabot.ymld3672e6d7tests - show logs when haproxy fails in linux testsa26ff09daupdate php-fpm version for debian tests and add libcap dep to linux packagese1c185cdclinux - add libpcre3 dep to debian packagefe8d9b5f4linux - reflect changes for debian 12 support7f832117dlinux - update supported versions4d967492bRemove no longer existing "—no-redirect" argument in mike command3270131f4ci/cd - fix mike deploy breaking change91f0a9bbcMerge branch 'dev' into stagingb89f2d560road to v1.5.4 🚀bb9aa5c96Merge pull request #789 from bunkerity/dev8302bee4dMerge pull request #788 from bunkerity/uif5d45d237Update CHANGELOG.md and docs for setup wizard589df19c1Add check endpoint and remove USE_CORS flaga283c35a2Add CORS support and update redirect behavior3779cc5dcupdate setup UIff65d0081Fix potential issue with config saver and non Docker and Linux integrations4c109bfe5Update mmdb filesa818e6fa9Merge pull request #787 from bunkerity/ui35bfda5b3Add ui_host variable to form in wizard700b434f4Merge pull request #786 from bunkerity/dev7f030d893Handle start and stop event of BunkerWeb with the scheduler in Dockeraa3fd4edfMerge pull request #784 from bunkerity/dependabot/github_actions/dev/docker/metadata-action-5.2.0bb41e8597deps/gha: bump docker/metadata-action from 5.0.0 to 5.2.0f5ed1b5d2update setup uif159b17eeAdd HTML files to linguist-vendored list18ab9cebcMerge branch 'dev' into uiff9566b49Update Python base image SHA256c439488eaUpdate bcrypt version to 4.1.11e1245ff2Add Python 3.9 setup and install dependencies for codeQL workflowf8dc2f818Fix plugin system link in README.md3920ce03dFix formatting and remove unused code43c288046ui - add CORS to wizard check endpointc22646de1Fix regex pattern for REVERSE_PROXY_PATHbf5dadb43Refactor User class to use property decorator for password_hashc1e25a64aAdd random URL generation for setup.html1daa4103fFix server name validation bug1e52dd9fbMerge branch 'ui' into dev53706a75efix print and remove cdnafeb5e454Update wizard back logic and tweak setup.htmlb3e0a9e8cUpdate python dependenciescbb595e1cdeps/terraform: bump hashicorp/kubernetes in /tests/terraformc16e95471update setup html9917fbd86setup in-page style and image97f9048bdMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev49b745a2aui - init work on /setup endpoint on default server7778bd106Merge pull request #769 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.8aca470332Merge branch 'dev' into ui68a8f8eb0Merge branch 'ui' into dev834d4568eRefactor database session handling2ec0c7e39deps/gha: bump github/codeql-action from 2.22.7 to 2.22.83269e7ec5Fix missing admin_password_check validation in setup formdead40ec6Squashed 'src/deps/src/lua-resty-openssl/' changes from 89195843c..5aba923e7ddb3daae3Merge commit 'dead40ec6d1b5907f2803a6bb55f006dd27203ba' into dev0142ba1d2Update lua-resty-openssl version to v1.0.297a78650eUpdate dependencies versions10e5dc4f4Merge pull request #766 from bunkerity/dependabot/github_actions/dev/docker/build-push-action-5.1.018aab10dfUpdate Firefox installation in Linux workflowsb8145f3f2Add website link to README.mdf92e32757add confirm passwordcdd436bf8add reverse proxy inp setup4fe52d0f0Merge branch 'dev' into uiefaaf454eAdd conditional block for open file cache configuration3a1b779b5deps/gha: bump docker/build-push-action from 5.0.0 to 5.1.076c848ed4add server name input57b0787dcci/cd - add more logs when k8s failsb4d790aadCreate web UI wizard functionality (backside)d457a6f03Merge pull request #765 from bunkerity/dev2964669d9Merge pull request #764 from bunkerity/deveb160334fMerge commit 'f7bc0d87200a0ec786c88091530734f265a6a8c2' into devf7bc0d872Squashed 'src/deps/src/lua-nginx-module/' changes from 11ab5315b..c47084b5de1c67363eMerge commit 'c7f7669a8cbbcf7f7ce0fc2a294bd7e316522236' into devc7f7669a8Squashed 'src/deps/src/headers-more-nginx-module/' changes from 576cb8197..bea1be3bb8da04e022Merge commit '6ed1ec58b1acdc1acb00e840df89311812ee8422' into dev6ed1ec58bSquashed 'src/deps/src/luajit/' changes from aa038d259..4182d6bf3dab004604Update LuaJIT to version v2.1-20231117e5e7db36eMerge pull request #763 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.7984a3de5cadd setup templatef36d2d0c9Merge branch 'dev' into uibc9979785deps/gha: bump github/codeql-action from 2.22.6 to 2.22.7a1695cf3bMerge pull request #762 from bunkerity/dev69a570bcaMerge pull request #760 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.6e66b7b79bRemove urllib3[socks] from requirements.in files ... Update Dockerfiles to fix errors when installing depsde4173878Merge commit '5d2b6eef6e0c83bc3e1b14e48233e423f2f8c37d' into dev5d2b6eef6Squashed 'src/deps/src/lua-nginx-module/' changes from c47084b5d7..11ab5315b0d75296b5aSquashed 'src/deps/src/headers-more-nginx-module/' changes from bea1be3bbf..576cb81979a09c899deMerge commit 'd75296b5a55889c4425f2b2274b50eabc5b96b3e' into devf583d996aSquashed 'src/deps/src/luajit/' changes from 492cfdd0d8..aa038d259911ab5315bMerge commit 'f583d996a108a58166fc986bf4227a3cea432a07' into devf8429d6e4Update LuaJIT to v2.1-20231021576cb8197Merge commit 'c473aa40807f32438ffe34bdfe07f8f0485a6aa4' into devc473aa408Squashed 'src/deps/src/lua-resty-openssl/' changes from b23c072a4..89195843c456e6a33dUpdate lua-resty-openssl to v1.0.111c4fde61Merge commit '805e5c9cee2a72af6b6297b2993109511b42d485' into dev805e5c9ceSquashed 'src/deps/src/libmaxminddb/' changes from ac4d0d248..93a7e0e56afcf420eeUpdate libmaxminddb to v1.8.07aa6affe1Merge commit 'e3f305a953ef5dbf6802090c7013f4c38d762449' into deve3f305a95Squashed 'src/deps/src/ngx_devel_kit/' changes from b4642d6ca..91e30eb05cba20187cUpdate Nginx devel kit to v0.3.310a58377bFix multiple CVEs related to libpq * CVE-2023-5869 * CVE-2023-5868 * CVE-2023-58707c564e4cbUpdate pre-commit hooks to latest versionsfe0249454deps/gha: bump github/codeql-action from 2.22.5 to 2.22.6bff775f00Fix issues with the Linux integration and external databases71db00281Merge pull request #759 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.161.0940eecd06deps/gha: bump ruby/setup-ruby from 1.160.0 to 1.161.042f7ef486Update user interface demo image in README.mdb2a56a82aUpdate BunkerWeb UI demo to use thumbnail image0d0bad79bUpdate Python version in Dockerfilesb539a97adFix CVE CVE-2023-5678 in Dockerfiles05da26f01Update dependencies to latest versionse153c33aaUpdate maxminddb and other dependencies versions8d024a099Merge pull request #751 from bunkerity/dependabot/github_actions/dev/rickstaa/action-create-tag-1.7.1ca6271c60Merge pull request #750 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.160.0fbbec2f7fdeps/gha: bump rickstaa/action-create-tag from 1.6.6 to 1.7.19c6f5289ddeps/gha: bump ruby/setup-ruby from 1.159.0 to 1.160.0bcded8f7cAdd refurb as a pre-commit-config hook and apply pre-commit-config966a78da9Update Git attributes to ignore text and end-of-line settings for vendored filesf111124b3Update dependencies versionsd2b82b29dFix CVEs CVE-2023-43787, CVE-2023-43785 and CVE-2023-43786dc5a7b8b2Update mmdb filesc32522ae2Update Certbot module to version 2.7.4 + Update python deps hashes54ead4e49Merge pull request #744 from bunkerity/dependabot/github_actions/dev/rickstaa/action-create-tag-1.6.6d83536969deps/gha: bump rickstaa/action-create-tag from 1.6.4 to 1.6.6b79b6548bMerge pull request #741 from bunkerity/dependabot/github_actions/dev/hashicorp/setup-terraform-3.0.0b05b98185docs - update plugins to 1.2e8803e346cache linux test images, fix linux example of proxy protocol and add more logs to k8s tests7565b2df5Merge branch 'dev' into stagingc817f45abadd ready checks to limit and redis core tests and fix wrong http port for behind reverse proxy linux testf9f616a66Merge branch 'dev' into staging4871185dcUpdate python deps and pin Flask-Login versioncd773b6e8add ready checks to reversecan and sessions tests898ef2effdeps/gha: bump hashicorp/setup-terraform from 2.0.3 to 3.0.0fa628cb7dlinux - add default API_LISTEN_IP18d682b5alinux - add missing API_LISTEN_IP initial setting and perform only hot reload4fbd974d2tests - set trace verbosity for geckodriver logsa7c343369Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev7d69b9105tests - fix missing geckodriver log file in ui tests29d7d94b2[#739] Fix potential issue when fetching docker instances in the web UI84eb94720tests - add geckodriver log file for ui tests40e118a71tests - add more logs to ui linux tests0e3d8e59ctests - retry UI access in case of network exception86875f486tests - fix misc ready check when using https and add ready checks for linux uid4a2ba5fctests - add ready checks to customcert and misc3020c5c8etests - add ready check for customcert core testc1562bc89Merge pull request #737 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.5322cfd217deps/gha: bump github/codeql-action from 2.22.4 to 2.22.5caf732be1Merge pull request #736 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.159.0667620b52deps/gha: bump ruby/setup-ruby from 1.158.0 to 1.159.0fb21786b8linux - fixing nginx service not disabled and fix another missing error log path in UI5887b894fui - fix wrong error path when starting nginx4e820f6delinux - remove sudo command when reloading nginx35d16233cci/cd - ignore ready conf for db tests and fix linux path for ready conf9775cd5bbci/cd - fix missing string in /ready endpoint and add /ready endpoint to linux tests274a8cdfbci/cd - trying to fix race condition for core testsd73a5d0f4Merge pull request #735 from bunkerity/deved0e156bcUpdate Werkzeug to version 3.0.1 in web UI8ec9a7df4Fix compatibility issue with Docker Compose v2 2.23.0 in examples and docs72d856abeUpdate certbot to version 2.7.3 + regenerate hashes for db and schedulerab76c458eMerge pull request #732 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.158.06edf97a0ddeps/gha: bump ruby/setup-ruby from 1.157.0 to 1.158.058d6b8142use cap in Linux and add openssf badgea83a74cfaMerge pull request #729 from bunkerity/dev0975de123[#717] Add a pool_recycle database engine arg to avoid losing connection with database762092e5eRemove no longer necessary retrying module8963cb4d1Update python depsc2252503dMerge pull request #721 from bunkerity/dependabot/github_actions/dev/ossf/scorecard-action-2.3.1626f10b4cMerge pull request #722 from bunkerity/dependabot/github_actions/dev/actions/setup-node-4.0.0f2b9fc0f8Merge pull request #724 from bunkerity/dependabot/docker/src/autoconf/dev/python-a5d1738c8eae49e5deps/autoconf: bump python from `dc2e889` to `a5d1738` in /src/autoconfab320794aMerge pull request #723 from bunkerity/dependabot/docker/src/ui/dev/python-a5d1738572436f20Merge pull request #720 from bunkerity/dependabot/docker/src/scheduler/dev/python-a5d17386f366450bdeps/ui: bump python from `dc2e889` to `a5d1738` in /src/uif6d2e205cdeps/scheduler: bump python in /src/scheduler50a60382aFix CVE CVE-2023-5363989c14ae7Fix CVE CVE-2023-5363a847f7778deps/gha: bump actions/setup-node from 3.8.1 to 4.0.08708ad70cdeps/gha: bump ossf/scorecard-action from 2.3.0 to 2.3.1eeda7a18cUpdate python deps + add retrying module to db5193d6cd1Update docker images09ee05083Merge pull request #719 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.157.00afed0621Merge pull request #718 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.48919592f5deps/gha: bump ruby/setup-ruby from 1.156.0 to 1.157.0d253b4438deps/gha: bump github/codeql-action from 2.22.3 to 2.22.4f798a9ef9Merge pull request #715 from bunkerity/devcd902eba3prepare for 1.5.3 🚀029217ff4Fix update-version.sh script10db67b87Merge pull request #714 from bunkerity/devc7543df86Add an handler when the ui test is reaching an error page due to a connectionFailure1f5a1beac[#645] Fix web UI not keeping the data when changing the sub server names + Fix custom cert when the server name have multiple domainsff1fc9280[#712] Fix custom configuration changes not taking effect immediately838dcb17cMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into devb18dbddcdMerge pull request #713 from bunkerity/dependabot/pip/src/scheduler/dev/certbot-2.7.2ca6938dfeUpdate ConfigFiles to use the correct name regex in web UI643ea7c21deps/scheduler: bump certbot from 2.7.1 to 2.7.2 in /src/schedulere41ce10e3Merge pull request #711 from bunkerity/devb265cbad5ci/cd - trying to fix azure/kubectl action7e3aad9f0[#645] Fix impossible to edit the server_name of an already existing service if the primary one was unchanged in web UI60d43d0ceHandle service creation and editing more elegantly in web UI2df85b2c9Updated python:3.12.0-alpine image's sha2563a3255e7bMerge pull request #709 from bunkerity/staging4c273fe84Merge pull request #708 from bunkerity/dev9964f42e6Fix magento k8s testsb2cf8986fTweak magento tests to use latest version back7f219bea0Fix CHANGELOG release date for v1.5.2b9f05ad16Downgrade magento versions to working onesbd6065af8Update python deps and pin urllib3 version to 1.26.18 + Update pre-commit-config to format requirements.in files as well + Apply pre-commit619e5644fRemove pip caching when setting up python in workflows to avoid errors3c3643021Merge pull request #707 from bunkerity/dev7598dbc54Update python depsf3982367aUpdate dependabot script to add reviewers and tweak the scheduled4f65903eUpdate dependabot config file to include terraform and other python deps paths38429efacMerge pull request #705 from bunkerity/dependabot/github_actions/dev/actions/checkout-4.1.1d92e9a07aFix k8s terraform script6738b9552deps/gha: bump actions/checkout from 4.1.0 to 4.1.10da22f44bUpdate k8s terraform file and update scaleway terraform versiond77f6a72cFix README.md links and versions7bf8be324Try to fix magento k8s tests with static versioningb9c5d3277Fix timeout in ui tests and access_page functionb1b1ab868Fix wrong values in helm chart values file for elasticsearch in k8s magento example530b8a945Fix allow empty values when saving a config in web UI22552c5b8[#694] Optimize certbot renew script to renew all domains in one commanddb0dd5dae[#694] Fix rare bug where database is lockedf89456cd4Merge pull request #699 from Crazy3lf/master34d68e8b7Update regex for email476d86706Fix magento k8s tests by removing elasticsearch4a10ec8c3Merge pull request #701 from bunkerity/dev66b1d6bfbMerge pull request #700 from bunkerity/devc4b873e3fFix /etc/bunkerweb dir missing in linux core testsbcaa8faa7Replace deprecated `set-output` command with the new format08944b901Tweak test-core-linux to fix potential bugs13be6a43cAdd more logs when an url file is in cache and gets deleted2737fe7ceUpdate python deps2823fa2abUpdate plugin.json001246b38Merge pull request #697 from bunkerity/ui1a43380d2Merge pull request #696 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.30b319d1aaMerge pull request #695 from bunkerity/dependabot/github_actions/dev/rickstaa/action-create-tag-1.6.47a15f8a65deps/gha: bump github/codeql-action from 2.22.1 to 2.22.3a4a413eecdeps/gha: bump rickstaa/action-create-tag from 1.6.3 to 1.6.47e3dabc5fUpdate patch commands in deps.json to skip Reversed warning29737209bSquashed 'src/deps/src/luajit/' changes from e598aeb74..492cfdd0d8093c6161Merge commit '29737209b138a1485d55c53acf1a6783b6e60167' into dev85913d6b2Update luajit to v2.1-2023100615d3180b6move disabled inp msg522527f0aMerge pull request #690 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.156.085ef4e4deMerge pull request #691 from bunkerity/dev46d8acf7bUpdate dummy-plugin to new standards77bfe2697Add StyLua and luacheck to precommit config file and apply itda2a1eaa5deps/gha: bump ruby/setup-ruby from 1.155.0 to 1.156.0cd1f87b9aUpdate pre-commit config hooks versione25fab28bfix disabled msg behaviorc125a9bddMerge pull request #689 from bunkerity/dev10fd431fbTweak update python deps script to make it more elegant309689185Update pythons deps799756176Merge pull request #684 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.1a12e5ca89Merge pull request #683 from bunkerity/dependabot/github_actions/dev/stefanzweifel/git-auto-commit-action-5.0.015ad3a625Merge pull request #681 from bunkerity/dependabot/github_actions/dev/ossf/scorecard-action-2.3.0c57d725f4Merge pull request #680 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.155.095389260aMerge pull request #688 from bunkerity/dev6e5dd5557Fix CVE CVE-2023-44487565f4e3f7Merge pull request #687 from bunkerity/devf39adcab5Update CHANGELOG.mda3ec85b57Fix often occurring error with ace script in web uib063ac8a3[#652] Fix error when deleting a service that have custom configs on web UIff85f1c2bUpdate CHANGELOG.md4a9fdba42[#645] Fix errors when using a server name with multiple values in web UI47a7e1680Fix secure_scheme_headers shenanigans with web ui453108da9Update mmdb files2cbb10b3aRevert "Test Aqua security vulnerabilities with BW"d4d9f8745Test Aqua security vulnerabilities with BW899484c38deps/gha: bump github/codeql-action from 2.21.9 to 2.22.1d461f3745deps/gha: bump stefanzweifel/git-auto-commit-action from 4.16.0 to 5.0.0cd0ceb48bdeps/gha: bump ossf/scorecard-action from 2.2.0 to 2.3.0dc92ae825deps/gha: bump ruby/setup-ruby from 1.154.0 to 1.155.0f5fe685d4Fix children classes of Testf4ce2c68fFix bw api not returning the reason of bansd1a0f66c9Merge pull request #677 from bunkerity/dev6935d1cb8Merge pull request #676 from bunkerity/dev7ac66a6c6Update python deps2aa9f46efFix default values in whitelist job8f456722eAugment delay in WebDriverWait in ui tests8ae7b8f43Fix redirect tests docker-compose file9b4a9277dAdd libpq as a dependency for the Database to be able to connect with postgres172874d1cFix redirect tests on dockera518f47b9Update CHANGELOG.md0cee41867[#656] Fix ACME renewal fails on redirection enabled Servicee956e03baMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into devc08fd07a6Update linguist-vendored to add modsecurity files and non patch deps files466c8e584Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev27d3ca1cdautoconf - fix wrong types for dynamic settings410557009Add .gitattributes to override linguist-vendored pathse7498279cRevert Docker image update for testsfe87486f9Merge pull request #673 from bunkerity/devc2db157bbUpdate python docker image to 3.12.0eb8088164Tweak Dockerfiles to make the build nicer202698f41Fix python deps conflicts and update them0eb18cb31Merge branch 'dev' of github.com:bunkerity/bunkerweb into devf12a01410autoconf - update settings from db628068e9aLint files with prettierf3694f0ccAdd prettier as a precommit hookb56cce63fFix codespell typos in README.md87ca17663Fix typos raised by codespelleea5dd9b7Add codespell precommit hook8fbe69261Fix mkdocs.yml file duplicate copyright keycf82e73e9Fix swarm postgres ui integration example6b2df3585Tweak py file to respect flake8 rules508c728b6Tweak pre-commit config and pyproject.toml file + Add flake8 as linter in precommit config75e8c8339Update CHANGELOG.md07676a3d0Use hashes instead of versions in github workflowsf0761eed2Revert "Add fuzzing tests in CI/CD"4babce974Add fuzzing tests in CI/CDa263f1f4fUpdate cron for dev-update-mmdb31a839968Merge pull request #666 from bunkerity/devd8b256167Merge pull request #665 from bunkerity/dev87d2f04ebRemove no longer necessary temp fix for Flask-loginc006e5088Update python deps + Update Flask-Login to include the compatibility with Flask 3.0.0df9bf1f56Merge pull request #664 from bunkerity/dev6b0e623e5Update Dockerfiles to install pip and its deps before the project ones85068bfeeAdd temp fix to support Werkzeug>=3.0.0 with Flask-login5a7f9147fUpdate python deps and update script358905770Fix bunkerweb-ui.sh script with variables not being exported correctly5ed595be6Fix shellcheck tests failinge21e0c812Add shellcheck and gitleaks to pre-commit-config + tweak excluded paths1b7e1840cFix blacklist core tests' requirements.txt file1f90d3668Add a pre-commit-config file and passed all checksf3fc69110Fix typos in Dockerfile when installing python dependencies073e8575eUpdated Dockerfile, python deps and npm package to use pinned dependenciescd4d529d7Merge pull request #660 from bunkerity/devb4a320afaMade ui tests better8ed656068Small fixes on linux paths creating unnecessary folders8fa7adb61Small refactor on how the autoconf updates the config4ec754143Handle changes more elegantly with the scheduler0f7df13dfOptimize save_config script48096d711Optimize the way the UI handles services creation and editionc0816bb11Fix potential cross-site scripting vulnerability in plugins.js in the UI18e5f7bffMerge pull request #659 from bunkerity/devece5ce1cdAdd HTML sanitization when injecting code in pages in the UI4d5002674Extract codeQL workflow to have a separate one + Add scorecards analysis workflow file + Add UI tests for the UI branch1c71572f4Update tsparticles in the UI + remove unused static files685cb9809Update README to fix a few links and add the security scorecard badge65d0aa3a8Merge pull request #658 from bunkerity/dev6e2db5991Add a sleep before changing from cache page to log page to avoid errors in ui tests1db769c32Remove bugged UI tests check in linuxdb99d1687Update the condition that checks the integration in core tests579c80357Update UI starting script and ui tests script on linuxb901d2971Update python depse23f931bdReplace gevent with gthread in UI for security reasons15eef6ef5Try to fix python deps issues with linux and try to have more logs in linux ui testscc0167f42Fix ui linux tests when waiting for the ui to be readyfd4c147b8Update how the scripts wait for the UI to get ready before starting the tests95afba879Change how the ui tests waits for the ui to be readyea5cb0db2Try to fix ui linux test by adding more sleepscb3250e4eFix UI linux test (again)153e9fecfFix bunkerweb linux scripts81b5e80daTry to fix deps permissions with linux ui tests (again)6a162d725Fix linux permissions with ui testsbe5fe2830Try to fix ui python deps in ui linux tests380e609abChange ui linux tests command into development mode93006cf5cFix Firefox installation in core and ui linux tests39f17bce6Try to fix permission issues with Linux and ui python deps94c7c832eFix permissions with python deps in ui linux tests42be334e4Fix permissions with ui tests on linuxcad3012e6Try to fix python dependencies error with test ui linuxa04282d3fFix test core redis with linuxc757f5d49Re generate requirements.txt file for the UI with python3.9052e06022Fix core and ui workflow file for staging testse71b71146Merge pull request #655 from bunkerity/devb90da0f90Add better health check in linux ui tests5c1fafe51Updated CHANGELOG.mdc964d68f9Add more tries when the dnsbl server isn't found78a29e65eTweak reversescan core test to avoid false negative0e9f29cc5Revert "Fix UI shenanigans with python deps"70ab9740dFix UI shenanigans with python deps0303a8f7bUpdate staging workflow file to include core and ui linux tests16d4c1133Optimize the way errors are being checked in linux core tests2ddc8cec7Update dnsbl list regex to accept an empty one6534a429aFix looking for error in the wrong place in test code linux25eb8de01Try to fix a few shenanigans with linux core tests2065d688fFix ui tests with docker checking the wrong containers if healthy87f84d438Add a retry on nginx error in linux core tests99b30af8eFix reverse scan python script1ff2aed68Fix UI docker tests docker compose file48bcb1198Rearrange imports for blacklist init core testae9450d0dAdd whitelist and greylist linux core tests9a17e92d6Fix typos in dnsbl core test2244f734fAdd dnsbl linux testa29ac80e4Add country linux testscff5c7767Fix sessions core test for linux6ae6764f2Fix blacklist core tests docker compose27959e1aaFix sessions permissions issues with python requirements47e8f20f8Fix CVE CVE-2023-380396283ce2ddAdd linux tests for blacklist and bunkernetf3d6f860eRemove old cached files if urls are empty61c8ef73bFix permission issues with sessions core test with linuxbe25ae8e0Fix failing linux core tests + add more logs when an error occur in ui tests33e200f65Fix UI using the wrong database when generating the new config57374ecc2Fix tests ui with linux601f0fde6Fix tests ui linux not starting the ui servicefdb9a7c29Fix errors linux tests permission issuesdf1205882Fix tests ui linux executing the wrong filedb404a62cFix ui tests misconfigurationa0aced3e5Fix tests ui linux workflow filee378be9a9Fix typo in tests ui linux file name + add more logs in ui docker tests432d1587cAdd linux ui tests2ad886178Fix selfsigned job with cryptography not being foundda4390b48Fix python modules version conflict with web ui7bd48203aFix and update python depsce2fa3d36Fix a few core tests for linuxbca36e296Update self-signed job to regenerate the cert if the subject or the date has changed06da40bf1Added more linux core tests84a27a3fcFix DB core test with docker9e3425182Fix path issues with db core test initc90cd7399Fix permission issues in tests core linux91e5528a3Fix already existing tests core linuxaeee38ad3Fix misc problems related to linuxd97326656Fix Database not clearing old services when not using multisite8a6e14d8cAdded linux tests to a few core plugins0ece8fda0Fix permission issues when starting BunkerWeb in antibot linux testse93513224ci/cd Try to fix permission problems with Firefox in test core linux761c01af6ci/cd Fix test core linux shenanigans with Firefox0d9349611ci/cd Try to fix errors with firefox in test core linux094d5d5dfci/cd Fix a few things with test core linux + finish antibot linux core testsfdae4549cci/cd Fix permission issues (again) with test core linuxd59cf1835ci/cd fix permissions issue in test core linux + fix shenanigans with antibot linux core tests43b1a038fci/cd clear out firefox before reinstalling it in test core linuxd192fbb82ci/cd Install Firefox manually in test core linux0239ca64bci/cd test core linux remove dns resolvers override1dd1caeeaci/cd Fix Firefox installation for test core linuxa0516f773ci/cd Install firefox from apt instead of snap + fix antibot core tests for linux480c680f1ci/cd Fix timeout in geckodriver download for test core linuxa94dab208ci/cd fix retry job when downloading the geckodriver in test core linuxd0a1aab15ci/cd Fix perms issues (again) and optimize some things in test core linuxdd0c4c93aci/cd Install requirements and deps in test core linux294402dbfci/cd fix perms issues with test core linuxcd35d35c2ci/cd Fix perms in variables.env for test core linux4cce8385cci/cd fix write in /etc/hosts file in test core linux990b6336eci/cd Fix test core linux with dpkg versioningccc5eb304ci/cd Fix version error with ubuntu and test core linux6a3839040ci/cd Fix tee command not being ran as sudo in tests core linux453cfc2dcci/cd Fix BunkerWeb installation job with linux core tests0b14f8a5dci/cd Fix install command in linux core tests624f4b5bbci/cd Fix path of the .deb file61bc8a3b1ci/cd fix .deb fetching in Linux core testsfa91bf6c6ci/cd change needs and logic in test core linuxb54c7eb61ci/cd test secret inherit for ubuntu private test image30cba0a77ci/cd fix dev.yml80d56fccaci/cd start working on linux core tests69307fba6Fix issues with GitHub rejecting the requests7c5177bf4[#643] Fix UI clearing configs folder at startupb5bd17d4dMerge pull request #641 from bunkerity/devad65e01a8Update CHANGELOG.md1259fb67dMerge pull request #634 from bunkerity/dependabot/github_actions/dev/docker/setup-buildx-action-3b9e752f12Merge pull request #636 from bunkerity/dependabot/github_actions/dev/docker/login-action-3278eb0c8aMerge pull request #635 from bunkerity/dependabot/github_actions/dev/docker/build-push-action-5dec97c8c3Merge pull request #637 from bunkerity/dependabot/github_actions/dev/docker/metadata-action-59222420b7[#640] Fix shenanigans when executing docker compose restart07fb7cf16[#638] When renaming a service in the UI, migrate the custom configurations as wellf83b2278dFix versions conflict between greenlet and gevent with UIe51e17835Update python deps3c95971e3Fix CVE CVE-2023-4863bb7ef35aeMerge commit '35d13d7a097dd094cdbe993f18f29de0b08f1f2b' into dev35d13d7a0Squashed 'src/deps/src/zlib/' changes from 04f42ceca..09155eaa2d96253878Merge commit '4430cf47ddc1f3647b3bc129f46fed2d7a145f8c' into dev4430cf47dSquashed 'src/deps/src/luasec/' changes from fddde111f..4c062870537a2343e2Merge commit 'd8ee65aa70e9737330c8a83301fd66c7dc8a8d7a' into devd8ee65aa7Squashed 'src/deps/src/lua-resty-session/' changes from 8b5f8752f..5f2aed6166752b3647Merge commit 'd7bde18da2a8a81f2d5f256bc975b1fb5b546107' into devd7bde18daSquashed 'src/deps/src/lua-ffi-zlib/' changes from 1fb69ca50..61e95cb43e0a89a2fcSquashed 'src/deps/src/modsecurity/' changes from 205dac0e8..ccc2d9b53af902fc4eMerge commit 'e0a89a2fcd1d0dd4cc103fc054242e8e8b10b7bf' into dev5ec7eb53aSquashed 'src/deps/src/luajit/' changes from 04f33ff0..e598aeb726d3d6c6cMerge commit '5ec7eb53a1fa30beb59d3358f16716483787b02e' into dev0aaede4d6Update core deps955c7e063deps/gha: bump docker/metadata-action from 4 to 58ea823e06deps/gha: bump docker/login-action from 2 to 3a6efa5205deps/gha: bump docker/build-push-action from 4 to 5a6b30f6a6deps/gha: bump docker/setup-buildx-action from 2 to 31144a7381make logs optional in issues, change assignee for dependabot and edit sitemap URL of the docc364e4666ci/cd - disable redirect when pushing docd4f38cc79ci/cd - fix error when parsing ARM typesb6d49865bci/cd - get ARM type availabilityd0a8cc381ci/cd - use volume id instead of index for arm instance30c952e9eci/cd - set boot volume for arm instance2382fdd37ci/cd - start arm server after creation05ecf558cci/cd - use latest scw cli version2b7ce389bci/cd - reflect changes on release tf from refactoringd5d7364b1Merge pull request #632 from bunkerity/dev3adbd8757[#628] Fix scheduler generating the wrong configuration with Linuxfd7950863Merge pull request #631 from bunkerity/dev3ae9636d5Fix error with the CSP header override of the antibotf99349900Merge pull request #630 from bunkerity/devea6ae5253Update ANTIBOT_HCAPTCHA_SECRET setting's regex to support new format5811dc549Merge pull request #629 from bunkerity/dev6404b701cUpdate changelog2b5654ba3Update coreruleset to version 3.3.5c948e449a[#622] Handle configs dir more nicely in Linuxfb5a8dc4f[#622] Fix permissions with folders in linux integrations5f19b3fdaMerge pull request #627 from bunkerity/dev2fce08b72Upgrade issue templates2ed6584ddUpdate python deps hashesd6a14b671Merge pull request #626 from bunkerity/devb3c398cb5Remove jinja2 from requirements.txt as it creates conflicts6334a3d63Merge pull request #623 from bunkerity/dev8ab4ea2e2Update id of ui.conf rules to avoid conflicts11664cc1dFix wrong variable name in limit core tests9535c0414Fix shinanigans with both multiple and global settings not being stored correctly in datastore8cafded89Fix variables that are both multiple and multisite not being stored properly in datastorec6b2199ddprepare for 1.5.2 🚀c418acdcfUpdate CHANGELOG.md9d0d72ba0[#576] Add support for ModSecurity JSON LogFormatcbc625938Update mmdb filesf57fc5d3fFix menu.html dark_mode attribute in UIc7e834a0dUpdate python deps673ee921fLint files9fb8dfca4Fix Scheduler running two times for no reason4787400d7[#615] Fix BunkerWeb not being able to start after a restart because of the /var/run/bunkerweb directory missing in Linuxf59476c26Merge pull request #621 from bunkerity/dev4be53d0cbMerge pull request #620 from bunkerity/ui55ba29cd5Fix UI error when values are empty947690af8Fix UI workflow5cdf0ecf4Merge pull request #619 from bunkerity/uid1dd1fbaeFix shinanigans with the /data volume in the doc1b84c6202[#613] Fix logs with web-ui and Linuxa2e0f1fe6Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev639eed8d0Deactivate BunkerNet on first start with linux500c3564aci/cd - perform staging tests again448efc0efMerge branch 'staging' into dev1b660691dci/cd - fix typos for docker/packages pushese62b7c9d1Remove unused js files in web-uib87316d7cMerge pull request #617 from bunkerity/ui4cff39f49Merge pull request #616 from bunkerity/devbceb28602Lint filesd9d6ed9bbFix settings regex with web-ui01be5baeaMerge pull request #611 from bunkerity/dev059afec43Update rhel docker imagee564d8407Merge pull request #610 from bunkerity/dev2c15b3746Fix rhel typos "el" instead of "rhel"6f26c42c8Merge pull request #609 from bunkerity/devc5059ab22Update doc to include TLS as well as HTTPS in some sectionsa7a317b5bMerge pull request #487 from bunkerity/dependabot/github_actions/dev/scaleway/action-scw-c718eca1fcb9fec1fb1433752d61599c6a0ad2e90681cf2c9Update actions/checkout to v43a02c0ca5Add more delays in badbehavior core test040d44714Change SQLite config to avoid locking07725356bMerge branch 'staging' into dev6a995723cautoconf - fix changes check bug with same variable name47bf7299aLint py files656c5008dscheduler - ignore changes on first loopc206daf9dadd basic config lock between autoconf and scheduler + remove reverse-proxy tests for linuxcf55ade15ci/cd - various fixes for k8s testsd28432e5fFix API_SERVER_NAME regexb5638aae1ci/cd - move k8s login in staging-tests job4450762b8ci/cd - fix image name in k8s tests6e1660cd0autoconf - fix wrong config updatecb4c99f45ci/cd - fix docker tag command for linux tests64d2ed91eci/cd - fix secret key0e2420cffci/cd - add timeout for cleanup jobsfa165522eci/cd - use same md for openssl commandsb03680388ci/cd - remove double untar for k8s testsbae27806bci/cd - fix tf state upload/download again11794da8cci/cd - fix tf artefact commandc52e54b81ci/cd - fix tf files againe5c37a00aci/cd - fix k8s tf9a3c26bf6Merge branch 'dev' into staging56422bca4Update python deps regex for UIee47407dfMerge pull request #606 from bunkerity/dev936b1e88fRemove old CVE fixes for nginx imagef9f5b6570Remove old CVE fixes for python images8e8e042c2Testing CVE on bw1676ebeb7Test CVE on autoconf637573e59Update docker images and python depsc3a4847deUpdate startup and temp env in bash files3db7904d4ci/cd - fix wrong image tag for Linux test images037e1ba56docs - add ghcr.iod6aa6a9b0ci/cd - staging improvements9aba00673Fix oddities with the scheduler and the Databasef7d9af9d6Fix potential infinite loop when waiting for a configuration from the autoconf95c796c1eci/cd - delete temp compose downgrade423e3b4a3ci/cd - log to ghcr before getting tests containers511597b7eci/cd - fix tests image namesbb77dcedfci/cd - edit username for ghcr auth3d0f17808ci/cd - add dummy username for ghcr auth5a9836fecci/cd - fix nested permissionse1edfe4a7ci/cd - fix missing permissions in wfe81ab4ff9Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev87b405340ci/cd - use gh cache for docker cache and pushes to ghcr.io45a81203eUpdate python deps9feb66710autoconf - force updating first configuration3d13cf345autoconf - only update data when needed and atomic changed metadata update00cb6c1a8tests - fix regex for geckodriver version898ee7ec8tests - tweak dpkg before installing BW643b30f99tests - ignore wrong testing version in deb packages69e944d56Revert "Fix LinuxTest package installation commands"2b7f627d8Merge pull request #602 from bunkerity/dev82fb7b277Fix LinuxTest package installation commands1042e546bMerge pull request #601 from bunkerity/dev6d1d464e1Remove tries limit in wget commands (defaulting to 20 tries)b5de52eadAdd more retries when testing the newly created service in ui tests267522749Merge pull request #599 from bunkerity/dev4f82856b4Update staging-create-infra to use a static version for monolithprojects.github_actions_runner == 1.18.1d670b409bMerge pull request #486 from bunkerity/dependabot/github_actions/dev/docker/build-push-action-40b93916a3Merge branch 'dev' into dependabot/github_actions/dev/docker/build-push-action-476408cf04Merge pull request #598 from bunkerity/devf7cd7d9daAdd dependency on tests-ui to not fail to push the testing image8632dd324Fix exit code for ui testsfbf0232d5Update python deps5b6f00dfcRevert "Remove unused imports in ui tests"681def5f0Remove unused imports in ui testsa844b235bRemove geckodriver.log73e31ca62Add wget to fix error with testsd82136f04Fix UI tests not exiting if container fails to start55fd17790Fix wget command when downloading the geckodriver sometimes failsd8c95869eFix database with multisite variablesf24802b21ci/cd - perform staging tests again758fc13c3ci/cd - replace version string for testing releasecd825cd34ci/cd - fix wrong VERSION path for testing releasec03b1bb20ci/cd - update VERSION file for testing releasea5e50d0f7ci/cd - fix linux package name for staging1a57e0a20ci/cd - remove linux arm64 packages pushesde568f335ci/cd - temp disable staging tests244b91247ci/cd - fix syntax error in push-github wf08ce31bb0ci/cd - prepare for testing releases7f47ac18cFix plugins errors when reloading with a select and upgrade checkb6b87fcb0Update python deps8bada2a02Update update-version script and bw version in after-remove scriptsb8778de08use nightly tag for docker-socket-proxyb42b732d7Merge branch 'staging' into devfc1c81ce2linux - add python3 dev dependency when building packages76d36f3b9v1.5.1 release63355bb88tests - increase radarr delay (again)0ecf47876Merge pull request #592 from bunkerity/staging59dfb728fFix DNS_RESOLVERS regex to be more open47c560dd3Merge pull request #591 from bunkerity/devff1e6cc28k8s - use same namespace as ingress for services81c2c3187Fix config synchronization in scheduler + Remove MULTISITE variables being fetched when MULTISITE is set to no7f3f3ac7eAdd delay to radarr automatic tests58d69ec20Merge pull request #590 from bunkerity/dev012bc3b43Merge pull request #589 from bunkerity/staging600ea7e16Update python deps18ee15971lint python fileseee26b5d7tests - add delay for reverse-proxy-singlesitec00157ef3fix wrong instances when using docker mode and add delay to docker-configs tests6047a4335set default value for ports in bw entrypoint, fix core db tests and fix missing PYTHONPATH for certbot jobee2aeda13tests - add static delay for linux tests and fix core db testsbb6fd3073linux - force kill nginx if graceful one doesn't work6e6c08a71ui - various edits5df2a74caimproved LE certificates checks and fix missing full SERVER_NAME when MULTISITE=no843c02370tests - fix wrong command in linux tests8f7833413linux - fix letsencryt not working and fix permissions on /etc/bunkerweb/configs for tests0ccd75781linux - add missing pip to rheladbed77f7linux - install pip the official wayef7a6ac42linux - fix fedora dockerfile31ca183b1Merge branch 'dev' into staginga763879c1doc - update settings03ba91e96autoconf - fix deadlock with k8s38ab5ea21redirect - custom status codeee5397df5bw - add HTTP and HTTPS port to temp config9efd7a5a5sessions - fix infinite loop when session checks fail784ce643fdb - disable connection pooling for one shot tasksf3081e3c3scheduler - fix parent setter call26a1ef689Update mmdb filese2fe947cbci/cd - fix tests UI not showing logsbf9cd367dfix missing Strict-Transport-Policy header, fix X-Forwarded-Prefix with regex URLs and print logs when UI tests failed26f2852e5scheduler - fix typo in fstringe93b2f65fcache dev container images, fix CVE-2023-35945 and force scheduler to reload when instances changef3ba16be9add instances changes check to scheduler and auto push dev container imagesd9394567eadd missing ctx arg in core plugins, always add X-Forwarded-Prefix header and add doc about timezone in containersd59b305f1fix concepts image in doc, revert clientcache update and refactor headersad45bbb4dUpdate python deps and fix error with PyYAML compilationdb03aa9c7Merge pull request #565 from bunkerity/devbb14be820Update python deps updaterbedcf0c17Fix bug with newer version of PyYAML by downgrading68e9b057dMerge pull request #564 from bunkerity/dev810340a49[#559] Fix typos for custom-cert's settings in docs and examplesa4db7c294Fix CVE CVE-2023-2975758901dfcFix CVE CVE-2023-29759216becb5Update python depsdb413cc03Merge pull request #555 from bunkerity/deva4f4dfe4eremove unused imports in save_config.py0d554a5f5Update SERVER_NAME regex to be more openc11b44285Merge pull request #554 from bunkerity/dev25af02e4aFIx prevent the `DATABASE_URI` setting from being saved inside the database9eec9e26c[#552] Fix scheduler not changing databases on linux845364b2bUpdate log paths for linux based integrations3dac0aef0tests - temp fix for compose network errors08f9e5f20Fix bad behavior core tests by adding a custom subnet to the bw-docker networkfccb25beeAdd automatic bw-docker network removal between each tryd6407b818Fix db core tests by making the network bw-docker entirely external1cf281ef8Update core tests to be even more verbose3a714b9a3Update core tests to be more verbose864619542Fix core db tests (again)be46f7a8dOptimize db core tests559039dfdLint .conf files that contains lua code + remove useless commentsaa0769ddeMerge pull request #549 from bunkerity/devae6ccfcffApply patch to luajit-geoiped234fd63Apply post_install script to lua-resty-openssl09ae6da55Apply patch to lua-resty-ipmatcherb516ca2eaApply patch to lua-ffi-zlib1e7f92af8Apply patches to Modsecurity-nginx008dc09a6Stop checking return code of post_install scripts in init_deps.shfcd230192Fix init_deps.shf3809bc69Add -R to pull commands in init_deps.sh96586d4a6Apply post_install script to Modsecuritya75b90f52Squashed 'src/deps/src/modsecurity/' changes from bbccedbdd..205dac0e8948182ffdMerge commit 'a75b90f525b90bd74c090702034e02fdd6250e0e' into dev544b4040eAdd post_install scripts to init_deps.sh and update install.sh6e146e2a5Squashed 'src/deps/src/modsecurity/' changes from 205dac0e8..bbccedbdd847ff5a3dMerge commit '6e146e2a54cb29eb0ac1bc9d65766fe90d30fa4f' into devbbccedbddChange tags into hashes in deps.json14d69fa59Update mmdb filesd5e358b72Merge pull request #548 from bunkerity/deve0055328aFix add missing deps for core db testsc93d5a2fcFix CVE CVE-2023-33165631e2737Merge pull request #547 from bunkerity/subtrees3505c0d18Remove clone.sh file7b566b885Squashed 'src/deps/src/zlib/' content from commit 04f42cecaffd310031Merge commit '7b566b885e99301b243c5f61360e65238035e048' as 'src/deps/src/zlib'45dca7b44Merge commit '2ab324a69f219b4051b2e77d211ee1a7fb1462b5' as 'src/deps/src/stream-lua-nginx-module'2ab324a69Squashed 'src/deps/src/stream-lua-nginx-module/' content from commit 309198abff85f86e46Merge commit 'c1073460677ba8aa2e325a1c57c3db1458f9fde5' as 'src/deps/src/luasocket'c10734606Squashed 'src/deps/src/luasocket/' content from commit 95b7efa9da7d4cc5bbSquashed 'src/deps/src/luasec/' content from commit fddde111fbd600e0d0Merge commit 'a7d4cc5bbaabf8683b3b5cc1f42f9bd145cf1aa8' as 'src/deps/src/luasec'd15662693Merge commit '2d86912af87048b94c2921a60b3a8a5a0953e132' as 'src/deps/src/lualogging'2d86912afSquashed 'src/deps/src/lualogging/' content from commit 465c994781fb404757Merge commit 'f3ceeb73a958e774b1e2fa55d2607cdd3eb419ca' as 'src/deps/src/luajit-geoip'f3ceeb73aSquashed 'src/deps/src/luajit-geoip/' content from commit fde33e045f81788c00Merge commit '2678b91586e9183b47327fbb0f11ad23020f195f' as 'src/deps/src/lua-resty-upload'2678b9158Squashed 'src/deps/src/lua-resty-upload/' content from commit 03704aee42d06f2d7aMerge commit 'bc06cd71b8896c6e7a1aac4610c9c3f878956238' as 'src/deps/src/lua-resty-template'bc06cd71bSquashed 'src/deps/src/lua-resty-template/' content from commit c08c6bc9ea6379356eMerge commit '3038a0b027f09090e1cd8f101d2ee8c52c383070' as 'src/deps/src/lua-resty-string'3038a0b02Squashed 'src/deps/src/lua-resty-string/' content from commit b192878f6fdf0050a9Merge commit 'ee5198ba2810e33e08ff987ede5abe10fc74f6e3' as 'src/deps/src/lua-resty-signal'ee5198ba2Squashed 'src/deps/src/lua-resty-signal/' content from commit d07163e8ca3cd342f3Squashed 'src/deps/src/lua-resty-session/' content from commit 8b5f8752f6f8ff3f12Merge commit 'a3cd342f3e1fffd7b16b83a24e03bb9ed501b319' as 'src/deps/src/lua-resty-session'2f1cde097Merge commit 'eca8662cfe981f66ab92b53bbf83af65da02b2b7' as 'src/deps/src/lua-resty-redis'eca8662cfSquashed 'src/deps/src/lua-resty-redis/' content from commit d7c25f1b30b94df087Merge commit 'e59161ec204c7a95e4751b1c0e9a6bead7fcab39' as 'src/deps/src/lua-resty-random'e59161ec2Squashed 'src/deps/src/lua-resty-random/' content from commit 17b604f7fa28005988Squashed 'src/deps/src/lua-resty-openssl/' content from commit b23c072a438fdd39d0Merge commit 'a2800598825bb5a03b577cca2874ff1cfae863f4' as 'src/deps/src/lua-resty-openssl'c2fa53ca1Merge commit '31bf774f63b8b46a3c7b53028853036fff6fa0b8' as 'src/deps/src/lua-resty-mlcache'31bf774f6Squashed 'src/deps/src/lua-resty-mlcache/' content from commit f140f56667b2273aebMerge commit 'c82b0bdd27762d2d4a9901a187506d2e5abd74f5' as 'src/deps/src/lua-resty-lrucache'c82b0bdd2Squashed 'src/deps/src/lua-resty-lrucache/' content from commit a79615ec93dc8cc87cMerge commit '746a6e16d027ab3bddfc610c987e5d61ab9b69d0' as 'src/deps/src/lua-resty-lock'746a6e16dSquashed 'src/deps/src/lua-resty-lock/' content from commit 9dc550e5662e740a0bMerge commit '19515d9b26f2f4886ca117b91384509087f0ff3a' as 'src/deps/src/lua-resty-ipmatcher'19515d9b2Squashed 'src/deps/src/lua-resty-ipmatcher/' content from commit 7fbb618f7e566b98afMerge commit '7160fd94e3dc22299ee3c9f8b0e71a5e2c1bb501' as 'src/deps/src/lua-resty-http'7160fd94eSquashed 'src/deps/src/lua-resty-http/' content from commit 4ab4269cfcdd42bf25Merge commit '1a7d4e58be28238599df3f5c15c56380c3e99732' as 'src/deps/src/lua-resty-env'1a7d4e58bSquashed 'src/deps/src/lua-resty-env/' content from commit adb294def49db9c24dMerge commit '0f4a0cb0ef514bee6b810f6d6cf982c5ef0abfca' as 'src/deps/src/lua-resty-dns'0f4a0cb0eSquashed 'src/deps/src/lua-resty-dns/' content from commit 869d2fbb0fe76b6830Merge commit 'fd02afef8ec1ceb8a816dc202d05c6ece9887d31' as 'src/deps/src/lua-resty-core'fd02afef8Squashed 'src/deps/src/lua-resty-core/' content from commit 31fae862a36023392aSquashed 'src/deps/src/lua-nginx-module/' content from commit c47084b5d29d135bdbMerge commit '36023392a6e3c8fb6aebb46140db759e61da220e' as 'src/deps/src/lua-nginx-module'b01aa0b15Merge commit '32485e2860c2ea31fcef5b575f446c7a3036a550' as 'src/deps/src/lua-gd'32485e286Squashed 'src/deps/src/lua-gd/' content from commit 2ce8e478ac46cd666aSquashed 'src/deps/src/lua-ffi-zlib/' content from commit 1fb69ca50909841ea6Merge commit 'c46cd666ab76bad7bd05c6261d692cda5b380f32' as 'src/deps/src/lua-ffi-zlib'47ee3884fMerge commit '4f9b885a2e8b7a10653653fee3bb91cf5102b0ef' as 'src/deps/src/lua-cjson'4f9b885a2Squashed 'src/deps/src/lua-cjson/' content from commit 881accc8fbb450ac96Squashed 'src/deps/src/libmaxminddb/' content from commit ac4d0d248e13868c63Merge commit 'bb450ac96595432625ac34de8f7f42b3d06a5b30' as 'src/deps/src/libmaxminddb'772e05d37Merge commit '4a7228d2dcb7fe62526016b90a7c497fb6531e76' as 'src/deps/src/libinjection'4a7228d2dSquashed 'src/deps/src/libinjection/' content from commit 49904c42a209d4a461Merge commit 'ae8d8b233d52cbfdee68bd3ba21713149f5659c8' as 'src/deps/src/lbase64'ae8d8b233Squashed 'src/deps/src/lbase64/' content from commit c261320ed1d1739b4eSquashed 'src/deps/src/headers-more-nginx-module/' content from commit bea1be3bb992710650Merge commit '1d1739b4eaa274c25c52b8ceb79ebdc717633ec0' as 'src/deps/src/headers-more-nginx-module'e43880b08Squashed 'src/deps/src/ngx_devel_kit/' content from commit b4642d6caa09d5eb2cMerge commit 'e43880b08395df25663560da3d8154226a167a77' as 'src/deps/src/ngx_devel_kit'8973eb029Merge commit '26773844e7bd57df1216bd74360a62ec2dc976e3' as 'src/deps/src/nginx_cookie_flag_module'26773844eSquashed 'src/deps/src/nginx_cookie_flag_module/' content from commit 4e48acf1379d1b4459Merge commit '22e69251d9b5cd2611abf77ef7352abfa4d409d7' as 'src/deps/src/ngx_brotli'22e69251dSquashed 'src/deps/src/ngx_brotli/' content from commit 6e975bcb04cd57ab8fMerge commit 'b99663928782619ef854b4bf10a2bf7450d75266' as 'src/deps/src/nginx'b99663928Squashed 'src/deps/src/nginx/' content from commit 84cd72177d7f25398aMerge commit 'a676d333fda890838d8fc4766720cc3f1d4c5389' as 'src/deps/src/modsecurity-nginx'a676d333fSquashed 'src/deps/src/modsecurity-nginx/' content from commit d59e4ad127e8f4adc3Squashed 'src/deps/src/modsecurity/' content from commit 205dac0e8999fb6b8eMerge commit '7e8f4adc3b2b2a655640c73198fb920a5e8441d5' as 'src/deps/src/modsecurity'6c0468f62Squashed 'src/deps/src/luajit/' content from commit 04f33ff06d05b14ebMerge commit '6c0468f62b1120497a6fd0d21101dc41f29e7397' as 'src/deps/src/luajit'1141afd20Fix install.sh for nginx dynamic modules97406bff4Add libinjection deps backa58ad9b50Remove duplicate lua-ffi-zlib in deps831ae129cMake init_deps.sh executable451648fa7Remove old deps temporarily except lua185d75076Update how the deps are initialized6a048e68fUpdate how the deps are managed129e8f7e0Merge pull request #546 from bunkerity/dev265123835Update python depsb0bc9a1bfUpdate the documentation2f7ed064fdocs - Fix typo in webhook link in plugins.md7d6116163Merge pull request #544 from bunkerity/devdeed39a1fUpdate lua-resty-openssl to version 0.8.23dd295729bAdd deps project submodulesb27f38349Update lua-resty-session to version 4.0.4 and remove lua-pack deps as it's no longer neededaeca252d9Bump lua-resty-core version to 0.1.27 and lua-nginx-module version to 0.10.251ec21261cRevert "Init work with submodules"718a9305dRevert "Fix .gitmodules file"a253f4a59Revert "Remove old folders that are now submodules"2e1e9a08cRevert "Initialize submodules"e2f1aba3cRevert "Add other projects to submodules"d9a98c6faRevert "Update commit SHA for submodule libinjection"5ed3ba1d5Revert "Fix path resolution for modules and remove nginx submodule"b529d8525Revert "Update checkout part of workflow to include submodules"43783edb9Revert "Add nginx as a submodule"8417ed132Add nginx as a submoduleded0ec66dMerge pull request #542 from bunkerity/dev6cbbd0d56Update timeout for wordpress tests to 120 secondsd687b228eFix PERMISSIONS_POLICY authorizing self and links to be aside without spacesbcc9fdef9[#533] Fix SERVER_NAME regex to limit domains' size individually instead of the whole setting's value524a140d2[#534] [#504] Update ALLOWED_METHODS regex to accept more methodsa197e20d2[#531] Fix typo in documentation about SSL252a5831bMerge pull request #541 from bunkerity/dev07ed136afUpdate setup-kubernetes of wordpress example2eb73d15aMerge pull request #537 from bunkerity/dev30fec8a14Remove python submodule, will add it back in the next major4b4e0f8b3Update checkout part of workflow to include submodulesc2cfd4dd9Remove checkout from dev.yml642da402bFix dev workflow4bb6d40a5Update dev workflow to checkout the code and submodules first3bcdd9ca2Merge pull request #536 from bunkerity/submodules28d59221bFix path resolution for modules and remove nginx submodulec8e25bcdeUpdate commit SHA for submodule libinjectione1a5782a3Update how the dependencies are being cleaned up68bea47edAdd other projects to submodules2cd5c7f45Initialize submodulesd7d3e2429Remove old folders that are now submodulesa74727891Fix .gitmodules fileb5fffc1f3Init work with submodules8c4c99e65Merge pull request #530 from bunkerity/devddc337394Update log location for nginx and letsencrypt1c362d078Remove the deletion of let's encrypt lib and log folders after the job is finished95c9bad8eRemove unused enums in database model7a972274fAdd database schema to concepts.md in the docs561499536Revert "Update README.md links to use local branch files"4536e328eUpdate README.md links to use local branch files89070cfb7Merge pull request #529 from bunkerity/uid6942a46eUpdate where the scheduler copies its config8a98da898Merge pull request #528 from bunkerity/ui26f831cb4Merge branch 'dev' into ui81f3914fcMerge pull request #527 from bunkerity/dev162198bb9Update db core tests to ignore the added value for env custom configs7a524b43eRevert back to 30 seconds of sleep in tests ui after creating a custom configb007916d6Optimize the scheduler and gen even more (we love threads)0661916ffUpdate ui tests to wait more after creating a custom config2105dc0f3Update core db tests to use the right hash for plugins_page files823119821Fix rare error when hashing dictionaries in the scheduler1e62626acFix KeyError in scheduler57eaedd8eMerge pull request #526 from bunkerity/dev4d984f623Update CHANGELOGd0fd6884cFix shinanigans with the custom configs and plugins jobs8e6de2bdfAugment authelia timeout3565dd7b3Update CHANGELOG.md145df1df4Merge pull request #525 from bunkerity/devdf1359e87Add possibility to download lists and plugins from a file path + Update python deps + Plugins now support tar and tar.gz as wellb756b2d7dLint py filesf57b6dad1fix cursor gap on ace editor91c33f1d4Merge branch 'dev' into uied2a54d16Merge pull request #524 from bunkerity/dev3e871efedUpdate python depsd27edab35Merge pull request #523 from bunkerity/dev9982ec36dRemove useless import80033642cAdd reverse proxy headers back0836d4ee9Merge pull request #522 from bunkerity/dev2a2b7b6f5Merge pull request #521 from bunkerity/staging78236abe8Check Aqua Securityc5ff63a40Fix CVE CVE-2023-313878ef5c482Fix problems when creating custom configs or plugins and removing them completely2c190ee96add writeable /var/run/bunkerweb directory to hardened example94867d0d6letsencrypt - use same job name when retrieving data from db9e00b9dd1letsencrypt - use same job_name for both new and renew jobs9adb209a8lua - fix missing multisite variables in LRUfdd3367a6Merge branch 'staging' of github.com:bunkerity/bunkerweb into stagingdcf156135prepare for 1.5.1 🚀4023e6dc6road to v1.5.1af9e125c8linux - merge change for debian packagerab6025ec9linux - fix missing zope modules7e221eb89debian workingf1435f231Merge branch 'dev' of github.com:bunkerity/bunkerweb into devb14dba775bw - fix multiple variables not loaded in LUA81bb9ede1Removing python 3.11 from linux7e66c577fRemoving python 3.11 in linux236572f58ui - remove python 3.11 import for Linux integrations73060e42aFix limit core testsdf0c03cefFix UI wrong import5d7ef69c9Update limit core tests to avoid false negative855ae8936Update limit core tests to avoid false positive16a1916dbRemove useless imports in lua code + lint605e237fdRemove 404 from Bad behavior status codesfc8d76f33Rollback on hcaptcha passive featurec08e8d151Update settings.md44097cad0Move the COEP, COOP and CORP headers to Cors plugin and change default values3446e5f9bUpgrade antibot to add a custom CSP on each pages + update plugins order70f227febFix error with multisite variables when requesting default serverf81b0bb4dFix multisite variables not being added in helpers978697500Fix has_variable method of utils5b0b183a4Remove no longer needed decode for plugin order from datastorea2759e377Add small tweaks on the datastoreb6d879257Fix how we fetch plugins_order in the default server94964a910Update how we handle custom configs6a1ff499cFix Lets'encrypt plugin api and internal API179a7aa34Fix lua sessions with antibota1385fe9bfix ctx usage in reverse proxy + remove useless log in limit23f9f14a4Remove old CVEs fixes from Dockerfilef77150bc2Test Aqua Security CVEsec48e6601Fix return value when no plugins have been found in api.lua6ab48d9ddUpdate python image to tag 3.11.4-alpinece24a0482apply changes to current core02d940393perf - ctx caching and per worker LRU for readonly variablesa7069bd60Update UI to stop using env variables but werkzeug middleware + Send X-Forwarded-Prefix headers to UI servicec39dd78aeUpdate cors plugin tests3b459b0e2Fix shinanigans with API (again)718310312Fix shinanigans with the API5deeacc3dFix letsencrypt jobsc18f743d4Fix PosixPath in jobs85a53278eAdd a charset to cors Content-Type headere01c14f11Add Cross-Origin-*-Policy headers management and default values0b3c1a8a0Update KEEP_UPSTREAM_HEADERS setting's default value95f673c1dUpdate doc about headerscee7672b5Update settings.md in the docd5ea95da9Increase load-balancer example test timeout39e6821a4Lint lua code64aa12b70Update python depsc392a0b5fUpdate mmdb filesf93dd34f6Extend KEEP_UPSTREAM_HEADERS setting to clientcache and reverseproxy core pluginsa23d189d3Merge pull request #516 from bunkerity/devdf47ba0e9Merge pull request #515 from bunkerity/dev0ca7de1deAdd CVEs fixes back84fcfb726Test Aqua Security 2c20bd05d3Test Aqua Securityc85a4183dFix Strict-Transport-Security not being sent654172f43Update headers core plugin lua codeafe6da4cfAutomatically add Content-Security-Policy header to response headers in the UI5c7cd38b5Edit headers core plugins to use lua Code + Add new setting KEEP_UPSTREAM_HEADERS299a0b5c2Remove apk update at beginning of each Dockerfile6cc20efe7Update bad behavior test BAD_BEHAVIOR_COUNT_TIME to 30 secondse2a3bfb10Bad behavior core tests change the ban time to 60 seconds4bbddf797Merge pull request #509 from bunkerity/dev1eeefead9Core tests sleep between each request9829ef752Update UI to automatically set SCRIPT_NAME and ABSOLUTE_URIb27958a19Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev410a64810core - patch modsec to use access phase instead of preaccessf7d986d6aChange the way linux starts and the scheduler95d4f0f87Small tweaks on core jobs4f324231dFix tmp variables path (again)dc18f9884Edit start.sh3b36965f4Fix tmp_variables_path in schedulerccc051e78Fix /var/run/bunkerweb in fpm args8b2517cdfRemove ui cache download test - to much unstabled1138855eFix gunicorn config for Docker and Linux0c8bc97faFix UI on Linux not using the right usera68fb0c06Refactor to make more sens and avoid specific errorsfff21746aCorrecting: Dockerfile-ubuntu End of statement block Jinja3ab4a59b6Update debian Dockerfiles to avoid updating apt packages only once760ec3b3bAdd /var/run/bunkerweb removal script when uninstalling BunkerWebbe459d240Update pid files paths to /var/run/bunkerweb8b697d87dFix Scheduler errors with the internal apis89a3c8b0bUpdate bunkerweb-ui file according to the new gunicorn usage5e237d0d0Update gunicorn to use a config file as well + Fix headers error + Small fixesa424d59b1Add apk update at the beginning of each Dockerfile1d14db7e1Update custom cert job to not duplicate certs if the cert is global7efb82a7eUpdate python depse920cba43Fix CVE CVE-2023-2650413b75b04Fix customcert plugin to accept multisite certs as well87a9545d9Merge branch 'dev' of github.com:bunkerity/bunkerweb into devc53394845various fixesaca0d6da4Small refactor on the ApiCaller and the Scheduler1bd40a877Removing vmware support in doc612333d2aMerge pull request #508 from bunkerity/dev474ecbb41Fix typo in phases list in plugin.lua5fa21b3c8Fix CVE CVE-2023-2949116a459bf7Lint antibot html filesfd06a1e71Add Turnstile antibotd5e64320cFix small typo in misc.lua4d6d95037Merge pull request #507 from bunkerity/devb60657e21Merge pull request #506 from gin-gitaxias/patch-31f2c973a3Fix docker-compose file for custom cert jobb314f4349Update integrations to add LOG_LEVEL=warning env variable to docker proxy0edfb2db3Update example to add a LOG_LEVEL=warning to the docker proxy83413aef2Remove open ports from core tests docker compose files334be4346Fix custom-cert core plugin953128be6Update scheduler changes check to reduce CPU usagebb7dcda48Refactor paths resolutions for core plugins108827952whitelist - remove unused IPs of duckduckgo crawler665b110c6[#504] Fix ALLOWED_METHODS regex5a2aa20bcUpdate plugins.md168dfc439Refactor paths resolutions for UI + optimizations on the plugin upload6e80c7b8dFix variable being ignored instead of saved inside the database when the value is empty8dad7a0b7Starting work on paths resolution refactorb5a78c3aaTest Acqua Security vulns (2)ed6bee69cTest Acqua Security vulns3dba058b4Fix custom configs not being cleared out once createdd9b093dabFix plugin example in documentation162f1d978Merge pull request #502 from bunkerity/ui1f2fa95e7Remove useless line in the head.html file + lint HTML files1cd356781Add multiple plugin upload in one compressed folder support for the UI29673f918fix font180493616Fix CVE CVE-2023-19997fe7a997fMerge pull request #501 from bunkerity/ui5b75894d4Fix UI latest version checking & Fix conditions in quick settings for services1f6b3d59aMerge pull request #500 from bunkerity/dev548630e3eUpdate python depsaa299f085Update plugin update and add to get only the necessary keysf0126b6d6Fix update-check job8585007bcdeps/gha: bump scaleway/action-scwa7535c300docs - fix yt preview in readme340b4a492change arm server flavore7ea3952bui - add missing dep for docker/x86a586b5b6bdeps/gha: bump docker/build-push-action from 3 to 43b7d8b6c1Merge branch 'staging' into dev6666a25fcedit version, update images on docs and fix bug in Linux scriptf84af3402Add error ignoring when using the rmtree function0b082bdabAdd handling of stderr being None in the scheduler1f2b550f6ci/cd - fix swarm examples and init work on release workflowd5fcc6969Merge branch 'dev' into stagingeda275589Merge pull request #485 from bunkerity/dev7506768c4Merge branch 'ui' into devbe3d40f18Fix CLIENT_CACHE_CONTROL setting's regex to also work with JS41059fb28Merge pull request #484 from Hado-K3n/patch-1688f85b282Merge branch 'dev' into patch-16e5e031b6bMerge pull request #483 from Hado-K3n/patch-152dbadbd29Merge pull request #482 from Hado-K3n/patch-1495c7b5410Merge pull request #481 from Hado-K3n/patch-1300739a5abMerge pull request #480 from Hado-K3n/patch-12a9f4be475Merge pull request #479 from Hado-K3n/patch-11f85f73678Merge branch 'dev' of github.com:bunkerity/bunkerweb into devf1efe06e9ci/cd - fix /opt/actions-runner perms for self-hosted runnersad71be460login now use local fontdcb800d2bUpdate k8s.postgres.ui.yml5a7f7f3c6Update k8s.postgres.ymle1f60127eUpdate k8s.postgres.ui.yml7553ffb63fix client_cache_control regex9324648f2Update k8s.mysql.ymleafe006a6Update k8s.mysql.ui.yml62a8ec975Update k8s.mysql.ui.ymldfcaba9adMerge pull request #478 from bunkerity/dev737b999cdSet CLIENT_CACHE_CONTROL setting's regex9339af44cMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev78f7570e1core - Fix bwcli condition when checking bans40e30ed44use shared redis connection pool in cachestore when we cand6ca98ed1Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev10a4cefd0update lua-resty-openssl deps and replace nginx -s calls with signals97723185bcore - Add bwcli testsab3b3ea8fui-tests - update waiting time after creating a custom conf5adec84d5fix redis not contacted in subsequent phases and reflect changes on stream configs1624c4e76Merge branch 'dev' of github.com:bunkerity/bunkerweb into deveea6d32cdshare common objects during the phase and add threading to DNSBL and reverse scan99f8f69faMerge pull request #477 from bunkerity/ui9b58b397cFix ui tests (again)ace88d865Fix plugins fetching for the UI69b35636eFix UI tests (once again)5dfe35b7bUpdate how the plugins are being fetched by the UIb75690fdfChange the way python deps are installedb19ebbe6aMerge branch 'dev' of github.com:bunkerity/bunkerweb into devc0c646aaeMerge pull request #476 from bunkerity/devedd6e2dedimproved session management and add IP/UA checksc7ca5a822Fix Database overriding services_settings if a global_value is sete1883a04bMerge pull request #475 from bunkerity/devaf19cc226core - Add redis tests0087ae583Update python deps8133c134ecore - Fix db tests by removing "order" key checkf725d0fe6Update keys name in datastore05c478e83Edit COOKIE_FLAGS regexb5aaf6266add forward reverse DNS to whitelist, disable redis in cachestore when sockets are not enabled, fix typo in cachestore and improve dns/rdns caching8a8dd6fb7db - remove order from plugin model93c766e56Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev179beea4dimproved core plugin execution order1d126e1d0core - fix cors tests with the preflight requestdbb884099core - Update allowed_methods test method to GET62cb85453core - Remove cert verification when testing allowed methods in misc tests04919e8a0Fix multiple CVEsb32f31891Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev4962f786bfix wrong env parsing in init phase, bypass modsec/crs when method is not allowed, refactor ALLOWED_METHODS and improve error page management10bdf551acore - Add misc tests7158e7e9acore - Optimize cors tests3f51f59bcAdd check when plugins are configured + Add Semaphore to accelerate jobs execution + Code optimization4c4fa44fbci/cd - fix core/cors tests84d43c84dMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into devb58798746Update mmdb download to check the checksum at starta9be973d5use PCRE regex instead of LUA pattern and edit cors doc4378f18ccfix typo in bunkernet.lua, add missing Origin header in cors tests and fix allow origin expected value7d84e03a1fix header plugin phase not called for internal request (fixes CORS), fix bunkernet init_worker bug where ngx.ctx.bw is not available, add CORS_DENY_REQUEST setting and edit values for core/cors tests838662141Lint Lua code36fdec105core - fix sessions testsab54b18e0core - fix reverse scan cache retrieval9c6ca6a86cors - various improvements991f7ff8dFix tests core reverse scan wasn't using the image9c77f77faFix test core DB9ee74aef4Add up back when retrying to up the stack + remove useless print7bf4c11bcWhen docker up fails in core tests retry one time82aadfa38Update core db tests to add the settings.json file and optimizations2a78d2c05ci/cd - perform all core tests even if one failede3fc55be9deps - add missing hash for python dep async-timeout5f668aecaci/cd - fix syntax error in test core wfe5e336c4fMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev9a2e37984ci/cd core tests and antibot refactoring2ac77ee49Fix deps not being synced394f5fe4bMove back to images in the whitelist testsb06210bdfRemove unused files in tests coree6bb9fb55Add tests for core plugins29f020f15Update python deps051923b6ffix deprecated external network in compose files, various fixes in the documentation and add ipv6 to doc2e1296d9ashow useful info in BW logs after startup/reload and reduce container images sizea686562f1performance - cache empty rdns resultse36c743c7performance - cache dns responses75f3d6490init IPv6 support, add missing healthcheck script in UI and purge local cache on inita258612e4add global data on settings filterbc3ea0ed3change select method checkab71c484eadd global condition for disabled state5c415afa1various fixes - ttl on /bans api, dnsbl undercover bug, greylist, whitelist and wrong path in realip job5c50f57f1Revert "regular inp and multiple global=true are enabled"9ceaaa874regular inp and multiple global=true are enabled3dde3ac0aFix no longer save SERVER_NAME when MULTISITE is set to "no"c01b493c9Increase compression level of tar files being saved in the database4f4a8b508Fix default global values being added to database when MULTISITE is set to "no"408806718Add external plugins being updated at the start of the scheduler402ff16c8Add "global" key to settings when fetching methods as welldcdb43cf0Merge pull request #473 from bunkerity/devca8c56aaaRemove unused function in UI src.Config905946463Fix scheduler restarting for no reason when having an external database8a308b1a8Fix database not providing the right SERVER_NAME setting valuecf26d7aa2Fix database saving default values to global_values when multisite was set to "no"8bb6f63faMerge pull request #472 from bunkerity/dev64789276aUpdate python deps30194f959Fix Access-Control-Allow-Credentials not being set to the right value when deactivated50ee37db0cors - refactoringb8d89fe79Fix customcert plugin63f4e44c6Fix CORS when sending an OPTIONS requestac2e4dd64Merge branch 'staging' into deve14475de4ci/cd - fix missing version in linux package name136f68cd3ci/cd - fix typo in beta wfd83730cf7ci/cd - fix linux package name in upload/download stepsae042854fFix blacklist download jobs where ignore urls were not being downloaded86053d3dcUpdate RDNS regex in jobs filesb2e26fc8fRevert "Revert "Update RDNS regex""48354fb26Revert "Update RDNS regex"a544f18e2Update update-check job to add stars so that the end of line showsc6f304b37Update RDNS regex14ca85cdbci/cd - fix package.sh name in linux build wfdc1cb6a6fci/cd - fix scp command in linux build wf73acbe085ci/cd - fix typo in linux build wf45c90527cci/cd - fix linux package generation when arch is ARMf4590749dlinux - fix arch in rhel package image141f5a1d5ci/cd - fix typo in beta wf (again)6e82fde8aci/cd - fix typo in beta wf00ba46ebfprepare for 1.5.0-beta update9a1c09c56Merge branch 'staging' into betadf787c75dlinux - add pcre dep to fedora package93e567bb6linux - fix fedora deps name and add architecture to fpm config8b6d788c2ci/cd - fix bitnami chart values541b64698increase drupal delay time for tests, fix tmp dir not created for realip-download job and fix has_*_variable check when multisite is yes59324526cspeedup build process for python deps and fix default env value for autoconf/k8sa58e5c60cdeps - upgrade python dependencies27b1dddb0linux - pin pip versionfd056102dfix centos repo command in rhel dockerfiles and fix delete infras order for staging wffb0373343ci/cd - use single quote in linux build wf43cbc79c7ci/cd - move ARM_* to secrets in linux build wf7592e5a84ci/cd - fix typo in staging.yml39ace8175fix load-balancer example and add server_name to cache keys when required48d7e72e5Merge branch 'dev' into ui66921b007Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev819ad60a4fix hcaptcha antibot and refactor ci/cd for staging20913808cAdd .mypy_cache to .gitignore filea086ff690Merge branch 'dev' of github.com:bunkerity/bunkerweb into deva286e7bd3fix wrong container in autoconf/k8s, init work on linux arm and ci/cd refactoring5a233ff90Fix Database model types18b3d7148Update db model to use SmallIntegersb36cd924fAdd `bw_` prefix to database table names63ce1afcdHandle errors more gently when API requests failsd4934cfeeRemove test-ui service in the main docker compose file as it's been extracted500d58e50Separate the compose file back21dc67b68Update test.sh for ui-tests an the compose file75d2be7dbUpdate tests-ui to fix them041b7f71eUpdate ui-tests to make a valid password1245b8b01Update regex in ui + Add regex module to requirements913e9a2c2Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev97dc6540eci/cd - fix typo in dev wfb75ba601bMerge branch 'staging' into dev573fe8feeChange UI admin password check to a regex51514df57Remove not needed file in linux scripts9ff64426bFix ui tests with the external plugins74fe9d5c1Lint jobs py files97b362bb1Fix let's encrypt error when deactivated964d31893Fix wrong attribute value when checking for external plugins914686e78Fix often occurring bug when testing the web UI58db1352fRevert "Fix often occurring bug when testing UI"987af951dFix often occurring bug when testing UI1c74c5d8dci/cd - refactoring1cc9f5773prepare for v1.5.0-beta fixesac94e5072fix double .conf suffix in custom conf, migrate /etc/letsencrypt to /var/cache/letsencrypt, fix bunkernet jobs and lua code and fix reload for jobs773874154move /etc/letsencrypt to /var/cache/bunkerweb/letsencrypt (wip)75ca603b7WIP - fix bunkernet and missing reload for scheduled jobs027605452Fix bunkernet initial message when checking connection + add TODObddfb58a0Merge branch 'dev' of github.com:bunkerity/bunkerweb into devc7ab00208Merge pull request #462 from bunkerity/testmmdbef551846bci/cd Update mmdb - Let only the schedule and change branch to push onf41c096ecMerge branch 'testmmdb' of https://github.com/bunkerity/bunkerweb into testmmdba7b7c2031ci/cd Update mmdb - Add check for curl commandsfb5529566Monthly mmdb update0afb250b9ci/cd mmdb update - Changed branch to push on019a927b0ci/cd remove secret required for auto mmdb update283a63f16ci/cd try fixing workflow auto download mmdb42707ad46ci/cd test mmdb updatecd57eb423ci/cd - fix automatic push of doc01fbacf0fci/cd - fix pdf path for draft release + fix missing git fetch before deploying docd693d065fci/cd - allow to update release tag, add PDF to release and fix multiline CHANGELOG in releaseaa2ada0a0ci/cd - update git user/mail for push doc wfa47d7df40ci/cd - execute apt install as root for doc to pdf workflowc4093a2d7ci/cd - increase ARM node storage01e599493ci/cd - concurrent builds for ARM + fix version string for RPM packagesaaa070165linux - fix VERSION path in package script0b93c6e10ci/cd - add more cores to ARM instance88db3fa34ci/cd - fix build rhel var5c01bd3f7ci/cd - various fixes for push workflows604d4c1a0Merge pull request #459 from bunkerity/devbed6d742fDecrease the compression level when sending configs to BunkerWeb57cb6e9c4Update python deps0d1580cffSmall code refactor of the jobs and the scheduler's function that generates configs766ca0e9cMerge pull request #458 from bunkerity/dev0ab07678dMerge pull request #457 from bunkerity/ui5412e6d24fix logs checkboxba7422218ci/cd - fix push workflowsfda2948e0ci/cd - fix typo in push docker wf59e5b1d54ci/cd - fix push workflows7ca7d7847Merge branch 'beta' of github.com:bunkerity/bunkerweb into beta939545644add missing postgresql-dev build deps for ARM images0b5746abaci/cd - add missing inputs for build arm94dc501c1ci/cd - remove load image in buildkit for ARM archs because of docker limitation8ffaa7cf7ci/cd - force shutdown when deleting ARM node6e99e7a98cicd - fix docker buildx arm driver2eef2b8bbci/cd - fix variable share for ARM (again)406c686e4ci/cd - fix variable share for ARM6cecc70c3ci/cd - fix ssh command for ARM builder2f992baabLint py files with black7befd927dUpdate python depsa4ae0d517Update cached mmdb filesc3d0d7ca7Add workflow that automatically update cached mmdb filesd4ceb7c10Remove dev comments for ui testsb37c86e62Fix ui tests problem with the logs pagea7b07c959Fix wrong condition when fetching the logs on Docker3b237ed3cFix UI testsa55a0df5dci/cd - remove useless condition in create ARM workflowae33ca52eci/cd - fix wait-on variable8867eb23bci/cd - fix wrong json keys from scw api1b79e291eci/cd - various fixes for arm build98ce5041dci/cd - use fixed sha1 commit for scw action in rm arm workflow66d7216dcci/cd - fix typo in create arm workflow45fa4d1c2ci/cd - ignore /root/.cargo dir for security checks, use fixed sha1 commit for scw actions and add missing deps for ui/arm9cd13990eci/cd - pass ARM ID as secret266383abbci/cd - dynamic arm build node4e0d2fce5add missing dependencies when prebuilt crypto package is not present823c09195ci/cd - add missing var for ARM buildse71dc132eci/cd - fix typo in container build workflow0db5f7cf0ci/cd - fix typo in beta workflow4bfc5b693ci/cd - fix wrong cache name in container build workflow93d0a991aci/cd - fix typo in push doc workflow1c178ed75ci/cd - fix version output for beta/release workflowsab7e1f624ci/cd - add missing runs-on in beta/release workflows0f499c9d3ci/cd - fix typo in push packagecloud workflowd0f6d59f6road to v1.5.0-beta 🚀408662869ci/cd - fix typo in doc-to-pdf312757594ci/cd - fix typo in beta/release (again)11f86ea75ci/cd - fix typo in beta/releasead1606742use proper links in docs, automatic doc push and add pdf to releases08e1d157dFix ui-tests by removing no longer present checksc8908695bRemove unnecessary prints641a27f5eci/cd - remove useless needs for ui branch468407081ci/cd - fix typo in staging workflow6784bd691ci/cd - fix wrong condition for container-build workflowef1897de8ci/cd - add missing needs to tests-ui staging9815f22d7ci/cd fix typo in container-build workflow65c6e48e9Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev14a4db8bduse current_bw_version for docs, add automatic tests to ui branch and fix letsencrypt permissions for linuxf6b8d23fbFix ui tests by editing the attributes name to the new ones58fd04430ci/cd - fix typo in staging.yml54a17c775init work on CI/CD for generic beta releases, remove useless autoconf examples and fix linux postinstall script4f2c58bd7temp disable authelia test for k8s and add missing folders for LE on Linux5e4ce4579various fixesfa67c5d7bci/cd - fix missing arg for copytree04db308c9ci/cd - edit staging workflow5d2045803ci/cd - edit staging workflowe7717ba7fMerge branch 'ui' into devbbaaad848docs - last polish0658230e2enhance responsivef5c28b27dMerge branch 'ui' into dev575312336harmonize all titles dark color2f336be77enhance file manager and jobs svg81a37a377enhance actions btnsc3119f04edocs - pluginsffa91933edocs - add YT demo5741dce6dMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev7695a839fdocs - web UI5fe0e0bfdMerge pull request #454 from Hado-K3n/patch-78c71f7d27Merge pull request #455 from Hado-K3n/patch-8124378d7cMerge pull request #456 from Hado-K3n/patch-9c6a184d90fix ui integrations and fix stream support in dbd8b7db167merge from uiddd83a808docs - add stream support info and plugin description to settings page289b58567docs - add stream support info on security tuning page4dda54a11enhance style0ca473c69fix style issue between load and page transition1145b798ffix filter setting from custom selectors63e7ccf13better centering loading logo with text001a63efccontinue custom selectors + fix script + style4144faa93fix create service issue + remove stash72bc9e4bbstart creating custom selectors98de3fc2fdocs - quickstartf118f992fmerge from ui5285a2f4aforce stash1d354c9c6docs - quickstart (wip)55a7c8feeforce stash64a9fe4dbfix checkbox + style issues + script duplicatea90d9e627ui - fix default value for inputs7e1efcbc6Merge branch 'ui' into devb5f0fe856docks quickstart wip01d8c65c9remove hidden input checkbox + fix scriptb7f63450eadd special method for modebc47f1fa5Merge branch 'ui' into dev7089e8b4dfix checked stated4fd4c473fix checkbox + templatedb5789fcbMerge branch 'ui' into devab20f83b2Update k8s.postgres.ui.ymlbbea8ba3fUpdate k8s.mysql.ui.yml9a2005d1aUpdate k8s.mariadb.ui.yml9512de630docs - quickstart guide (wip)956a7bd23Merge pull request #453 from gin-gitaxias/patch-2f8c5543fdUpdate plugins.md667bb3003docs - quickstart guide (wip)6b76596a8Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev78c2e16eaadd missing cluster config for ui/k8s and start quickstart guide doc1e6cfe8b0fix filter disabled issue + reset on modal open574ecbd6bLower the environnement variable for the modeaa3ce13a8Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev6f39fce6ddocs - integrations92fc5d981Remove ascii art showing in UI logsae7e3ddd9Fix how the ApiCaller is initialized for UI instancesdf94bc4afMerge pull request #452 from bunkerity/devbf29fa2f9Show how many plugins there are correctly in the home page509bd21b0Add log when deleting plugin1530745a7Merge pull request #451 from bunkerity/uia87abf3ceupdate home dark mode + variable8a5836dd9add popup darkmode3a4a6ee5fnew service doesn't force method="default"1321a76c0update service submit name for new or edit action53e145b91show method involved in disabled setting on hoverceec21faaupdate web-ui INTERCEPTED_ERROR_CODES63ba00180Fix logic when saving a service in the UI479f18b17Merge pull request #450 from bunkerity/uiab43bf84aMake it so the UI and the scheduler no longer run as root in Linuxa7849a6e7Fix mic mac with config files and UI9009859aaMerge pull request #449 from gin-gitaxias/patch-10bf2116c4docs - concepts3616a9f20Update security-tuning.md435aae7cfdocs - index and migratingc0e649d68fix logs + select custom1c3bbf1bcstream - add example and fix ssl support37ebde363fix logs and plugins dropdown + marginb64e55f75Add bigger timeout to loading.htmlda4bb8dceFix condition in helpers.luaab509c270Fix UI with Linux6916a81c5bunkerweb is now W3C friendlyc7bc493e3stream - fix various errorsbc1dbe18aMerge branch 'dev' of github.com:bunkerity/bunkerweb into devbd577cfb2country fix (again) and init work on streama829528c3Add bwcli to scheduler and fix it for the autoconf9d829ebcaFinish updating bwcli94b97a6bbMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev780c0c8c5api - fix errors in calls and use ngx.ctx instead of ngx.var5fb0be70aMerge pull request #447 from Hado-K3n/patch-66843902dbMerge pull request #446 from Hado-K3n/patch-53419dca98Update k8s.postgres.ui.yml38c71cf94Update k8s.mysql.ui.ymlb7c260561[WIP] Update bwcli995ff250fUpdate python deps + add redis for the gena04490b47Replace unnecessary import5112ed46eMerge pull request #445 from Hado-K3n/patch-48558785b1Update k8s.mariadb.ui.yml95e64d6c8bw - fix black/grey/whitelist rdns check and country check8ea94a2e4Merge pull request #444 from bunkerity/dev9f1405d69Remove unnecessary {-raw-} in index.html when loading9a2f7e9abMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev93b471444Add marging to antibot files hcaptcha and recaptcha93c0cd437Merge pull request #443 from bunkerity/uie7d61a67cupdate antibot and default template5d05eaeaeMerge branch 'dev' of github.com:bunkerity/bunkerweb into deva77d233ecbw - add zlib dependency9a69ca135Merge pull request #442 from bunkerity/ui823c12823fix SERVER_NAME + fix delete form + enhance52806afe7Merge pull request #441 from bunkerity/dev2ea726c22Merge branch 'ui' into devdffc770a9fix and enhance12f8b8197bw - add missing lua-ffi-zlib dependency, fix syntax error for white/black/greylist, fix error for dnsbl and fix limit request not working in local mode4871a2104api - add missing ctx fillbcc5e6bb5bw - add missing json decode in api and add missing require in country83428d6ccbw - fix resolvers nil error when doing dns checks7eefcb8f8antibot - manage direct access to challenge pagea372ffd52fix invalid session error handling and remove debug log in whiteliste55912b34Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev5f9f1e54fload inline multisite values for white/black/grey list core3b4882d82Revert "Remove no longer present CVEs fix because these are already fix in the images"c2e0e5106limit - use atomic script for redis case4bc0771d9Merge branch 'dev' of github.com:bunkerity/bunkerweb into devedf7e06e0various redis fixes and display ready loga93d9a7d9Remove no longer present CVEs fix because these are already fix in the imagese4465d9a1Fix jobs cache when a database is usedc9af9457eFix wrong condition when sending files17a3d933bMerge branch 'dev' of github.com:bunkerity/bunkerweb into deva60b6f3adbad behavior - fix 500 error and do not pass objects with another lifetime to timersc0e8e93abFix documentation mistakes when soft merging 1.4 into devf1a868c66Fix when the cache from jobs is saved into DB + sleep 5 seconds when waiting for the database for the UId32102376Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev510938fc2antibot - fix bugs related to sessioned9605c10Update python script that generates settings.md3dabd42dfUpdate python deps834fbaf01remove antibot back btn + update raw95c231515antibot - various fixes, not fully fixed yet56028b087update antibot / loading / default page502d4fcc0Add back the fact that we don't download the mmdb country if we don't blacklist or whitelist a countryccd56d3b6change antibot and misc template stylec949c0232Update the security tuning's blacklist category according to the settings671543e6eAdd more ignored variables for missing setting name warningdbd5739abFix wrong setting names under `Custom certificate` category5f26ebc69Fix php-cookie-flags examplebba26b548Reorder core plugins to stop having the warning at startupdb166c434Add small fixes and lint to the error.html page08f3d93abUpdate jobs will now also check and save the cache in the db63b1fb947Fix CVE CVE-2023-1255d5b11b8bbMerge pull request #440 from Hado-K3n/patch-392744c091Merge pull request #439 from Hado-K3n/patch-2d46337f60Merge pull request #438 from Hado-K3n/patch-19b52a5c3cclusterstore - various bug fixes3f9d606e1Update k8s.postgres.ui.yml7e2f53c8cUpdate k8s.msql.ui.yml1f5d8bfabUpdate k8s.mariadb.ui.yml7a7d83a75various fixes for redis/clusterstore - still WIPa5e08e1c6refactor of session management0fdb108fecore - do not execute init() if BW is in loading state00b50c162various fixes for core plugins4ba5d6659use ngx.ctx to store common values860cc1a92Merge branch 'dev' into ui881d3a00dfix git issue on windows76a2ff656Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev28ef546a9refactor - start to use ngx.ctx for per-request dataed495b99fAdd CODE_OF_CONDUCT.md0bd3e273bUpdate compression_level of sent tarfiles to 5 instead of 9348ab7a1eAdd feature that allow the copy of code blocks in markdown + Update copyrightcf2938bf2Update web-ui docs according to the next major version79a46e2cfUpdate the logic behind the check for linux os9a325c7a9Add new check for integrations in BunkerNet job707256076Add now the scheduler will pass his own env as well to jobs9578ace02Remove not used INTEGRATION file in BunkerWeb container8c919c676Update links in the home page of the web UIad64ce22eRemove no longer needed packages that were fixing old CVEs29cb6fe16fix header phase and fix error templated3d18e15aMerge branch 'dev' of github.com:bunkerity/bunkerweb into deva83254bf2fix wrong log in access859343e18Merge pull request #437 from bunkerity/dev50829293cMerge branch 'ui' into dev8e22b1f21Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev9849ce10cfix wrong error check on phases and add missing ttl for *list cache items3b5c083fcSoft merge branch "1.4" into "dev" + changing versions4d95e32f1update error page1da4b78f0Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev915b51c3bfix error pages for default http server535f1a055Merge pull request #436 from bunkerity/staging0afe038aaWIP Ui3b6c3815efix default-server-http.confb5fa473aeMerge branch 'refactor' into staging2fddbd862refactor - disable asn checks for non global IPs, use resty.template with antibot and various fixes8d63e3974refactor - fix various errors and add missing dependencies23725d483Update prod shields.io link in README.md303f380c7Update demo.gif file3c375039eOptimization on the download of mmdb filesa7773dae2Update intro-overview.svg5eb884fe9Fix bug when showing cache files for services in the UI3fac889ffRemove no longer used modsec rules for the UIc3106e70eUpdate README.md and edit the demo GIF + edit the .prettierignore file928ed2d6crefactoring and road to nginx 1.24.034ab94640Update python image in Dockerfiles + Add gevent to requirements for the UIaa96c8503update css649d29b05change news base url217d1aa50enhance style + menu scripte6ff51e20Refactoring and Linting of py files and json666b7a1barefactor - blacklist, errors, greylist, letsencrypt and redis496edb83aAdding thel documentationee83cea7fAdd ascii art showing randomly when starting6d1914d62Update python deps648f15e42Add new core plugin update-check2075a5d4crefactor - badbehavior, blacklist, bunkernet, cache, cors, country and dnsbl5dd52186bFully adding vagrant in the doc3a03f07f1Changing vagrant integration64997bae8Adding vagrant integration03ec271e2refactor - improve clusterstore interface and automatically retrieve variables for plugins29c57915cantibot inherit from plugin840c29568continue work on refactoring1ec83f256renamed session to sessions8c2908157save workafc0ac198init work on refactoring4cd3fc644Merge pull request #434 from syrk4web/stagingbfc872be2change flash logic when login049e9c1eaUpdate python depsbf9b94ebfAvoid Autoconf from running in root92e698458magento - fix docker example (again)a771bdb18magento - fix docker example7c21b3da2deps - update lua-resty-session to v4.0.3d4fae4b57session - add missing settingsa85044220init work on redis session986f506e7add missing API_WHITELIST_IP in mattermost and moodle examples41e8f5c93fix wrong init of counter in badbehavior and fix nextcloud/docker example8e7205062ci/cd - reduce dynamic subdomains for k8s tests because of annotation size limit of 63 chars1bc42204dci/cd - use dynamic random subdomains to bypass LE rate limita1e44f6e4Merge pull request #431 from gin-gitaxias/staging7ccd3ef92fix moodle/swarm example and disable reverse-proxy-websocket test8b54073a7fix missing backslashes in autoconf custom configs and add missing full reload after custom configs update622f2eb2aautoconf - check if service exists before adding config5d14813befix typos after basic testing9f7060564autoconf - add missing import and fix double lock release937cd10eerefactoring and various improvements6af3b985afix deadlock in autoconf/swarm and fix missing favicon in default and loading pagesf6ed21b3bautoconf - fix global custom configs not supported in k8s/swarm modeeee03c4aeautoconf - fix variable typo in k8s watchecf4e77b3autoconf - fix deadlock in watch loop0b71819d2watch services for autoconf/k8s and support real IP in default http serverd3d0136bfvarious redis fixes and improvementse80965ca9lua - fix wrong variable name in access220374db4ci/cd - fix syntax error in jobs9b8606d40fix redis hostname for k8s files and only append tasks with a desired state of running for autoconf/swarmc843be074reverse proxy - allow all chars for URL settings6a65104e7fix return value of clusterstore.connect and disable auth basic for LE challengesb429201ecadd missing LUA import for clusterstore and fix prestashop docker examplea9ce32c26added a more precise scan response and modified .json like askedf4442b642ci/cd - fix syntax error in k8s test class1c3c0d63bci/cd - fix missing k8s create infra jobe8c6d04aaci/cd - various fixes for k8s tests1caa9a1e7adding reverse-scan5d41a5b98Merge pull request #1 from gin-gitaxias/reverse-scan77fb8c420Add files via upload1bb79b155linux - add geoip deps to rhel rpmcf8644602Merge branch 'staging' of github.com:bunkerity/bunkerweb into stagingea1394b04ci/cd - add linux/rhel tests, fix docker/behind-reverse-proxy, fix missing stream module for linux/fedora and remove placement constraints for swarm87bd26da0Add threatmap to READMEb3eb64745ci/cd - temp disable autoconf tests and add missing packages for linux/centos202f21aabfix syntax error in ApiCaller55a36f719fix docker/joomla, fix autoconf/nextcloud and fix API calls for swarm tasks1c3f094cdci/cd - fix wrong yaml edit for swarm and append LE settings for k8sf07c0e66aci/cd - various fixese8ee460effix CVE-2023-0464 and CVE-2023-0465dd2c8cbcdMerge branch 'staging' of github.com:bunkerity/bunkerweb into staging2d11a1c72fix nextcloud modsec rule id, fix k8s pvc definition and remove useless logs from linux/start.sh4f334a577Add sleep between BunkerNet registering and ping to the API to avoid being rate limited283828e8fFix Now support WebDAV methods in the ALLOWED_METHODS setting's regexe50c92250various fixesb8b50b165Remove check for messages after creating the service - tests-UIe88406b5dFix ui tests with the new UI922b32b2eMerge pull request #429 from syrk4web/staging671db37f7fix autoconf/cors, fix docker/wordpress, fix wrong image name for k8s/scheduler and upgrade tests instances for swarm/k8sbe71b0781format logs instance to avoid error9e1876fealogs fix + checkbox fix4d245f9fechange cache/download to jobs/download6d16a766ffix service delete + change style5e598e90cfix bw-data volume not reused between docker tests, fix wrong bw-data volume path for autoconf tests, add let's encrypt to autoconf tests and fix temp env not generated for linuxdc8b7dbe7fix form inputbf22faddcremove php-cookie-flags from tests, use HTTP(S)_PORT for temp nginx on linux and fix wrong volume path for autoconf tests6c6845a79enhance some responsive + change api461789aedci/cd - fix BW CVEs and fix Linux restart318228e59change and fix service logicfa7c7ac91ci/cd - add www volumes for autoconff88eced33Handle services settings sent to the UI better357dc3e3aMerge pull request #428 from syrk4web/staging283306a07Remove CVEs fix, it's no longer needed for now276a96c55Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging19870f154various fixes for linux and get ui tests exit code from container2485a47b2Update python depsbd88f9743fix id rename error82d8180d8Merge branch 'staging' of https://github.com/syrk4web/bunkerweb into staging41f43c46dfix multiple0f632803fMerge branch 'staging' of https://github.com/syrk4web/bunkerweb into staging53f480a66enhance multiple logic + fix conflict1cf4a5665disable healthy checks for docker-poryx and dummy app in ui tests, add --no-reload-linux flag to generator and fix missing self arg in autoconf041142a4fadd healthchecks to ui and autoconf docker images4f9748cc2earlier init autoconf in DB, healthcheck for scheduler and fix syntax error in linux/start.sh54813ecd4Merge branch 'staging' of github.com:bunkerity/bunkerweb into stagingd97b5e104various fixes8031c5060Start handling disabled checkboxes + multiples58ab870b2increase cors/k8s/swarms timeout and fix tests/ui container namescceda705bupdate flash count on removee91f3dc22Add a log when database is ready in UI + Small refactor of the Configurator1e9a55c24Add small tweaks to the UI and scheduler Dockerfiles7dc26dafaFix disabled checkboxes no longer always have the value no with the UI7dc25b3a5fix redmine/docker example, remove double AUTOCONF_MODE in integrations, remove useless backslash in start.sh/linux, rename container for ui/tests55d24a8d1Change mmdb-country job to download the file only if needed9e009f7beMerge branch 'staging' of github.com:bunkerity/bunkerweb into staging73b640bd3fix cors/docker example, add missing AUTOCONF_MODE=yes to integrations YMLs, proper save_config for Linux and fix image name for UI tests87bccaad6Add `AUTOCONF_MODE` setting to scheduler in integrations examplesd331131c0increase timeout for php-multisite, add API_LISTEN_IP setting, edit default variables.env for Linux and add more logs for tests578a1a8c8Add more precise logs in the jobs pluginscb808c0adFix bunkernet-ip.list file not being created in case of an error (same as 1.4)c8d39ba6bFix scheduler no longer running as root + Fix permission errors with downloaded plugins4a67a5f56Merge pull request #426 from syrk4web/staging4dea680acenhance style + some fixd81088272Change the category if the user needs to log in in the UIe003b751dFix when saving plugins with pagesb829e4edfFix false positive error with plugin page in web UIfc3ef3346Add UI logs into consolece85bc6b8Fix openssl no longer prints progression in the console2e144bf46Merge pull request #424 from syrk4web/stagingdefb2c333Change the way the error page is rendered2ae37ce8dFix regex for ANTIBOT_HCAPTCHA_SITEKEY settingf335364fcLint antibot.lua16842fef1Fix errors with missing % symbol + fix errors because of the symbol5f5a5a890Fix css in antibot html filesccde5c74ffix real ip jobsd3402ff3fchange loading, error and test filesa02218bc8end examples refactoring5845446b9Revert "Fix errors regex, authorize same path for multiple errors"be0df4160Fix errors regex, authorize same path for multiple errors89812362acontinue examples refactoring5d214497bFix don't try to add an instance when saving the configuration with the UI808b7b220Update jobs connect to the database only when neededaa0eff749Fix regex in redis plugin that was breaking the UI + fix ui.conf missing comma + remove unused variables in templates1ac434a5bUpdate python deps9c22f1e97Refactor the py filescfe5c6063examples refactoringe37e6c346Fix mixup of swarm and kubernetes when reading env variables + refactoring0356250d9Fix problem with the bunkerweb container and plugins548d157feFix check if the Database is on read-only before trying to write7c5aa4897Update version string size to support new format61b9517a8Fix error when multiple jobs are trying to write in db at the same time8c67d08aeLint code966f57ceainit work on examples refactoring0210ddd88Add realip settings values to the initial BunkerWeb settings6f29756ddci/cd - pull only interesting images for UI tests2b1dbb1d4fix default cert path again and ignore pull errors for UI tests74a11c2edfix wrong cert/key path for default serverb3769b6e3fix missing then in blacklist.lua, disable site search in redis.init(), remove counter from reverse-proxy/stream config and fix ui tests compose pullc7d8b7dc1update resty core and http lua to support latest version of stream lua and various fixes related to ci/cda62ef9f54add missing init-stream-lua.conf and various fixes for ci/cd65611020dfix duplicate datastore http/stream, fix missing /var/www/html for linux and various fixes in testsb28668d68ci/cd - revert back to old condition for pulling images706305917ci/cd - fix wrong autoconf local image name, add missing secrets for tests-ui, fix wrong IMAGE_TAG for tests-k8s and try to fix pcre issue on linux2d440d26eci/cd - add missing runs-on for reusable tests-ui93945f391ci/cd - add ui tests5e31b6c4afix CVE-2022-1304 for autoconf, add missing load_module for ngx_stream_lua_module.so and fix missing -lpcre in configure step01fab4162ci/cd - fix CVE-2022-1304 and wrong TEST_DOMAINSaa614b75aci/cd - replace Test.py with latest one, fix yaml paths, print logs when k8s stack is not healthy and fix wrong linux docker image name88a295517ci/cd - fix log() callb95d1bc6dci/cd - add missing log() and fix TYPE for linux tests2604d9a56ci/cd - trying a hack to support dynamic runs-oned4d94529ci/cd - trying to fix runs-on problem53410e831ci/cd - remove steps609210021ci/cd - inherit secrets for tests workflowa168f2bceci/cd - fix rhel build and runs-on for tests8bf211bc5ci/cd - fix linux package generation (again)9250faa52ci/cd - fix linux package generation139eaa2ddci/cd - add missing scripts7149a34ccci/cd - add empty .trivyignore and rename redhat to rhel5c5dbcfc7ci/cd - fix type in push-packagecloud workflowe826c619fci/cd - fix wrong quotes in delete-infra workflowb24cbf73dci/cd - fix wrong quotes in tests workflow99e27c430ci/cd - add missing input in tests workflowee0e608deci/cd - fix negative conditions10f9658f5ci/cd - fix wrong jobs name in needs27bac0382ci/cd - trying to fix dynamic runs-on97627cf83ci/cd - pass runs-on to reusable workflows8969b1e72ci/cd - remove version from reusable workflows8ca292fb3ci/cd - change reusable workflow paths8e73eb87cci/cd - fix syntax errors46e3078ddci/cd - crash test incoming95c5e2e47ci/cd - move dynamic runs-on from reusable to staging workflow131857a9bci/cd - fix wrong indent in staging/delete-infra-*fc1cab1afci/cd - remove subfolder and continue work on staging25729fda7ci/cd - init workbb2d868faRefactor tests5e3dadbfeRefactor ui7fe168892Refactor scheduler36b5c372eRefactor Instance and remove unused method596258559Accept incoming changes for misc jobsc5a10aaa3merge default-server-cert job06acae405rename *CUSTOM_HTTPS* to *CUSTOM_SSL* and continue work on stream support6bf59b59aRefactor the plugins jobs7a8a75901Fix multiple CVEs (see comment) (finally)10ec01e7bFix wrong env var name in realip plugin947ecf81fstream - add is_stream variable to check if we are in stream or http mode4f4c8ebf0init work on stream support79036e975add ngx_devel_kit and lua-resty-env deps, support set_by_lua hook for plugins and init work on whitelisting support with modsecurityc2402b118fix duplicate root error when bw is starting, add modesec rule to core ui and init work on k8s/swarm integration filesdbd052e9aRemove unnecessary import and use parent list of supported custom conf insteadfb917960bRevert changes on the custom conf regex for the autoconf26de0a233Lint files0faa34ac7Add a regex to the setting REDIS_HOST1d9459202misc - add missing page.conf1b113236aMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev29b373148misc - default pages for default server6cb714be0Start adding integrations examples99b85ec8aFix Apicaller error with swarm37114ee2fMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev902fe6ad0bw - init work on redis7bf034fc9Fix being able to delete autoconf services from UI (shouldn't be)916caf2d6Merge (soft) 1.4 branch into dev branchf8e31f287Update mattermost to use a static image0f35c05eeIgnore multiple CVEs due to missing deps in python:3.11-alpine846e26e41Fix multiple CVEs (again)ebc7fbbceFix multiple CVEs (see comment)f4081ebd3Handle more errors with Bunkernet job3b01b5144Upgrade the way the jobs run_once are executed8fa94d6a5Edit DockerController regex to handle more custom confs and fix modsec conf mixingc92d4224fUpdate python deps + add cryptography for autoconf and MySQL579975899Fix checkbox not being sent when unchecked + double settings tab in UI935805721Fix CVE CVE-2023-22490 and CVE-2023-23946c671ccf7aAdd unauthorized_handler to UI5ac64758eMerge pull request #417 from syrk4web/devfdd0da35dMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev34d12cd55Fix file manager always use the database now + create log file for UI if not exists47ccd9f04Log events back in the UI39b0f3f19fix + show one mult group7828c0225add checkbox fallback + DL scripte425eef9aFix weird shinanigans when saving services configb75bc0344Adjusting upgrade on file variables.env79dabf763Change the way bunkernet check on which instance type it is3f462fb3bOptimize logger84f3a894fFix cache files not showing on UI93933bde7Fix custom conf MODSEC CRS being interpreted as MODSEC onlyc22bccc76Correcting nginx version for debian installation8bedc9ce6Correcting doc3a60b3463Modifying doc for packagecloud problem9efa21709Correcting fedora packagecloud probleme3410058fCorrecting Ubuntu/Debian60ac00f5ffix inp value6b13fbb84change svgc89205016Adding Rhel integrationcb77a7010change logs datepicker8b0d8a9d3remove log + fix service tabfacb597eefix float buttons89930f1a3Remove encoding from Database engine args6122d59d8Update python depsd3a02be59Rhel cannot be supported yeta51aa27e4Add some checks and solutions to rare syntax errorae8e65057Fedora upgrade working Correcting backup during upgrade Database backuped TroubleShooting some errors with OS Centos working77f41a059Backuping old confs working8fcba30abUpgrade Debian/Ubuntu working2e9a0c79efix select hover style64961e395Remove unused importsb662d8453Update python deps and remove oracledbe9d981a56Fix checkbox being disabled every time39418790afix popover content3d96fdb34update dashboard580f33e56new file el is hidden on nav4f6244e74Lint code1f2076756Update Python depsdcf9e301eFix UI not exiting correctly with gunicornf1a28b01bMerge pull request #408 from syrk4web/dev5739144e3Fix bwcli /bans commanddf7bbb960Update VERSION to 1.5.0dd0f56bb0Add password type for settingsd83d3aa3dFedora working Modifying centos systemd Adding %postun to rpm Modifying postun deb Centos workingb85e6ee6bUpdating to Fedora 37ca0d88fccUpgrading script: Ubuntu & Debian working835f85d5denhance input field stylec4b5ddb95Add setting to intercept specifics error codes86c81a621Merge pull request #407 from syrk4web/deve6cb5b0b0Made the UI independent + update job download plugins0ce5f216dhandle password inp44ce5381cFix CVEs12b4cfa22Merge pull request #406 from syrk4web/devd7ee3ad66fix file manager dropdownefbcfd0e2Beginning of automation testing for linux packages50b83790aMerge pull request #405 from syrk4web/devbf1d19f33remove prefix multiple input4d49f2f4bImproving and correcting problems on packagesf5d87849aFix errors in the UI when a service have multiple domainsd6d1dd1ceMerge pull request #403 from syrk4web/dev0f5a73430add condition for servicesa5256dd80Fix IPv4/Ipv6 CIDR regex591a20cd8Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into devc56fccbf2Adjustements to upgradea3a5c1c74Add ui tests requirements to the updated python depsb1c99e408Add tests for the UI65f2bf09bRemove the idea to store logs inside the database7beb400b4Fix stop gathering all the logs every time with the auto updateab163ce13Fix services settings saves and plugins deletion6932f3dedAdd a new script to update python deps and update python depsd14372075Fix tar error when sending /etc/nginx to BW9edf789abUpdate python deps4b3b9b326Merge pull request #397 from syrk4web/dev557db479crefactorise logs script13f1dadf5Merge pull request #396 from syrk4web/devadf96cadcremove useless filesd2a634e7fplugins + global_config fix1aaac2dcfAdd regex for settings.json871807b80Add small fixes and tweaks4c5172edaCorrection of problems331d58324Fixing detailse9c1b0cf8Adjusting some detailsc220e5997Linux UI fix13fbbfb67Update job database while locking the threadsea4ceae7bFix isPage logic in menu (UI)8ee0ec88fRemove test files in UId81c52654Lint ui files and change .prettierignore file5cc80d2baMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into deva6295248cMerge pull request #394 from syrk4web/dev38b59954aLint yml files146338de6Refactor every .py filefcd8d8746open another tab for doc051192791change style9c80cdb32add plugin page logic to menu7689dac76Filter CVEs fixes in Dockerfiles0c8dfaaabUpdate bw and autoconf Dockerfiles for let's encryptc5d3e77c1Fix letsencrypt permission error and optimize the ownership commands in scheduler8304116fdSend more variables to the home page front4379e21eaShow dirs of every services even if they don't have a custom config148d9d2d4Remove user override in the job scheduler when executing jobsc6498eda7Add new php-cookie-flags examplef97e056ffUpdate jobs13fe4b6eeEdit core plugins regex + make COOKIE_FLAGS multiple + edit DB model accordingly2b2eadf44Merge pull request #392 from syrk4web/dev342fe956fchange data creating new servicebb7ca889cenhance darkmode + fix + factorisationcdc3cfc81add toggle multiples + style191c88238Merge pull request #388 from syrk4web/devdbe49bb8fUpdate intro image7bdc46057Change how the edit works in the config (UI)364ef13b5Fix error by calling a method on the wrong variable1142ace55Fix rare error with the jobs return code477e87a2fnews script + multiples groupsa04f983a0Merge pull request #385 from syrk4web/deve5574fbdcchange flash messages styleb1ca47253Small tweaks and handle services variables better98bda4d1eRemove unused line in Templator0b1be727fOptimized the storage in the Database47526dc8aMerge pull request #384 from syrk4web/dev00d3073b0get custom method and check disabled state02d10f619Fix datepicker.js not being found because of the capsda634af4aAccelerate send_files methodbe0ee60cdhandle stop signals with the web-ui064f9eef9Remove lines that will never be use in save_configec15a4e88Handle stop signals from Docker in the schedulerc49f50da2Move BunkerWeb entrypoint to the correct dir48bbb5e39Merge pull request #382 from syrk4web/devb944de9e8change service multiple script07ab3deb0Remove unused lines in selfsigned joba4e863f09Update authentik and migrate the example to the 1.5eeb810546Migrate authelia example to the 1.5e2b2505d8Fix saving config for multiple settingsa0c2db7a0Fix how the config is get from the database4595295bdfix tab focus style + dark mode style0bd6d5655add flash script to login + enhance style6f5aab11dfix footer padding37380b977fix get multiple settings only3f6432f4bMerge pull request #381 from TheophileDiot/devff84656cdUpdate examples + add static versions0e29d9f1fenhance and fixc195ffc86Fix autoconf not working properly with the shared volume291d64e29Update community example + linting4346322f7fix services settings on modal openf2daf7368Merge pull request #380 from TheophileDiot/devba9c16a5dMerge branch 'dev' into dev0db1550f2Changed the way jobs' cache files are downloadedfa54ebd49Made a few tweaks + change the plugins for the services modals0290f509eadd plugin_name (change values)77931b623add plugin_name6560ca086test0d0f1aa95Merge pull request #378 from TheophileDiot/dev03e98985eMigrate more examples and lint016a8cd6dchanges5263be27dChange the way jobs are downloaded + folder created in configs7813b51dbMerge pull request #377 from TheophileDiot/devc4bd535acAdd autogen back for docker and the autoconf243c4ca78Merge pull request #376 from TheophileDiot/deve9687a5b1Remove unnecessary comments8537eea89Merge pull request #375 from TheophileDiot/dev3c9574daeLinux: Updating nginx to 1.229f84e02d8refactoring services modal logicb105896b2add rename formff83b342dfix issues8e31672acMerge pull request #374 from TheophileDiot/devb3d80d7a6Generate requirements with python3.9 + use new resolver6bbbe70eeMerge pull request #373 from TheophileDiot/deve33bad4b9Fix comments + updated passbolt to support the 1.537f21c5d4Temporarily comment the post fetching343d9d09eShow plugin pages even if there are none0a4f0eb57Fix error with jobs wrapper1d4998356Fix darkmode + Add new variables to pass to the front547021e7bFix job fetching for never ran jobs0954e82f4Fixes some bugs in the UI related to the plugins3c5f6002dfilter script + manage files + fix css + enhancee988aacf3Merge pull request #371 from TheophileDiot/devcce181a29Update customcert job9ba06b64dUpdate README7f2eadaccUpdate python version for the scheduler and requirements8d6c3d0b8Fix db get_configcc748a048enhance responsive + add loader3bafe137drefactorisatione9dfb59f3handle settings type multiple (fetch, add, remove) on services8e5dda520Changed the way the config is get from db368122181start multiple add and delete logicfee59a51eseparate multiple from others inputs50ba22914upload plugins + jobs template + global enhance94b0e6a0dChanges on the flashed messages2e0a733cdMerge pull request #370 from TheophileDiot/dev103e4a0aeUpdate modsec CRS to v3.3.4f0f9d7dcfMerge pull request #369 from TheophileDiot/dev4dabe6daeAdvancements in the examples migration to 1.5115bfbdc1Merge pull request #368 from TheophileDiot/dev81ad9e9acUpdate examples and add docker-proxy82ab6c7c4Revert "Remove unsafe deps in the requirements and install setuptools manually"b578823a1Remove unsafe deps in the requirements and install setuptools manually7fb61b5efNo longer dump the jobs to the front37ece3de1Merge pull request #367 from TheophileDiot/dev719d779e0Start updating the examples to the 1.52889b2638Merge pull request #366 from TheophileDiot/dev3c3bb7f20Fix the way we fetch the config from the database (with suffixes)f0d0dac91Add the variables back instead of the "_" so it doesn't create an error62ab9944cFix scheduler errors with sqlite in autoconf739190051Make the bunkernet not run in a thread to avoid errors840ef8cf8Fix typo in selfsigned job5a95e6703Edit the way the UI updates the config34b5aba1cMerge pull request #364 from TheophileDiot/devb7f60dbdcUpdate deps and requirementsa0634b573Merge pull request #363 from TheophileDiot/devc0efdf9c0Replace /usr/sbin/nginx with nginxdb35e575eRename variables so they make more sensb22cc44d8Change the way jobs are sent from the database4e96e57e0Make certbot compatible with 1.5aaeda5300Change the jobs logic + add support for arm657722922enhance templates844b06e28Fix how the jobs are sent to the front3a0727b5clogin template done0f5756cfbenhance logs + prepare jinja variables08e7c2104plugins done + add name to settings6b5d6e07eRevert changes on the check_settings function3ccc12d78add dropdown + responsive3ed3fbe99Autotonf now update the instances tooe56f96d04Update database model + Save instances to database + add the option to add logs into the databasec87c3637dstart plugins template3a5d14952Made few tweaks with the home page + remove useless functions55e76b280Fix path for dropzone's scripts64d261accChange the way logs are parsedf13455d11send timestamp with ms7aac0c352fix msfb2e41c11logs params2967ed98cfix fetch4f9b2120etestf1e614faechange ternary operator for fetchfa5719db7fetch logs + liveUpdate filter2a2f2f1e9Fix scheduler error208716722Merge pull request #361 from TheophileDiot/devfa98003f2Thread the jobs run_once89e8839bbOptimize the regex for the core lists51c5836aechange logs script/template + continue jobsf61b4428bMerge pull request #360 from TheophileDiot/1.5a96771881Change the logs date format + start editing the logs endpointd30adf670Changing rhelbf19cfe3dMigrating Linux to 1.5. Still some details to adjust to be perfect0cd6ed1afWhen downloading new plugins, update the database properly + update job every time now8f75af3d6edit the .dockerignore4f4beeef9Create the database variable even when passing the variables, just in case7347fe9bcupdate jobs only onceb509ce16eCopy the files after installing the requirements64601ebf5Remove useless warningsc9238f993Merge custom configs generation to avoid repetition192c6755cUpdate db for the jobs that are ran only oncec14765c6cChange the way jobs are sent and how we update external plugins888bedd51Change how jobs are send from the databasebabb1c72cRevert "indentation"44c74f9beRevert "indentation"984b6c5f0ci/cd - speedup codeql by ignoring some folders not containing python files355c947a4start jobs template + enhance menu272de0b8bci/cd - fix codeql config pathd9fc713c4ci/cd - move codeql config to filec2503d63dci/cd - add codeqlb098478bdenhance service + darkmode scriptfa1739439ci/cd - init work on dependabot82df3f17fci/cd - init workf02adf300indentationc1031cb2cindentatione8581ecb4enhance news/menu/base + logs scriptseb99d00daRevert "enhance news, menu + end logs scripts"a7d3d0452enhance news, menu + end logs scriptsc7556a39aMerge pull request #358 from TheophileDiot/1.5e02e9c9ecEdit how plugins work with the UIf1d7add73Merge pull request #357 from TheophileDiot/1.51252d1651Add the jobs feature and add the link when using sqlite2154c7f54Update database default DATABASE_URI7957f63b8Merge pull request #356 from TheophileDiot/1.573668b476Optimize plugin gatheringb3cfc1f01Remove unnecessary lines and add plugins_errors endpointb57e50db2Send needed settings with the services in uia0e66ab30Change Database default path for the sqlite filefdd393826add ui work in progress6b9a6a7e3Merge branch '1.5' of https://github.com/TheophileDiot/bunkerweb into 1.5277e37bceRevert "add ui"05d4b77bbMerge branch '1.5' of https://github.com/TheophileDiot/bunkerweb into 1.5e7e43e64dAdd dark_mode to uid40a93cb7Revert "add ui"d102f027fadd uib70d97671add ui7db7aee7cMerge pull request #355 from TheophileDiot/1.570844ca60Fix database with autoconf1a7d8978bMerge pull request #353 from TheophileDiot/1.593c74154afix fedora python deps bugf2eabc0dffix centos python dep bugd199f124bremove exits in ingress controller3ec15eb4bUpdate the docs from dev5a8f81256Merge branch 'dev' (softly)d214352b7Merge pull request #352 from TheophileDiot/1.5891757dabAdd support for arm + change scheduler python version8dd377562Merge pull request #351 from TheophileDiot/1.5630cf8b88Change the way services are sent to the UIb0c09b4deMerge pull request #350 from TheophileDiot/1.5fa655e6f0Remove no longer used install.sh and uninstall.shc8fbcbeaeMerge pull request #349 from TheophileDiot/1.532101c3dcMove UI deps, Make the DB compatible with PostgreSQL, MySQL and Oracle035eed8f6ui - add custom PYTHONPATH in Dockerfile2a3e24bd2Merge pull request #348 from TheophileDiot/1.53984c4b0dSeparate deps and change prettierignore file and pyproject47afdc88eMerge pull request #347 from TheophileDiot/1.501bb6f5e6Stop converting the files content to base64 when sending them to frontc35874797Return dumps of settings instead of the dicta8f27ccb1Merge pull request #346 from TheophileDiot/1.5edce79936Update the structure and the paths04578aab3Changing path Linux folder5ae714fc7Merge pull request #344 from TheophileDiot/1.5f65a4cdd6SMall tweaks on the UI + edit the ConfigFiles edits06aa73fcfMerge pull request #343 from TheophileDiot/1.50811aad7fEdit scheduler and change DB858f6e00fChange python versionb279d0240Fix BunkerWeb gen on startef7fa5b4fMerge pull request #342 from TheophileDiot/1.511bcd9824Merge branch '1.5' into 1.5bacef768cAdd integration manually in bunkerweb5ec179affThe UI get the custom configs from the database0e6a5f3f9Merge pull request #341 from TheophileDiot/1.5eec00ba2bUpdate the Database and make it easier to gen479b556fbMerge pull request #340 from TheophileDiot/1.5375776e7dFix UI path_to_dict with the cache filesdf62fd410Merge pull request #339 from TheophileDiot/1.51f58d0c51Edit dockerfiles6c07f9967Merge pull request #338 from TheophileDiot/1.5069b45f37Add some tweaks850530cd0Merge pull request #337 from TheophileDiot/1.501b414552Make the Database support every feature + updatesa12d013fcMerge pull request #334 from TheophileDiot/1.55f8353c11Adapt everything so that the UI can work with every integration (some more tests are needed)fe8962592Merge pull request #333 from TheophileDiot/1.566fb266f8Centralize Database and optimize requests7a03ed33fUpdate pip in Dockerfiles every timeb09c05d3bUpdate BunkerWeb deps9c02d5f9eMerge pull request #330 from TheophileDiot/1.57d743e198Update the database and the core plugins accordinglyce6f01cf0Merge pull request #329 from TheophileDiot/1.59140dc324Optimize Database connection and ApiCaller81307c82cMerge pull request #328 from TheophileDiot/1.50edef7c52Use Python 3.11 where we canfe774e000temp nginx is dead, long live to the IS_LOADING setting0bf402fd7Merge pull request #327 from TheophileDiot/1.548242b9a3Get all config with generator0b73ea856Merge pull request #326 from TheophileDiot/1.509378458ddb.get_config() get entire config and doesn't filter anymore100849023Merge pull request #325 from TheophileDiot/1.58b54762fcFix db init with autoconfcfaeb1013Merge pull request #324 from TheophileDiot/1.57e53bfe55Fix gen for Docker integration54530d535Merge pull request #323 from TheophileDiot/1.579eea0e99Linting + starting to migrate bunkerweb to the 1.5316b84ad3Merge pull request #318 from TheophileDiot/Feature-specific-order-for-pluginsba56c9f55Merge pull request #317 from TheophileDiot/Fix-scheduler-error-reload-nginx-linuxa8f79e58fMerge pull request #303 from TheophileDiot/Fix-custom-conf-disappearingb2a7e053bMerge pull request #314 from TheophileDiot/Feature-blacklist-ignore96e656273fix indent01cecf14eMerge pull request #313 from TheophileDiot/Feature-max-client-size-edit-modsec873ccad9bAdd MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS (#292)97bf473e1deps - add update checker for deps (#293)5af2fb778Complex example using autoconf (#271)bd4c94e83Add specific order for core plugins and check thema96a8a8c2Fix incorrect message while reloading nginx + more details on error446ff93a4Add ignore blacklist feature5fdcc9e58add g/G to the available file measurement unitsd207aa4bfVariable MAX_CLIENT_SIZE change the SecRequestBodyLimit value57ad9d7eeFix old custom configs where never deleted7860aeab9Merge pull request #312 from TheophileDiot/devcac220023Fix small typo in autoconf integration5d9dc88ccMerge pull request #307 from TheophileDiot/Restrict-access-IP-NET40863f28aMerge branch 'dev' into Restrict-access-IP-NET67d514b53Merge branch 'master' into dev51e96416dMerge pull request #304 from TheophileDiot/Fix-Endless-loading-after-update-serviceace1dfca2Merge pull request #308 from TheophileDiot/Fix-docb9e5badd9Fix last typosa9865f850Fix typo in plugins.mde3d0120a0Fix minor typos in the doc9214bb939Merge pull request #309 from TheophileDiot/Fix-flask-dev80c1b225bReplace flask development server with gunicornde0954facFix typos in the docs27b4ff330Add the greylisting feature06f65ffe2Change the exposed port to 7000b0a887a15Fix errors and warnings when editing a service803ff8cb5Fix CUSTOM_CONF_SERVER_HTTP disappearing after 60 minutes (autoconf)94ce249d7[#290] Fix typos in docs478e98018ci/cd - temp disable k8s test8f44e108bci/cd - add docker system prune72caf907aci/cd - temp disable swarm tests01acb1cf3ci/cd - temp disable nextcloud/swarmfc3c7892dci/cd - add missing prepare for prod tests2a04a5642ci/cd - update ruby version for CentOS builder6afdb298flua - fix pcall for asn/country mmdb lookup04019a617tests - fix nextcloud/swarm34649bf33docs - add Ansible to README469a5343eci/cd - remove old linux packages before building4244399ebroad to v1.4.3 🚀66029a316tests - edit prod workflowd0c245ba8tests - fix bug when testing if a swarm stack is healthy5633d5ff5tests - remove mongo-express/swarm61d57b4ebtests - fix mongo-express/swarm76f035e21fix wrong DENY_HTTP_STATUS setting in docs, fix autoconf ghost/prestashop tests and some UI warns/errorsb35dbdffctests - fix ghost/docker7e226301dtests - fix prestashop/docker8f273a929ci/cd - fix missing comment chars45f4e06acroad to v1.4.37fe58ddd5tests - disable systemd start limit561e64a89tests - road to debian29933fdebtests - add unzip package to linux container7915da6dfdocker - fix CVE-2022-3209d8f6c2756tests - fix configs perms for linuxcb56e7d04tests - add chown for custom linux configse84734314tests - fix linux/drupal (again)4caae414dtests - fix linux/drupal8a23b96bftests - disable linux/moodlea4fd701d5tests - temp disable linux/proxy-protocol39ed524f0tests - add missing variables.env for moodle/linuxd0e3f3ae2tests - call cleanup-linux.shb0fa57b05tests - replace restart with stop+start for linux testsec1136085tests - print logs when setup_test fails3be348ebetests - add haproxy cleanup for linux tests884ca0f6dtests - add missing variables.env files for linuxe4321629ftests - road to linux tests 🚀c277a33e9tests - add missing which command for fedora512c60c51tests - add some debug info when linux/setup faile64cc29a8tests - create /run/php folder for rpm linux distros42d29743blinux - fix 755 perm on /opt/bunkerweb505d5c2aetests - fix behind-reverse-proxy/linux70992a0b5tests - fix haproxy logging again7e5465c59tests - fix haproxy logging againf5606b693tests - fix haproxy directive265742cd9tests - haproxy add logs0580662cclinux - copy current variables.env to make temp one8e15e2a40linux - set /opt/bunkerweb permissions to 75517801caebtemp disable arm552588adftemp disable arm5849c66e6tests - fix www.conf052dc2346tests - increase php logs verbosity for linux tests331c7e954tests - add debug log file for PHPf71ad0f65php - fix fastcgi_params path34c648830trying to fix PHP bug in Linux5c99a4b0erefactor linux/start.sh and fix tests/cors www copyeb6f0d673tests - fix purging wrong folder for linux tests6ea38b1f7bunkernet - fix wrong import in register jobb5c07dda0tests - add cleanup for linux tests17b6b0fdctests - fix PHP www.conf for Linux512ed7200tests - add cors/linuxd8071e4c4tests - install php-fpm790fa37aetests - fix behind-reverse-proxy/linux6005a8f73tests - fix behind-reverse-proxy/linux again and again09f56a1c6tests - fix behind-reverse-proxy/linux again0c4d2edf1tests - fix behind-reverse-proxy/linuxd53c54d4btests - add behind-reverse-proxy/linux093d426bcbetter management of registration with BunkerNet and fix syntax error in LinuxTest3762c3874tests - copy variables.env for Linux tests55525abf1tests - fix mattermost/k8s23f8ec957UI - fix container CVEsa38ca5138docker - dont generate config if already presente92938f00autoconf - fix container CVEsc2ad79a79Docker - fix CVE-2022-374348eefb4bf5examples - fix mattermost/k8s6d1ef606fexamples - fix nextcloud/k8s95c4ce723enable bad behavior on default server and various k8s fixese295b020etests - increase redmine timeout and add pvc cleanups1e499db50examples - fix gogs/k8sa64276136disable bad behavior if client is whitelisted and fix redmine/reverse-proxy-multisite examples115d517c7tests - add delays7c1474cd8examples - fix moodle/k8s port number305870cc2examples - edit moodle/k8s port number3df0f8505tests - add delay to moodle897528b73tests - fix magento/k8s again4f4c446f7examples - fix magento/k8s again69848dcccexamples - fix magento/k8s0516f0a83tests - assign bunkerweb-controller to srv141524a9e3tests - force pv0d44b098ftests - fix prestashop URL0e315dc5ftests - edit prestashopHost value5741391detests - change k8s service type of prestashop to clusterip6adff9cebtests - increase timeout and remove pvc for prestashop/k8s97a2caf06tests - fix Kubernetes missing variable assign865f4f1b5tests - fix prestashop/kubernetese8305b0b6tests - fix missing prestashop/kubernetes.yml840b875f7docs - edit plugins page978bbe9caexamples - fix missing configs subfolder in nextcloud/bw-data502c9f2feexamples - fix radarr/swarm1c4f8bf55tests - automatic volumes prune for swarm testsb6e2ad22atests - fix joomla/swarm216686fc8tests - add delay parameterd648b1fbetests - increase magento timeoutd3b725294tests - wait until swarm services are runninga48200bc0examples - fix reverse-proxy-singlesite/swarmb429dd804tests - increase timeout for swarm healthy check0440c61d0examples - fix gogs/swarmae36b9899docs - quick edit on PHP9a83fadd8examples - fix gogs/setup.swarm.sh permissions09141f204examples - fix magento/swarmedf5421bfexamples - fix permissions for magento/setup-swarm.shc67564c7ctests - increase timeout when doing requestsb07637009examples - fix mongo-express/swarmec35b0a54examples - fix mattermost/autoconf95e3022ebexamples - fix autoconf/reverse-proxy-singlesited63538fd5examples - fix wordpress custom conf variable name for docker/autoconfe01b24072tests - ignore error when replacing patterns in files (binary files)217924fe4examples - fix reverse-proxy-singlesite regexbb6d02e0fexamples - escape dollars in reverse-proxy-singlesite compose files5c42fb58dtests - fix reverse-proxy-singlesite2f8c5a1e9examples - fix host for reverse-proxy-multisiteaf866e825edit docs/integrations for ansible and fix examples/mongo-express compose filee90d4cc7etests - fix json for reverse-proxy-multisite70ac3c01btests - fix missing arg no_copy_container07a962466tests - inline configs for docker/autoconf87c57c67ctests - refactoring on the road, still needs some work8fb03a317tests - on the road of refactoringdc8570ca8tests - add status type151378570tests - refactor mattermost example4e7d795eatests - support custom cleanup-kubernetes.sh script and refactor some k8s tests with helm chartscc9d228abupdate compose version to 3.3 for swarm examples so config directive is supported181957147remove trailing space in DockerController and add missing bunkerweb prefix for autoconf-configs example324feb593autoconf - fix missing configs update for DockerController22398d567cors - fix typos in autoconf.yml5119c8da7gogs - missing setting for autoconf0fca93e3etests - sleep 30s between autoconf tests17e14f4d5tests - fix wildcard with sudo3a46d318etests - remove only content of subfolders4eff0c3f9tests - fix behind reverse proxy urlbf58a17b8gogs - add setup-docker08d8bc880tests - remove whole subfolders in bw-datab38f7c54etests - add kubernetes-configs and fix missing s in urls06f7fb096tests - fix docker-configs (again)b7101eb47tests - fix docker-configsa08b51bd0tests - fix gogs expected stringb2bcfb8c7tests - fix hardened expected stringd3014b42fexamples - refactoring in progress7eae49719tests - prevent default rate limitbe21b3933tests - fix sudo cp again7bb881aa3tests - fix renamea607bd67ctests - replace python cp with sudo cp6d06a32cctests - list example_data as rootc5526ef2fMerge branch 'dev' of github.com:bunkerity/bunkerweb into dev75b2ae868tests - fix example_data path for docker72965e230Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev201e2cf0fCorrection logs Linux203397444tests - init cors and fix example_data path for autoconfd8c8ceab3tests - fix LinuxTest setup and init work on integrating examples with the new test systemc02d888b3examples - rename setup scripts for drupal9a9f9ebf3examples - fix linux-setup.sh for drupal6e381ee02tests - disable copying bw-data files for k8s and swarm tests0ee09d47dtests - force removing directories with AutoconfTestda2f6cb4ftests - force removing directories with DockerTestd1d2e51a3cleanup tests directory and init tests refactoring for drupalc14b08faaexamples - edit authelia configuration.yml file for Linux integration80fee58e4bunkernet - add default api server in jobs37690a7a4configs - enable default server if TEMP_NGINX is setb3fdd109alinux - fix wrong variables.env path when running jobs once193449512Merge branch 'dev' of github.com:bunkerity/bunkerweb into devf5ede7897examples - fix authelia variables.env767a7ab31Adjustements doc Ansible/Linux81b370366wait until Linux test container is initialized and fix variables.env for authelia44fbf0315authelia - extract tarball to tmp02db54ce0examples - follow redirect when downloading authelia for linux14d61854eadd sudo to linux dependencies and curl to linux test images6f35561fatests - fix cp and end_fun for LinuxTest2505bc015tests - add linux to authelia kindsb1df38374tests - temp enable docker410212b15tests - run docker cp in a shellf2ac7bca7tests - fix typo in LinuxTesta0948923etests - copy local files for Linux tests458ebe07ftests - dynamically find deb/rpm name2205043e7tests - fix LinuxTest.docker_exec()d370f1b05tests - add missing chmod import to LinuxTestbf6dd93aatests - replace rmdir with rmtree for LinuxTest773517311Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev850a8057cignore CVE-2022-30065 until we have a fixe6271ccd6Final proofreading FPMf0ddb8328docker - fix CVE-2022-30065 for autoconff260bcf23Small adjustementsfa319ec10tests - fix argv len check029406453tests - fix typo in LinuxTestf47ab0adctests - integrated LinuxTesteca010231FPM Linux/Ansible Doc4d61e96e4tests - LinuxTest on the roadc9c730346tests - fix linux.sh58a82ddcdtests - copy Linux packages to local directory8062d043ctests - fix Linux dockerfile path0a09f8a75fix CVE-2022-29458bb425bc36tests - init work on Linux testsaa729daebexamples - remove double $ from kubernetes authelia7edd55544fix k8s example for authelia and ignore error code when doing debug_fail for k8s tests0fd77a809examples - fix typo in kubernetes authelia720f36f47tests - init kubernetes refactoringea98b453dtests - use unique domains for swarm tests4bd0129e4tests - also edit root domain6e47b2991tests - add sleep in the end of SwarmTest.init()abc500a4dtests - fix domains for SwarmTest378047794examples - fix authelia swarm compose version4a5e50005fix typo in SwarmTest and fix authelia swarm example3b73c50c3tests - ignore docker stack ps return codeba6fddb56tests - init swarm refactoring9ecd2bd98examples - add missing network aliases to authelia autoconf7bbf77b7afix authelia autoconf example and debug fail before cleaning testsf02fe1ed9tests - remove only subdirectory on new tests and add cleanup when test failed0383cadd6tests - fix compose filename for autoconf testsaeba0ba72tests - add missing AutoconfTest object67608a463tests - add missing decode8b3b1291ctests - from replace/rename functions to class method1c5c81d2ctests - add missing importfa2d52d80tests - remove useless log and return boolean from Test.end68bf5ef85tests - remove wrong cleanup call424b37bectests - change permissions as root2780ee190tests - add debug_fail function07b0bb38ddocker - fix CVE-2022-29187 for ui and autoconfb47c2696edocker - fix CVE-2022-29187fdb8ca3catests - replace internal _log with logger.logeb59a9377tests - init refactoring for autoconf2e0542dbbtests - ignore case when performing test0a996bf12tests - replace match with search48a6ba632tests - fix rm command991ddb9ebtests - remove file as root1e1d7d7f1tests - replace variable typo in get requestebc94f515tests - add missing char when replacing Docker volumese4f6017d6tests - replace example domains with test domainsdfc5f2e79tests - export runner envc07f85a42Merge branch 'dev' of github.com:bunkerity/bunkerweb into devab57be657tests - fix missing copytree import and self parameter5f79aea4bfpm single/multiple docker&autoconfcc760a646tests - fix datetime import againdb2c35cb3tests - fix datetime import28f1b4f73tests - rename variablee1183a0d4fix tests.json for authelia and exit when test exception occurs16573a397tests - do not run as rootde8cee491tests - add missing imports56afbd457tests - run as root590ad46cdtests - fix missing chmod import and Test.init log call8d580bc16tests - fix missing Test importa91fc7307tests - fix indent and isfile import773a37d45Merge branch 'dev' of github.com:bunkerity/bunkerweb into devb64af8526tests - DockerTest on the road0d3e1e2a1Update the plugins docs85217b57cFix a typo in the plugin page in the docsba75154d0Add url_for function to custom plugins templatesc055ec7ecFix duplication in plugins2c4efe9d0Add Plugin Pages feature795dfc077Add static map files8b4b3f3b0ansible docs2e4758e94tests - DockerTest improvementc155227ectests - init work on refactoringdde185141tests - increase timeout for magentoe62523d1dlua - use pcall with mmdb functions658ab7504docs - add ansible diagram8d6397a6bMerge branch 'dev' of github.com:bunkerity/bunkerweb into devf5c86cc4eexamples - add cors example8760110fbMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into devcc4f0b26aQuickstart Ansible and integration7b769361acors - init work on core plugin for CORS97e607110linux - rename bunkerweb-ui.env to ui.envc3ee7929bdocs - change target of the web UI demo link to blank969a1e5d7Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev5bf59c85ddocs - replace web UI gif with YT video430f665cdMerge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev5be21f9bfAdding www folderafdd4de5afix regex checks with *_CUSTOM_CONF_* setting, add doc about DENY_STATUS_CODE5586b3733misc - add DENY_HTTP_STATUS setting (403 or 444)90e58f261fix ui.env path for Linux integration and add docs for autoconf with rootless dockera00607af2docs - add instructions for podmane880b7d59docs - add infos about Docker in rootless modefc925ccb1edit docs typo for UI and variable typo in autoconf571422131ui - fix CVE-2022-2097287e763e0autoconf - fix CVE-2022-209789f81140acontainer - fix CVE-2022-2097 (again)a5c98f709container - fix CVE-2022-2097429214727tests - fix data folder permissions (again)6b1c5a93etests - fix data folder permissionsfb85d1d2dautoconf - fix typo in variablefdcbc8d36custom conf - fix wrong path with multisite configsb2bb93bcfexamples - fix docker-configs again2b59086f6examples - fix docker-configse09d4901econtainers - fix regex for *^CUSTOM_CONF_*3594618e4examples - fix typo in docker-configs (again)e44311281examples - fix typo in docker-configs738e3b6e1containers - use python hack to get env var values from string5ac80a135containers - replace compgen command with a python hack because compgen -e do not display var with dots8f258486efix multiple CVE with curl/libcurl and add autoconf/docker CUSTOM_CONF configs examples2dc18a794autoconf - support both configs from files and autoconfe0a700506autoconf - init support of custom variables using labels385b7c413docs - add docs for custom config using labelse25babe3dcustom conf - dockera5457a164custom conf - init setting support0a1e8be71examples - add missing setup.sh for mattermost70c60f2a9tests - add mattermost and radarrf2dfb0172examples - edit mattermost and add radarr1a8eef2c8fix autoconf import for IngressController and init work on mattermost examplecb106a112autoconf - fix indent in IngressController492648eebautoconf - fix 410 exceptions (k8s)1425ad0b4docs - update settings listf7290b2c7v1.4.2 releasec0a8a356clinux - include bwcli in /usr/local/bin40007b086add slack to official plugins and init work on EXTERNAL_PLUGIN_URLS setting6478512e4scheduler - only send /data folder if apis are present7aa6852d3autoconf - fix missing scheduler in autoconf mode and missing apis list7bba81b16autoconf - fix wrong variable name for environment5cb61380dautoconf - add missing call to ConfigCaller constructorb2758cea7autoconf - init work on _get_static_services methoda18d77aeeautoconf - init work on static server configs as env var4a699ef6cfix missing local Linux images import in ci/cd, and fix bug related to jobs in Linux integration5690a58abfix IFS checking permissionse55928a37fix bwcli commands when using Linux integration0f2388b1ffix permissions check when file has space in the name2b43a9cbfMerge branch 'dev' of https://github.com/bunkerity/bunkerized-nginx into dev5ecf39ee0Fix web-ui example with X-Script-Namead091493cexamples - add various certbot-dns examplesa65606c36examples - add certbot-dns-ovhcd0d70b8fcache dev Linux images in ci/cd and disable site config generation for autoconf/swarm/k8se21a35017plugins - support log_default() hook, same as log() but for default serverc563731e8autoconf - fix overwrite configs file when using Docker autoconf3c417d2fflinux - fix fedora NGINX version in Dockerfile, fix missing arg when building DEB/RPM and force NGINX version DEB deps970082f92linux - force NGINX version in RPM deps4a2504c3breflect ci/cd changes to devfd0c7b1e5ci/cd - add automatic build for Linux images1e6d62ce7fix packagecloud yank name1a4e21481docs - edit supported architectures for prebuilt Docker imagesbcaca6f03v1.4.1 release424214fd5add changelog and add missing s in authentik url82b42d5b9Merge pull request #259 from Brawdunoir/masterdb4e2cf26update linux docs, minor fix in ingress example and update default value for bunkernet job0ef82619btemp disable automatic tests for authentik and test automatic arm build on dedicated hardwaref2655e331remove arm build again, fix proxy_*_timeout directives and add authelia exampled51ae1c1bRemove USE_ before authbasic plugin settingscd0438b8csupport REVERSE_PROXY_*_TIMEOUT settings, remove useless push in CI/CD and try to build arm on GH runnersf9a042526add docs about compiling BW from source on Linux, add docs about packages pinning on Linux and fix regex for REVERSE_PROXY_AUTH_REQUEST and REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL15ac64b05let's encrypt - fix bug when AUTOCONF_MODE=yese0f8895e9init support for auth_request and add authentik examplee85229835don't send local IP to BunkerNet on default server, fix certbot new when MULTISITE=no and fix unknown reason in get_reason972a284efdocker - drop support for prebuilt arm images5258d8e58docs - edit linux install procedureacb4bea97reflect CI/CD changes for master pushes42067e864GHA - temp disable armv7 build until we have a fix for cryptography dependency217bddabfGHA - different caches for armv7 and armv8 imagesc5fba1367fix GHA typos1b21f9eacfix UI tag in GHA jobs389e05094fix links in docs and change cache location for GHA jobs05a89c303fix registry URL in GHA jobsa0ed8a27eadd debug flag to GHA buildx stepsd0ac5e305update GHA actions versionb16f8f11aupdate GHA actions versiona23ed06e6fix typo in GHA jobs6b9be078brefactoring of GHA jobs8e198ed82linux - fix documentation link in systemd unit filesc3b527afeactions - fix RPMs path972e5471dactions - fix linux deb/rpm generationb246c6d7efix wrong branch name in actions and image name for linux testsb78fd5542fix freetype CVE945241339actions - rename main branch to master1af2264fatemp stop push to private repo6f28708c1docs - add missing settinga9f886804bunkerweb 1.4.03a078326cMerge pull request #199 from Myzel394/patch-1d43b82b75remote API - only do action if 4033850cacb9prepare for v1.3.2c00c7f46alua - verify certs when doing HTTPS requests163af4a49prepare for v1.3.298e85eb99docs - update security tuning sections : distributed blacklist and request limit2e63bb025docs - reflect kubernetes/swarm changes into the doc6546a0edbdisable country ban if IP is local, update default values of PERMISSIONS_POLICY and FEATURE_POLICY, upgrade archlinux packages before testingab0038174ui - fix ROOT_FOLDER bug in serve-files.conf9f7097de0request limit - fix some LUA code24d6337a5limit req - multiple url supportbfb5319c1limit req - add burst and delay parameters4c77a1482use annotations as env var in Ingress definition, fix cidr parsing for reserved ips, fix missing empty when job is external, fix ping check for remote api and init work hour/day support for request limit4e45fa387integrations - acme without shared folder when using k8s/swarma9a26b82dfixed typo00d91dcaajobs - move certbot hooks to python650ad7ea4integrations - fix missing acme folder when using Swarm or Kubernetes7045c0c2bjobs - fix encoding error on CentOSf0f432487remote API - ban IP from distributed DBfdc02be05remote API - basic send of bad IPsfb799765ajobs - fix str/bytes helld53f02b5bapi - client side (untested)7b9722facjobs - add remote API31ed4ff83centos - update ca-certificates in install scriptbc5f3ee88fix CVEs and add init to Debian test imagea6b21aae8fix typo in settings.json, bump Debian to bullseyes, init support of Arch Linux64aa9c253init work remote API5d94cc8f4docs - init changes about storagelesse7ee21cbbantibot - fix path for templates and dataa0f8cbdacantibot - fix LUA typo in recaptcha mode178d7a684Merge pull request #182 from Nakinox/patch-2ca81535bbswarm/k8s - less storage, more API062fa3e78integration - continue work on storageless config for k8s and swarm95f2d2af9Update docker-compose.ymle55dff812api - init work on storageless configurationf0f1c79d4v1.3.1 release3d2f5e238conf - add REVERSE_PROXY_KEEPALIVEb079c99fbMerge branch 'patch-15' of github.com:thelittlefireman/bunkerized-nginx into keepalive2e403c6ebconfig - add CUSTOM_HEADERf75a05584config - add REVERSE_PROXY_BUFFERING148edf681tests - add github token to trivy scannera19d8aa04Merge pull request #180 from vepito/vepito-patch-1480cff86bMerge pull request #179 from thelittlefireman/patch-1635df3423dmissing blank line29f4069deswitch the use cases72e438459Fix typo related to non-HTTP configurationa4a264773jobs - fix docker reload and only do cron jobs when necessary892e53369Missmatch in docs with modsec foldera05614160deps - use ModSecurity v3.0.4 instead of v3.0.5 to avoid memory leak0772a9ba8docs - edit badge version33e0ffd5bMerge branch 'master' into dev4cb3e089elinux - git SHA1 commit in install.sh8808f161cdocs - dev to master links and VERSION upgrade1c60ec980tests - fix volume wait with linux testsb13ff3456add REDIRECT_TO_REQUEST_URI variable and edit environment variables docs58f2926e9docs - various examples fixes9de628f3eMissing proxy_set_header for keep alive6cc1abc89Allow keep alive connection when ws is offa824e1568linux - rename cronfd52bb7c8linux - fix cron jobs0938b20ebUI - use sudo for Linux integrationb948e08bdUI - use systemctl on Linuxfde14d162linux - fix unknown scheme error and do nginx reload as root in UI8a4eb3f2aremove .site files (gen), uninstall remove folder at the end (linux) and run jobs when reloading local instances (UI)2a0b84074ui - fix bug when Docker is used but Swarm is disabled, add jobs from API /reload and fix docker-compose docaec22d1a8ui - edit docs and fix CSRF028fc61b4docs - add dns_resolvers and permissions to Linuxa903960b4docs - fix missing subfolder in Linux quickstart guidea28f06f08linux - run temp nginx to solve let's encrypt challenges6c8bc6b34tests - fix Linux systemd bug when writing to /tmp folder2b3b4a5c3linux - systemd support57e4247ealinux - systemd unit filef9d4e9089docs - edit k8s php service port and append suffix to hosts4f024ec56docs - add DNS_RESOLVERS for k8s integrationbc46fc3d4append suffix to ingress hosts0be1da18aremove old conf before generation, dynamic DNS for PHP and reverse proxy and swarm fixes in quickstart guide3cedc0ae1quickstart guide fixesf1d5c07ccautoconf - various kubernetes fixesc9a6b6c27autoconf - fixed infinite lockb199464a7various bug fixes related to Swarm integration4a9d64d9dadd favicon to web UI and fix some tech docs31536a3felinux - reload as root7b47c7304examples - minor fixes in architecture images83e7ce9cdexamples - polishing before next release0ad5159a3docs - add changelog for next version6240d8e28ui - read variables.env when Linux is used2f80f64dddocs - last polishe98da9b63docs polishing and fix install.sh gpg --verifyd9f770696docs - web UI75f299978docs - special foldersef34b2cecdocs quickstart / multisite9b9110214docs - quickstart guide / php9e2a8070edocs - quickstart guide / reverse proxy733136ac1docs - init quickstartfa172ce5adocs - linux integrationf6a9184aedocs - k8s integrationd37dc2b62docs - swarm integrationf7c115edfdocs - add autoconf doc to Docker sectiondfbb09136docs - init integrations/Docker8e4a65fecfix global.env generation and add web UI gif to README0573ba7b5ui - centering things without breaking sticky navbar and menubcd421de0ui - various bug fixes more or less related to UI2ec28c79cdocs - fix README tocfec60a4b1ui - minor styling fixesdd7d1a2c7ui - fix example, subpath behind reverse proxy and add socket proxy rights for swarm0c1883472docs - edit kubernetes overview image and add configuration section on the readme4e6eab794docs - fix wrong swarm imageb23135b66docs - add docker and kubernetes imagesace9be397docs - add autoconf and swarm images8958e5107docs - add overview imageb2cfc15c2security - add security policy94bef079aexamples - add architecture images50266c228examples - add the last missing README.md stubs22e2fe869examples improvement - added some README.md stubs55186bbefexamples improvement - hardened, joomla, kubernetes, load-balancer and moodled8286ced7examples improvement - certbot cloudflare and wildcard, clamav, crowdsec, ghost and gogs44de2253dexamples improvement - traefik alternative, autoconf reverse proxy and basic website6d73fbdedexamples - update authelia and autoconf-phpb6809266aautoconf - let's encrypt support for ingress controller4e178b474autoconf - basic ingress controller support for kubernetes021147f9dautoconf - fix wait and redis5a26d06c8autoconf - fix infinite lock and honor DOCKER_HOST env varbc01427deignore CVE-2021-36159 and redirect job logs as root when using autoconf652614f41autoconf - use DNS for Swarm instances discovery24d9cce82autoconf - various bug fixes in Swarm modef866ef632autoconf - minor fixes, prepare Swarm testing1a32e7c02autoconf - various bug fixes with DockerController7180378d0autoconf - init Config refactoring6e66571fbvarious cleaningf44e41cedjobs - lock and reload management26db144dfautoconf refactoring and fix CVE-2021-36159a68ad53c3autoconf - controller classes01bba1d3fautoconf - init refactoring before k8s integration059707443k8s - init work on parsing ingress rules, helpers to setup on k8s, basic examplesbc3c17a2fexamples - init k8s example556836b49autoconf - init annotations parser for k8s22612f175minor edit on Linux tests and init work on k8s API50c279617jobs - improved log and reload managementef8969e2ccertbot - add USE_LETS_ENCRYPT_STAGING=yes/no env var for using staging or production servers of let's encrypt0dc2a5ec2edit visibility of Job members and integration of a generic checker for nginx9a207dfdcfix missing import in generator, expand networks to ips in jobs and init work on a generic checker with shared dict and redis supporta60fbbb5bhotfix - fix CVE-2021-33560a1b9010d9pull v1.2.8 fixes when applicable3178545c2v1.2.8 release36b8760d4resolve bugs on the stable version8bb6676f5settings - fix PHP_* again4234f82c0settings - edit EMAIL_LETS_ENCRYPT regexb99fb27dffix missing parameter when calling reload in autoconf and edit REMOTE_PHP_PATH regex876fcd181conf - add WORKER_PROCESSES26dc79615jobs - fix line edit280d18986jobs - avoid reload when not necessary5f845680fjobs - edit referrers and user-agents data and init work on autoconf integrationd12369c90jobs - various bugs fixed and old files removed366e39f59jobs - SelfSignedCert, runner and reloader71741b2d3jobs - cache management2fca4cd01jobs - logging and error managementfccf14627jobs - python stubsb3684efafjobs - init work on refactoring82548378acrowdsec - move as external pluginb926b0db6examples - use example.com instead of website.com6713f56eclinux - fix centos install2b923c05ccompile and install LUA 5.1.5 to /opt/bunkerized-nginx/deps and introduced REDIRECT_TO feature71cf3cf5cuse local sources when building Docker image, add LOCAL_PHP and LOCAL_PHP_REMOTE to settings.json and fix pip bug related to removed working directory8e3dbf1c7fixed some fedora bugs, support LOCAL_PHP and LOCAL_PHP_PATH and sample variables.env49ada6a8clinux - init work on fedora support947e86f7clinux - uninstall scripta12561a85remove useless nginx-keys folder and add lua_package_cpath to http conf6b19bd026deps - add cjson LUA files to deps folder6738b28b9deps - move dependencies to dedicated /opt/bunkerized-nginx/deps folder to avoid messing with the system010c0fd6drename gen/requirements.py to requirements.txt, add git/bash to Docker deps and fix typos in READMEecf30a71fdeps - init work on single install scriptffc4fc950deps - manual compile/install of libmaxmind and upgrade lua-resty-coreb9955699bMerge pull request #152 from thelittlefireman/patch-11860fd1aceUpgrade despseb5d13fb8Upgrade lua-nginx module to 0.10.20ca41987cdUpgrade corerules to 3.3.0 & modsecurity to 3.0.53af1b397fUI - digging bugs from services, still some work to do72a09eac6UI - add CSRF protection0d3f7d392UI - admin authentication and bootstrap update6be082e0aUI - init work on admin account4947796c9UI - fix instances bugsba197dfa4UI - bind gunicorn to 127.0.0.1/0.0.0.0:50004dd1ff847UI - copy from helpers, systemd service and instances page updatef771ec43fui - init Instances class to support Linux and API for Docker/Swarme241b0c93logs - move everything from /var/log to /var/log/nginxd03a1a6e3linux - add jobs.log2c9c9fb62linux - run master process as rootdeb28c599autoconf - fix folders2ea7331dajobs - disable post-jobs when SWARM_MODE=yes on SIGHUP92ee40819whitelist - fix /.well-known/acme-challenge whitelist for let's encrypt2ccfb26e8docker - fix CVE-2021-3356070f9f8417templates - add missing new line when necessaryc4aef1d60authelia - choose portal or auth basic modea385183d8authelia - various fixescec47f3a7body injection feature and add authelia to documentationc894c8370authelia - add variables to settings.jsonf73b088f7authelia - initial work130c6752dMerge pull request #148 from aFresquetIntech/devf97ea6785Create .env850429986Correction4a8da40cfreverse-proxy-zammad0114c7b09examples - edit basic PHPbebe89afblinux - edit path for default errors, ignore comments in variables.env, install/prepare certbotb2cceb608linux - fix centos37f5e4ed7linux - fixed debian/ubuntu but still some work needed on centos98568a57clinux - fix /var/log and typo in daemon directive499192287linux - fix daemon directive and rights on /etc/nginxbcb8acc36linux - add RX permissions to /opta9279053alinux - add executable right to gen/main.py60057a17elinux - fix tests docker cp and pass single -c argument to sud0366fcc0linux - started work on bunkerized-nginx commandb448d91caactions - fix centos test and docker image name when pushinge309ce6fddocker - fix permissions on /opt37090dc66actions - fix manifest error with buildx and load6bb6facd8add load: true when autobuilding images and move from /bin/sh to /bin/basha1fcbd4b8fix actions and configure09a2a4f9egithub actions refactoring1e02368e8linux/docker - common /opt/bunkerized-nginx folderbbb5134a3fix configure arguments and CRS includeb0f93fb84fix Dockerfile againc892f037dfix Dockerfile731c0f61dlinux - init work on installer93543d396Linux - use the same dependencies script for Docker5ec9e6ab4linux - CentOS 7 installcc0d0af8dlinux - ubuntu installer43d2097d1linux - nginx install on Debianf880e5e2alinux - continued work on install helpers for Debian9636013f5linux - started work on installer15bdb076chotfix - fix docs get_git_branchd62c4f466v1.2.7 releasead52ef326autoconf - prevent race condition by checking health state3bd3b6fd7Merge pull request #145 from thelittlefireman/patch-10e41acc20cUpgrade ModSecurity-nginx to v1.0.23c721dc2aadd HEALTHCHECK to Dockerfile and append 10.0.0.0/8 to DNSBL whitelist491d879fejobs - cleaning the mess when using autoconf without swarm mode52534510efix bug when AUTO_LETS_ENCRYPT=yes and certbot can't resolve challenges2c7337576jobs - fix syntax error9e4961ccbdocs - rename sitemap to bypass rtd rewrite01857d8acgen - display the reason when ignoring a variableab9f9e0a4jobs - fix jobs when MULTISITE=yes29dc64ca3actions - add Docker cache to speedup auto build on the dev branchb5cd4e037docker - build and push images from GitHub actions because of future DockerHub restrictions on autobuild16101144cself-signed cert - fix bugs95510e6e1settings - add underscore to CUSTOM_HTTPS_CERT/KEY regexdd5890e76geoip - fix bug when using GeoIPc3a437fa8docs - rename the sitemap to avoid conflicts ?518ddd323docs - custom robots.txt177a82ee6docs - automated sitemap.yml39db7b368v1.2.6 release9442e5914jobs - fix jobs in Swarm modefcc6b3b5evarious bug fixes related to Swarm678ad70b0docs, various fixes and certbot-cloudflare examplee8f5db0b2docs - add plugins system8295f6aebplugins - clamav example388fc1a0eplugins - started basic plugin system62217a321add contributing guidelines and license53e433b1areadme - replace some badgesf640157b1Merge pull request #138 from bunkerity/feature-request-templated646f3e5bUpdate issue templates4b31d005ecrowdsec and generator fixesd2135c19cdocs - road to v1.2.68cda1baf7fix web ui multiple variables and add default error pages445032406dnsbl - disable checks when IP is local74fb01536web UI - init work on using docker-socket-proxyee178de6aweb ui - mostly finished templating integration (needs some testing)7323525b6ui - show only multisite vars for settings82e47f147ui - Dockerfile fixes and missing get_config function2db967ad1templating - road to web ui1d96620aetemplating - init integration into web ui99c259bf1templating - prepare integration into uic7b81cfc1various bug fixes related to HTTPSdfce0c06dautoconf - fixing various bug when SWARM_MODE=yes0f8e56a66templating - fixing bugs with autoconff950abdc2templating - started integration into autoconf4a73ae819various bug fixes on templates and nginx update to 1.20.1e2f02ee91templating - prepare integration for autoconfa991b262eremove ClamAV because of GPL and started work on read-only filesystema8bc17e83templating - started integration into docker imageec19f9308templating - added missing features in site templates23aa05300templating - auth basic support289ad106ctemplating - multisite supportbbc5bbc9etemplating - fix some site templates633a07686templating - init work on site templates996c45df4templating - init work on global templates801530baftemplating - road to full jinja2 templatesc65dda391templating - init work on templating with jinja2ea891969ctemplating - updated settings.json with global settings698ae17c4templating - init work on generic settings management664563284antibot - basic pow with javascript16e5ede13antibot - custom templates8260746felogs/lua - add logger toolde560490dfix LUA array variables and add LOG_LEVEL to the troubleshooting section96db3a450log - add LOG_LEVEL variable73543f4b0hardening - add no-new-privilegesd9bb97be5lua - move global vars from lua to site config (untested)863283d09started work on moving variables from .lua to nginx600484b16crowdsec - fix bugs and update example7c6a13c54examples - improve nextcloud example so it works with webdav clientsb3bb4ec40remove unnecessary dependencies and update doc about certificate bundle69f465720examples - fix typo BAD_BEHAVIOR_STATUS_CODESd02985d21check permissions for missing volumes and add comment about permissions on examplesb0ca85ff7v1.2.5 - performance improvement2f115c444Merge pull request #131 from bunkerity/issue-templates7f15741eaUpdate issue templates288b8eb85docs improvement + road to v1.2.561c08fb97docs - troubleshooting01ef47a66docs - security tuning improvement71515a910doc - volumes lista33d0658cdocs - road to a beautiful documentation0b3ff6a9fbad behavior - move from fail2ban to pure luaeb2d0d330performance - rsyslog and fail2ban removing5bcbb3863doc - official document startedca660b250init work on official doc3a34436cdadd AquaeAtrae example for ROOT_SITE_SUBFOLDERb1d03cd11performance - move bad user-agents and referrers checks from nginx to LUA with caching42c3fb874add sandbox allow-downloads to the default value of CONTENT_SECURITY_POLICYf1c043604add missing backslash in the quickstart guide and update autoconf examples with the depends_on directivefd61df205performance - move external blacklists checks from nginx to LUA009d6fb5achoose connection and nofile numbers, increase error_log level to get modsecurity rules, add MODSECURITY_SEC_AUDIT_ENGINE varba4185a42jobs - fix automatic reload70976d0fbfix user-agent not blocking and add documentation on bundle when USE_CUSTOM_HTTPS=yes062a39c63integrate AquaeAtrae work - add ROOT_SITE_SUBFOLDER83841b290jobs - edit adren work on external blacklists10dc58cb6Merge pull request #126 from adren/patch-6668754686Merge pull request #125 from adren/patch-584b1933f6Merge pull request #124 from adren/patch-415f6d0a32Merge pull request #123 from adren/patch-3e628361a8Merge pull request #122 from adren/patch-1f8d71e067improved way to generate user-agent file02ae3b6bdchange IFS before subshell2fb0e7c47deduplicate list of user-agents9adcc2f1amore optimized way to generate map referrer file7b98db4d1improve the generation of blocking file (abusers)ddb2b8591improve generation of block file (Tor exit nodes)da1a460a6huge improvement to generate blocking file07be62684hotfix - fix API in autoconf swarm mode3bb164395hotfix - move API_WHITELIST_IP edit to lua.shbc2568a17v1.2.4 - nginx 1.20.0 support5ec74880dupdate README for v1.2.4f84fd7c9afix permissions issues for autoconf and fix volume for ghost example6521d7a27fix client cache so it works in combination with reverse proxy and examples update813607fbcimprove crowdsec example and disable modsec logging when not necessary843644f80log - replace some WARN tags from LUA logs with NOTICE to avoid confusion19fa0eb25log - print modsec_audit.log to make debugging easierb4df28722log - send logs to remote syslog server5ce41edc0api - whitelist IP/network for APIa3cfb50b4example - fix certbot wildcard25494acacexample - wildcard certificate with certbota98dae1fbfix CVE-2021-20205 and examples update1a7abab57nginx 1.20.0 support42b7a57f0fix autoconf bug when removing config with multiple server name and increase default LIMIT_CONN_MAX for average website with HTTP202f9fbe5fautoconf - fix certbot bug when multiple server_name for one service69fe06677autoconf - fix bug when multiple server_name for one service74417abc9fixing bugs - run as GID 101 instead of 0, different permissions checks in swarm mode and disable including server confs in swarm modeba7524a41fixed LUA bugb55aafb99finding the LUA bugdeeb7a76aMerge pull request #117 from thelittlefireman/patch-9ee8aaa4e7fix lua crash 2605d59a45Fix lua mistakeb85c991b6bug fixes - /usr/local/lib/lua rights and syntax error in site-config0d3658adfREVERSE_PROXY_HEADERS - use proxy_set_header instead of more_set_headers0b22209c9documentation - userns remap featuree44a1f3e1added the uri to limit_req_zone key to limit bruteforce attack on a specific resource instead of the whole serviceaa614f82fprint error when permissions are wrong on common volumesc03d410b0refactored whitelisting of user-agentse190167bfCIDR support with whitelist/blacklist IP31e72dce1fix /usr/local/lib/lua rights and multiple server_name support with autoconfb8105fc55feature - whitelist URIe73c10fd8crowdsec - fix permissions on /usr/local/lib/lua and on /var/log filesa122a259cminor fix on AutoConf logs and auto disable etag with reverse proxy7c4894d3bautoconf - fix remove event, generate config from nginx vars, more logs533c2a103fix sed script when writing site env5611d544dremove reference to USE_PHP397182f18add link to twitter accountc5c5fb17bv1.2.3 - swarm support017a7780fREADME update, default cron update and new parameters to ui34d9db7a8web ui - bug fixes361c66ca6fixed bugs with MULTISITE variables and swarm exampleafc667885road to v1.2.3 - fixing bugsc40fb3317road to swarm - automatic reload after jobs93ad3c0b5road to swarm - let's encrypt fixceed90488road to swarm - still some mess to fixb8027d2baMerge pull request #102 from thelittlefireman/proxy_custom_headers8d03a14a6Merge pull request #103 from thelittlefireman/fix_truncated_3d16f4517aEnhancement add custom proxy headers #9789ca91b3fFix truncated variables (last commit)6a714e2ecroad to swarm - fix race condition on initial configuration0d3da0353prepare /www directory, fix log socket path and whitelist acme challenges path33163f65binit work on disabling root processesa2543384croad to swarm - add openssl to autoconf, fix api_uri in LUA, fix file rights3591715f2road to swarm - fixing things95f7ca5b2road to swarm support - needs a lot of testing816fa47cbintroducing SWARM_MODE env var7756c2df3Merge pull request #98 from mromanelli9/fix/readme7509ec2f2basic API to be used in swarm mode6e93575e1remove ALLOWALL from X_FRAME_OPTIONS optionsba4c97755remove old anchor781e4c8cbautoconf little work on swarm supporte04c783d1autoconf - init work on swarm modee12b656bdMerge branch 'patch-7' of https://github.com/thelittlefireman/bunkerized-nginx into devcae05447dcustom crontab values4b58e2265Merge branch 'patch-5' of https://github.com/thelittlefireman/bunkerized-nginx into dev6b56e21a0Merge branch 'whitelist_ua' of https://github.com/thelittlefireman/bunkerized-nginx into dev544a09e8dUpdate lua-cs-bouncer8386dd4a2custom config outside server blockf052a2516Merge branch 'pre_server_confs' of https://github.com/thelittlefireman/bunkerized-nginx into dev43750f553Merge pull request #73 from thelittlefireman/patch-49142afdb5Merge pull request #72 from thelittlefireman/patch-366c4fed79Fix env variable with space are truncated 2f41846e9dFix env variable with space are truncated92cc705b9Reduce memory usage : set cron tasks at different hours.47fb3a05bUpgrade crowdsecurity/lua-cs-bouncer5940f402cimprove default tls securityd9ca275d5Add before `server {}` config.8353bd9c8Allow to add a whitelist by site on user-agentd902e2f29Add last missing reverse proxy header1a8b8043cAdd LIMIT_CONN var to server.conf65120a7e9Add USE_CONN_LIMIT info to Readme.mdb093a4755Add default values for LIMIT_CONN73dbf03c9add USE_LIMIT_CONN zone to global config6ee746236Add USE_LIMIT_CONN to site-configfa935eb6eedit nginx.conf to add limit_conncf231e13cAdd limit-conn.confd5d699252v1.2.2 - web UI (beta)50f95420bREADME update - road to v1.2.2dc382c3e0various fixes - autoconf process order, multisite config and examples0026328f2edit default FAIL2BAN_IGNOREIP subnets9023ab5aeMerge pull request #67 from thelittlefireman/patch-2124474ad6Edit README.md to add FAIL2BAN_IGNOREIPeac9c8f51Prepare FAIL2BAN_IGNOREIP to avoid self blocking1ee490de6Prepare FAIL2BAN_IGNOREIP to avoid self blocking825e6a747crowdsec v1 integrated09a984c86started crowdsec v1 integrationfd7afa17bfix missing ';' in includeb9b7fdfccMerge pull request #63 from thelittlefireman/patch-158e1d66bcUI - minor alert css fix7026643f8UI - fix missing MULTISITE env var when managing services06f688fe9fixed stop and reload operationsc65b78b1cUI - instances/services backend update (needs testing)f9b9b9546UI - introduced multiple config parameters (like reverse proxy) in frontendb5fe6335cUI - instances backend started951f3957fUI - default service values0f520b891UI - services backend started569ad75c4UI - config.json refactoringbd7b6af66UI - load config template from json459bb8ea1UI services modals and default CSP update (fix new tab links)208b5acb3UI - minor services list improvement59b2fed41UI - basic services lista4871a915Add missing proxy headers026783f01Fix missing reverse proxy headers811585345Fix missing proxy headers on site-config.shc5f283b00UI - minor front update03ce7a648fix modsec double inclusion when MULTISITE=yes3f7e2c54bJOBS - fixed some job script and right temp nginx reloadbb0f46d8aJOBS - fix job_logc5b32dfc4fix CVE-2020-1971 again9a4f96ad1fix CVE-2020-1971f258426f5JOBS - fallback to old conf in case reload failed119e96361JOBS - be more verbose about jobs failure/success373988670Merge pull request #54 from thelittlefireman/patch-42a956f2cdFix #5215a37a868UI - minor UI improvement3a3d52790UI - basic read fixese6b5f460cUI - basic read from docker API002e3ed2bsecurity tests for autoconf and ui7b55acbe8web UI example and CVE-2020-8231 fix again559b7835dui - automated build4ea01bd93print some logs when blocking botsa73891a3bfix CVE-2020-823126199f52cremove additional / in modsecurity include5c3f94a84edit reverse proxy var name in README043fcdc13autoconf - automated buildb86ded3d1autoconf - multi arch Dockerfile92569679bdynamic reload of nginx by sending SIGHUP15e74e486more work on standalone autoconffd0a6412dinit work on standalone autoconf419fdfc86fix auth basic when MULTISITE=yes0bc1f652bv1.2.1 - autoconf feature (beta)6c7461e29integrate thelittlefireman workd01bc5e01Merge branch 'patch-1' of https://github.com/thelittlefireman/bunkerized-nginx into dev75c69c810last fixes before next release ?e26b8482aAdd missing EMAIL_LETS_ENCRYPT parameterf618c73e6road to v1.2.178c1e5c67examples - same domains for internal tests481e10d3ereverse proxy - websocket exampleaae2a7198autoconf - php examplef3bf04e39dirty fix to disable default server when MULTISITE=yes36cbb927cautoconf - various fixes95153dbc5moved UA, referrer and country check after whitelist and blacklist check26947179amoved UA and referrer check to LUA88f27bfebautoconf - reverse proxy example and pass default vars3cc1615c4fix user-agent script8bacf722aMerge branch 'fix/variable-naming' of https://github.com/mromanelli9/bunkerized-nginx into dev2bfc4b41ffirst work on automatic configuration587d4a92eincorrect variable namingc311d0c82add crawler-detecter bad UA0d03f49ebwebsocket support with reverse proxy2112c306acustom log format8f9dcc5ablast fix ?2fe05d3fdfixing scripts again and againdb04c0345fix referrers agained8bd902bfix referrers script3a7aa5d9cblock bad referrers9ec9de6camultiple lets encrypt certificates when MULTISITE=yes791342cbefix LUA DNS code when answers is nil2f23671c3fail2ban fix when MULTISITE=yese350a717ffix default DNS_RESOLVERSe818acb0dprestashop exampleb92f74ed9dirty fix for CVE-2020-289289688e6650check all vulnerabilities with trivy700dfc018v1.2.0 release42e4298b5readme update - v1.2.0 changes813b42cfaphp and nextcloud examples fix58fcf0a72added Permissions-Policy header587918380custom headers to remove203259688automatic trivy scaneaf817d57php config and examples fixesdd7768c85whitelist/blacklist country at LUA level to avoid SEO issuesfe1d724c9country whitelist/blacklist0635eb368various bug fixesfbf81c94bcached blacklists dataed451877aexamples update and multiple REVERSE_PROXY_* on single site0f18e9c55reverse proxy support via env vars8f7cb5318proxy caching support60fbbc101move some http directives to server0f0593456various fixes8cdc155acmultisite examples and certbot renew fix1abe1da89brotli supportf18c054b4gzip support4dea1975eclient cachingc2b05c463fix BLOCK_COUNTRY bug and add support for ModSecurity custom confs when multisite=yes2da51d92amultisite - bug fixesbd7997497autotest through github actionse89e34a84auto test fixff02878ddauto test setup44b016be9road to multi server block support36c4f3e06v1.1.2 - CrowdSec integration and custom ports798f6c726examples - nextcloud fix and tomcat761c14a0bcustom HTTP and HTTPS ports4a07eca69crowdsec integratione1274a608passbolt example3ec81cd84Fix broken line in README95752ff0cv1.1.1 - TLS 1.2 support8623510f8https fix95a76b11fpeterkimzz integration and dhparamb0e4740a7[New Features] - Added "HTTPS_PROTOCOLS" environment value to enable to customize TLS version. default value is "TLSv1.3". (because TLSv1.2 sometimes needed) - READMD.mde84360857README update - v1.1.02f6866789logrotate copytruncate1d63838eeexamples - fix port numbere4bdd4af5examples - nextcloud fix and moodle2c33463afrenamed logrotate script9ff210bedwordpress and nextcloud examples0b7301886install CRS by tag in compile.she1356e3eblogrotate.conf update and some cleanup34a0da444logging fix again022a653ebdisplay fail2ban.log and logging bug fix4c11a9125automatic docker tags with VERSION88b52478cautomatic Secure flag on cookiesce82e22dbremove integrated PHP397415211antibot - check IP with sessions and recaptcha68d798855tor hidden service example16eab0f63README update6a22f7711load balancer example222426854Merge pull request #13 from FacundoAcevedo/patch-1d63c57985Fix typo in the link in the TOCe19a7c693run master nginx process as non-root user7a8795883dockerfile fix - compile01095bd72gpg fix and secure git clone0e6729c62check GPG signature of nginx sources040b6a223Merge branch 'patch-1' of https://github.com/fabianmoronzirfas/bunkerized-nginx into dev5f62120e4fix(typo): add missing »find«e8503b9ccARM build fix676571e4ause nginx:stable-alpine as base image34254a09eexamples and DNS_RESOLVERS fix81cff3648readme updatee166b1feaawesome gif resizedf08bba8ccawesome gifccf439228session secret fixc1d44387bbasic antibot feature through recaptcha v3135126e3freadme fixac251b0f6Merge branch 'master' of https://github.com/ZILosoft/bunkerized-nginx into devac242c977Update README.md2909b7989basic antibot feature through captcha446ee3761basic antibot using javascript6e1c43c4cbasic antibot feature through cookie652d8ac97fixed typo in manifestde1952b5fREADME - toc update and title fix16a458db2README improvementf27d80e0dvarious fixes and lua loggingfc3d911ffimproved blacklist/whitelist/dnsbl with luaef7d842ffarm64v8 auto build and master manifest0e5704983manifest for automated buildsaaef37007improved logging with rsyslog6e3c2ddccintegrated ajarmoszuk work919b418d5Added the ability to self generate SSL certificatesfb1a0182eAdded the ability to see Real IPs if Nginx is running under another proxy (such as Traefik).2e0a8307di386 fix again181003efei386 fixfca7bb075automatic builds764038d40README updatef4c43a214block proxies and abusers3a9afa47bMerge pull request #5 from ajarmoszuk/patch-12c12df3b9update default req_limit values2f967a9f4Update entrypoint.sheba5f6280req limit44155b5d6dnsbl ipairs fix829c1c697some fixes and README updatef3721a50dsitewide auth basicb56e4e765dnsbl feature1654e913alua support3e5ca583cremote PHP-FPM supportbcd17dbeaautomatic geoip update14ec9f3e6logrotate and compile fixes5b5e6e33aawesome logo1aa1dcf50logrotate supportf30a06d94syslog integration and fail2ban improvementcd19841ecreadme - details about modsec include order94b29a6cafixed some include ordersbf605ce59custom root folder and little fixesb14b09ad5default CSP update4f5e5f013readme improve76bd069f2php POST max size and custom HTTPS cert1d6ab7275http basic auth fix472ec31cdreadme fixcaa415e12http basic auth8561d47becreate a customized image4bede275ffix typoefcf93710inspectFile fixccaaa8b57readme fixb83111ad1realip, minor fixes and READMEa2be2e8aeimproved README : format, modsec, fail2ban and clamav48a0036d2updated readmebf0bef289clamav support193070b14fail2ban support716e54e59custom http/server confs and better modsec customization43403f69edisable default server69ac95b29block country and various fixesecf2de8b7multiple let's encrypt domains8427564f4user-agents escape fixc56bde4f0fix certbot-renew.sh syntax834afa132http to https redirectd5f8c7647custom modules and write access5bcdb0219f**k markup ?3233f3b76fix readme62eda8173improved README09e6b50e5custom conf5d16f6a8ffix README1b5f6deb2cookie flags and maxmind updateea1dbc617updated readme0b703ea55content security policy1e642e2f1initial readmee90060ce6initial work70f849fbbInitial commit REVERT: 93a7e0e56 Bumped version to 1.8.0 REVERT: e0975fd14 Set release date REVERT: 1f4cde07d Merge pull request #326 from maxmind/dependabot/github_actions/actions/checkout-4 REVERT: ad756cc3c Merge pull request #327 from maxmind/dependabot/github_actions/github/codeql-action-2 REVERT: 6d3099567 Bump github/codeql-action from 1 to 2 REVERT: 22a974b47 Bump actions/checkout from 2 to 4 REVERT: 23c0354e8 Merge pull request #325 from maxmind/greg/windows-cleanup REVERT: 3412437a7 Get PRs for updating our GitHub Actions REVERT: 258c08cea Reduce number of warnings on Windows REVERT: 5c22ca1ec Only use clang pragmas on clang REVERT: 9517c8930 Stop defining PACKAGE_VERSION in public header on Windows REVERT: 3cee53ebc Remove Visual Studio 12 project files REVERT: 80bfed71e Merge pull request #324 from maxmind/horgh/static-analysis REVERT: b85913962 Rewrite a couple yoda style conditions REVERT: e71488685 Stop using assert() outside test code REVERT: 30853b1ab Check return value of record_info_for_database() REVERT: 83758e5c5 Merge pull request #320 from maxmind/horgh/posix REVERT: 5771620f1 Bump copyright year in more spots REVERT: 3081198cc Mention POSIX requirement in docs REVERT: 5b22e0f7b Set feature test macro for tests in one spot REVERT: e2c8463af Do not set feature test macro in public header REVERT: 0c4d8295f Bump copyright year REVERT: 876e68ca2 Merge pull request #310 from maxmind/greg/fix-cmake-package-version REVERT: 3f5e11273 Make PACKAGE_VERSION a private compile definition REVERT: da14286d2 Only set PACKAGE_VERSION on WIN32 if not set REVERT: 761207062 Merge pull request #306 from maxmind/greg/v1.7.1 REVERT: ac4d0d248 Bumped version to 1.7.1 REVERT: 3ccb89622 Set release date REVERT: 44b4992cd Merge pull request #305 from maxmind/greg/require-linux-for-test REVERT: ff42640d3 Run clang-format on all code REVERT: 47d9c22e4 Only run external symbols test on Linux. Closes #304. REVERT: 2fac9911f Merge pull request #303 from maxmind/greg/v1.7.0 REVERT: ac30fac72 Bumped version to 1.7.0 REVERT: 978f21c95 Bump copyright year REVERT: 673d03fa5 Set release date REVERT: 5b7ff3936 Merge pull request #302 from maxmind/greg/fix-ssize-check REVERT: c2d1e77b0 Install IPC::System::Simple for autodie in man-page script REVERT: 121ceeb16 Compare st_size with SSIZE_MAX rather than itself REVERT: 5cffab02c Merge pull request #298 from maxmind/sromani/cmake-builds REVERT: 916f2fad9 Update actions REVERT: 61902deb4 update instruction with build dir REVERT: bd676ae55 set working directory of tests REVERT: 98765dbfc Merge pull request #295 from Biswa96/cmake-pkgconfig REVERT: 0033122b9 cmake: Generate pkgconfig file REVERT: 4dfd68ef0 Merge pull request #294 from Biswa96/autotools-mingw-ldflags REVERT: 576b57e47 autotools: Add proper linker flags for mingw REVERT: 43d80d920 Merge pull request #293 from Biswa96/cmake-mmdblookup-mingw REVERT: 6aa022a6d cmake: Enable mmdblookup program for mingw REVERT: b8fb17f1a Merge pull request #289 from maxmind/nlogan/fix-compiler-warnings REVERT: 7156241ca Fix -Wunused-parameter warning REVERT: 9ec341e6a Fix -Wvla warnings REVERT: bd66f94be Fix -Wsign-conversion warnings REVERT: cf7ff4d0e Fix -Wshorten-64-to-32 warning REVERT: 0d5026f2b Fix -Wcast-qual and -Wincompatible-pointer-types-discards-qualifiers warnings REVERT: c348d75df Merge pull request #287 from maxmind/horgh/flags REVERT: d56fda5d0 Merge pull request #288 from ryandesign/patch-1 REVERT: 918b0ca61 Add installation instructions with MacPorts REVERT: fd62c0b08 Use same error code as before REVERT: b22004f3e Enable more warnings REVERT: 31642ef47 Update libtap submodule REVERT: 536c19690 Ignore -Wformat-nonliteral warning REVERT: 980288f0d Fix -Wundef warning REVERT: 9a15c6559 Fix -Wembedded-directive warnings REVERT: 0f17519b9 Fix -Wimplicit-int-float-conversion warnings REVERT: 371607541 Fix -Wshadow warning REVERT: 7557df30a Fix -Wimplicit-fallthrough warning REVERT: f6d0c1a98 Fix -Wshorten-64-to-32 warnings REVERT: 7d7a9b831 Fix -Wsign-conversion warnings REVERT: 62cdd2173 Fix -Wcast-qual warnings REVERT: 249234d26 Merge pull request #285 from maxmind/horgh/sanitizer REVERT: cbb65cf3b Merge pull request #286 from maxmind/greg/add-changelog REVERT: c31d5324f Add change log entry for #284 REVERT: fab6c20a2 Merge pull request #284 from satmandu/patch-1 REVERT: 319188c15 Add github action for AddressSanitizer REVERT: 2c4aad8ba Use CXXFLAGS in C++ test REVERT: 047451d88 Clean up in C++ test REVERT: 2e9cadfe4 Remove dev tools section REVERT: 24214dc3c Bump copyright year REVERT: 529f22414 Use https URLs REVERT: 4def8ec31 Allow for alternate libdir detection in linux REVERT: e5a409317 Merge pull request #283 from maxmind/greg/gh REVERT: 389669100 Use gh instead of hub. Release from right branch. REVERT: 99aecbc04 Merge pull request #282 from maxmind/greg/clang-static-analysis REVERT: 7d6f348ca Don't use pointless ignore variable REVERT: 6104e45bd Run Clang static analysis via GitHub Actions REVERT: e0ac6e361 Merge pull request #277 from rittneje/o-cloexec-fd-cloexec REVERT: 41fbf3c6b only use FD_CLOEXEC if O_CLOEXEC is not available REVERT: 26fac5006 Merge pull request #275 from maxmind/greg/fd-cloexec REVERT: 4407f1cc7 Set FD_CLOEXEC on platforms that don't support O_CLOEXEC REVERT: 5842352c6 Merge pull request #272 from maxmind/greg/changes-271 REVERT: 110bb2251 Add a changelog entry for #271 REVERT: 64513b862 Merge pull request #271 from SpaceIm/fix/ios-tvos-watchos REVERT: 9e511cada fix installation of bundle for iOS/tvOS/watchOS REVERT: fca0cba93 Merge pull request #270 from maxmind/greg/269-changelog REVERT: ee3efb50d Wrap long line REVERT: 37a0e1ef4 Update language in README.md REVERT: 4f5887b58 Add comment on source of override rules REVERT: 2f03eef82 Move block to be with other WIN32 items REVERT: dee93e614 Add changelog entry for #269 REVERT: 1b9284a98 Merge pull request #269 from rafael-santiago/main REVERT: a1d742526 Only showing MSVC_STATIC_RUNTIME build option description when on Windows REVERT: d0cdf3aec Adding support for static Run-Time library (MT/MTd) on MSVC REVERT: d918412fe Merge pull request #265 from maxmind/greg/release REVERT: 7f7e918bf Update release instructions REVERT: ac433e3da Bumped version to 1.6.0 REVERT: 2d0e6b736 Merge pull request #264 from maxmind/greg/1.6.0 REVERT: 538637f30 Add all static library archive files to .gitignore REVERT: 96f86d17e Update copyright notice REVERT: 0a0aa77ea Update Changes.md for 1.6.0 REVERT: cc2d3ca1f Merge pull request #262 from fcelda/windows-export-symbols REVERT: 5e4b9be18 build: cmake: export all symbols on Windows REVERT: 9ec72a113 Merge pull request #261 from fcelda/remove-hard-coded-install-paths REVERT: ac0cc21dc build: cmake: fix installation of .dll files on Windows REVERT: 9a8ea2f1d Merge pull request #260 from maxmind/greg/cmake-changes REVERT: 684cb344a Add recent cmake PRs to Changes.md REVERT: f898d8df9 build: cmake: remove lib prefix on Windows (#258) REVERT: 588fdc799 Merge pull request #259 from fcelda/fix-include-directories REVERT: 123a66d4d build: cmake: fix target_include_directories REVERT: e7f134bdb Merge pull request #257 from fcelda/cmake-c99-support REVERT: 6197b976d build: cmake: properly enable C99 support REVERT: ed7a4252c Merge pull request #254 from maxmind/greg/fix-cmake-builds REVERT: b39f0b987 Drop -V flag for cmake REVERT: d9a1a7f66 Bumped version to 1.5.2 REVERT: d1889667d The alloc change didn't make it into 1.5.1. Re-releasing REVERT: b63fc8ded Set release date REVERT: 822c2cf1c Merge pull request #253 from maxmind/greg/check-calloc-rv REVERT: ec946c10d Check all calloc/malloc return values. Closes #252. REVERT: 367ffaa3b Merge pull request #251 from paravoid/more-manpage REVERT: e631bd9f3 make-man-pages: make lowdown the default translator REVERT: 6c81348bc make-man-pages: drop tempfile indirections REVERT: 06efc186c make-man-pages: small tidying REVERT: 518ea89a3 Merge pull request #249 from maxmind/greg/no-master REVERT: 2c3456c9a Replace master reference REVERT: 4acfa8901 Add Changes entry for #248 REVERT: 3ca12d0a5 Merge pull request #248 from paravoid/manpage-improvements REVERT: 76c3d9426 Pass pandoc a more-compatible Markdown flavor REVERT: 9e7684807 Disable "smarty" filters from manpage generation REVERT: e623f7110 Add lowdown as an alternative Markdown->man translator REVERT: d67743cfa Remove Pandoc version from manpages REVERT: 5883be157 Limit scope of generated (3) manpages to MMDB_ REVERT: ed78313a2 Merge pull request #247 from maxmind/greg/clang-format REVERT: a949defd8 Don't use weird LOCAL macro for static REVERT: d5b2e4565 Format with clang-format REVERT: f32241e9a Add clang-format config. Remove uncrustify config REVERT: d22760af1 Build PPA packages for groovy and not eoan REVERT: 466537c77 Bumped version to 1.5.0 REVERT: 7f85778ae Set release date REVERT: ad35e6af1 Merge pull request #243 from bsergean/master REVERT: 87a6bef31 always build mmdblookup and remove src/CMakeLists.txt from Makefile.am REVERT: 9b88d25ab link with thread library on unix REVERT: 63f26969b refactor testing CMake file REVERT: 0c8df5365 Merge pull request #245 from maxmind/greg/fix-typo REVERT: c722f8b18 Fix typo REVERT: 6c1d4cac8 Add dummy file to try to make CodeQL-Build happy REVERT: 73f123695 disable mmdblookup on windows REVERT: 8f9b4d5c8 MAXMINDDB_BUILD_TEST_PROGRAMS -> BUILD_TESTING REVERT: 87b8e90fb CI: request cmake testing build REVERT: 01601dc56 rename test option to BUILD_TESTING REVERT: 0bfd237ee on windows we need ws2_32 REVERT: 99d65f908 fix typo which was causing headers files not to be installed REVERT: 3998f42bd handle soversion REVERT: 42fa81199 pic code on Linux REVERT: a85d98286 build test by default REVERT: 1117b4ba2 rework CMake files ; can be used on macOS and compatible with fetchContent REVERT: e79e2b0af Merge pull request #241 from maxmind/greg/cmake REVERT: 07eb7ed6e Include cmake header 'in' file in dist REVERT: bd968c7e5 Do a minor version bump since we are adding something new REVERT: 5e3719aaa Remove leftover set REVERT: 13da4f953 Fix typos REVERT: 6c6a55b4b Remove AppVeyor config REVERT: 55d33a8c9 Add CMake files to dist REVERT: c4b8b664c Use correct relative path for test files REVERT: 6e6f51ad2 Update documentation REVERT: d4c811278 Provide our own build config for codeql-analysis REVERT: 1a8e96fd6 Update version in cmake REVERT: 0c09ad1b7 Set SOVERSION to match Autoconf build REVERT: d2d22195e Fix some warnings in the Windows build REVERT: e07e5d11f Add per dir cmake config REVERT: c74cfde1b Do not build mmdblookup on Windows REVERT: c6a281989 Skip bad_databases_t and threads_t on Windows REVERT: 7eff16bdd Handle different uint128 cases with cmake REVERT: 646d11577 Test with cmake REVERT: 7fd2aceb5 Add cmake build REVERT: 68b35aa82 Merge pull request #240 from maxmind/horgh/github-actions REVERT: 7d60ee607 Use GitHub Actions to test REVERT: ee212f8c0 Disable gcc warning REVERT: 07dc88c7f adding support for linux on power pc REVERT: 07797e9df Bumped version to 1.4.3 REVERT: afed9fdb8 Set 1.4.3 releae date REVERT: 5dda63adc Merge pull request #237 from maxmind/greg/fix-heap-buffer-overflow REVERT: 3f4eb8765 Run uncrustify REVERT: eac45e291 Replace most malloc uses with calloc REVERT: e6e63a7f5 Merge pull request #235 from maxmind/greg/code-scanning REVERT: bb5b3b2fa Create codeql-analysis.yml REVERT: 0cb758d86 Merge pull request #230 from maxmind/greg/fix-typo REVERT: a1a0919e1 Use correct prefix. Closes #229 REVERT: 9a8fa0c4f Mention #228 in changelog REVERT: bdb3da0dd Merge pull request #228 from iSLC/master REVERT: 9b32c6c19 Don't force wide string on possibly `CreateFileA`. REVERT: fc183662e Bumped version to 1.4.2 REVERT: 05b7083b8 Update date of release REVERT: 63feb100e Merge pull request #219 from maxmind/greg/revert-record-info-change REVERT: e9a9e086b Add appropriate warnings REVERT: 830f83751 Update with 1.4.2 release notes REVERT: 60df86476 Revert "Do not calculate record_info repeatedly" REVERT: 2a6dbc30d Bumped version to 1.4.1 REVERT: 6009c06d4 Correctly generate man page links REVERT: 5688f530e Bumped version to 1.4.0 REVERT: c582c62e1 Update changes for release REVERT: 4eb81cef3 Merge pull request #217 from tpoechtrager/patch-1 REVERT: 89ef9dc38 Fix MinGW cross compilation REVERT: 658518cce Merge pull request #214 from maxmind/greg/simplify-search-tree-lookup REVERT: a2e8eee54 Merge pull request #215 from maxmind/greg/mmdblookup-prefix-length REVERT: 2293d2aa5 Display prefix length for record in mmdblookup REVERT: 5bf3db24f Do not calculate record_info repeatedly REVERT: 2d49f4f04 Simplify search tree code REVERT: 3dd3449e1 Merge pull request #211 from maxmind/greg/fix-strndup REVERT: 69a51cce3 Ignore unused-function warnings REVERT: 08bfbf02b Add src to win32 project include directories REVERT: 1bced5ae5 Standardize on one strndup implementation REVERT: 8bdfe7017 Merge pull request #208 from maxmind/greg/update-changes-and-docs REVERT: 058a71297 Run uncrustify REVERT: 74cca8da5 Update change log for negative array indices REVERT: 589de5d93 Update docs for negative array indices REVERT: f96b5f7ae Change error code returned to be more consistent REVERT: b85ffd2a0 Merge pull request #205 from shareaholic/negative-index REVERT: a42979d68 Merge pull request #206 from saurik/master REVERT: df65fa15a Do not use uninitialized variable on UTF8 failure. REVERT: 716817609 Allow negative array indicies REVERT: 85ff16afb solve memory leak REVERT: b2576cdd6 Add Changes entry for #199 REVERT: ea5dd4acf Merge pull request #199 from kurt-nj/const_mmdb_s REVERT: e9bca7eee one to many const REVERT: 0cc6caecc constify mmdb_s REVERT: d985ed8ec Merge pull request #195 from geraldcombs/fixup-define-unicode REVERT: b4fe6f9f8 Don't force the Unicode API on Windows consumers. REVERT: e1db7584a Merge pull request #193 from maxmind/greg/remove-regen-macros REVERT: d862532db Remove unnecessary prototype REVERT: c0f4e6c3d Remove unnecessary INDENT-OFFs REVERT: 8623eb63f Remove now unnecessary macros REVERT: 0d29c0cf8 Merge pull request #192 from maxmind/greg/remove-regen-prototypes REVERT: fb34bee29 Remove script to regenerate prototypes REVERT: 12572083e Remove prototype added by regen-prototypes.pl REVERT: 02b59a7e8 Add changes entry for #191 REVERT: a7f2b19d6 Use UTF-8 internally on Windows. REVERT: 9660f7e14 Merge pull request #181 from maxmind/greg/leak-changelog REVERT: 36d6cd370 Add a changelog entry for #180 REVERT: 15c1e837e Merge pull request #180 from Kokan/metadata-lang-name-leak REVERT: e63d5224c Fix memory leak in metadate.languages.names REVERT: 7b2cfd3db Merge pull request #178 from maxmind/greg/make-travis-happy REVERT: 2137cf0fd Fix undeclared open_memstream on macOS REVERT: 1ea5e0fe6 Merge pull request #176 from maxmind/pcronin/clarify-installation REVERT: 0d17f5ae0 Grammatical and formatting improvements REVERT: e72c7fc46 Clarify instructions by source REVERT: b5cba6a44 Mention #168 in change log REVERT: e02773708 Merge pull request #171 from maxmind/greg/no-po-files REVERT: 2290e1c6a Do not include all of t/ in dist REVERT: 6a0e29951 Add #166 to changelog REVERT: 0d6f6b661 Merge pull request #166 from ffontaine/master REVERT: 501f85fa7 Add --disable-binaries REVERT: cc7b88026 Bumped version to 1.3.2 REVERT: e32451587 Update changelog REVERT: 1858a31fe Merge pull request #165 from maxmind/pcronin/test-external-symbols REVERT: b9c99cb34 Merge pull request #164 from maxmind/nchelluri/fix-readme-ppa REVERT: e69771745 Uncrustify REVERT: f5956047f Add test to ensure only intended symbols are exported (MMDB_*) REVERT: 877f65307 Docs read apt, not aptitude REVERT: 141a73ff5 Merge pull request #159 from maxmind/horgh/mmdblookup-from-file REVERT: 12e64aeb3 Comment that we intentionally do not document certain modes/flags REVERT: 7a3cf56ad Always output summary information when looking up IPs from file REVERT: 41fe12d4b Merge pull request #163 from maxmind/horgh/o_cloexec REVERT: cbd5d3a9a Check for O_CLOEXEC directly rather than POSIX version REVERT: 84dfa3a0c Disable unused command line arguments in Clang on OSX REVERT: 8bc831b76 Use -Werror for Travis OSX builds too REVERT: 73c029cb5 Add Travis builds with POSIX.1-2001 REVERT: e04bfe77a Mention O_CLOEXEC and POSIX.1-2008 in the changelog REVERT: f6d8a48c8 Use O_CLOEXEC for exec-safety in MMDB_open REVERT: 6c7e9392b Request POSIX.1-2008 definitions and features REVERT: dfd17d998 Update README to state POSIX.1-2001 as a requirement REVERT: 50fd6e505 Mention hiding internal symbols in the changelog REVERT: 65a268603 Merge pull request #162 from paravoid/to-upstream/160 REVERT: 21324a8e1 Add -export-symbols-regexp to LDFLAGS REVERT: 9cfcbbc04 Simplify autoconf check for open_memstream REVERT: e4b7a3036 Fall back to time() if clock_gettime() is not available REVERT: a599166b0 Work around a Clang bug that complains about missing field initializers REVERT: 80c11c486 Switch from clock() to clock_gettime() in the threaded benchmark REVERT: f0778d139 Print error reason if retrieving list fails in threaded mode REVERT: 5448444e6 Add a way to mmdblookup to look up multiple IPs from a file REVERT: a8880bda5 Merge pull request #155 from maxmind/horgh/no-realloc REVERT: 219c6b044 Delete out of date test REVERT: 8de5a0915 Reduce work needed to free the list REVERT: f219ef7be Work around Clang warning about missing initializers REVERT: ecb5a6452 Optimize the data pool a bit REVERT: c9cf1fac6 Set -pthread more correctly in mmdblookup's automake REVERT: 50c7ebae3 Allocate in multiple chunks rather than reallocating one single chunk REVERT: 9e9eab9b3 Merge pull request #154 from maxmind/will2/multithreaded-mmdblookup REVERT: b1e1eb9a5 Simplify excluding threaded code on Windows REVERT: f38d74393 Do not provide --threads flag on Windows REVERT: ec604d718 Add a way to run multithreaded lookups in mmdblookup REVERT: dba925a53 Bumped version to 1.3.1 REVERT: e3262f084 Set version 1.3.1 in the changelog REVERT: ce501d27d Add information about #152 to the changelog REVERT: 7245f7da2 Merge pull request #153 from maxmind/will2/invalid-read REVERT: 18ad9483d Use better key/value index variable names REVERT: 282422c96 Fix race to write/set ipv4_start_node on MMDB_s REVERT: 19a5c5b91 Make LOCAL set functions static in mmdblookup REVERT: c7165e4de Update changelog REVERT: b265b97fe Treat entry data list pointers as invalid when we grow the memory pool REVERT: 155798aeb Fix a memory leak in a test REVERT: b7c49d8b7 Add a test where we hit the invalid read/write REVERT: b8f762e03 Make valgrind-all run against the tests, not just mmdblookup REVERT: 512b03783 Merge pull request #152 from rgerhards/fix-rpl_malloc REVERT: d0cd6bec3 remove build problems related to rpl_malloc REVERT: f7cd0f307 Merge pull request #150 from maxmind/will2/more-release-instructions REVERT: 73c2e4e75 Add some more info to README.dev about releasing REVERT: 780e94414 Update homebrew URL in release instructions REVERT: 78659b5ae Remove old release instructions REVERT: 33cccb0a1 Fix ppa release script REVERT: bf8fce6b8 Add artful to Ubuntu versions REVERT: c197d1380 Bumped version to 1.3.0 REVERT: 7b0e8832a Bump version in changelog REVERT: 59d248ba9 Merge pull request #149 from maxmind/will2/list-last-element REVERT: 152f881b8 Set the last element in the list's next pointer to NULL REVERT: ed8766319 Merge pull request #147 from maxmind/will2/fewer-allocations REVERT: 89d293a9c Update changelog REVERT: 8d82d0366 Allocate memory for multiple MMDB_entry_data_list structs up front REVERT: fa60ece1d Add vim swap files to .gitignore REVERT: f47cc1ea5 Add additional valgrind flags to valgrind-all.pl REVERT: a6acf3e07 Comment about using valgrind-all with libtool REVERT: b70a4361a Fix path to test databases in valgrind-all.pl REVERT: 7244823b6 Free lookup_path memory when benchmarking in mmdblookup REVERT: 79278df30 Update changelog REVERT: 4c2a864e7 Merge pull request #143 from rainerjung/mmdblookup-time_t-32bit REVERT: ed0b533ad Fix wrong epoch formatting for verbose mmdblookup (at least on 32 bit builds on Solaris Sparc). REVERT: 0cdc9d2b5 Update release instructions REVERT: 0ffea5659 Update PPA release script REVERT: cb277ecbb make clean before make dist REVERT: e79a8b18c make dist in release script REVERT: 3f59a4277 Bumped version to 1.2.1 REVERT: 6b49dabda Update release script REVERT: dd27cd366 Update libtap REVERT: cb6635636 Update change log for 1.2.1 REVERT: 6a63165c0 Merge pull request #136 from ffontaine/master REVERT: 08e44e1d3 Fix small typo in test REVERT: 07412b30f Merge pull request #141 from maxmind/greg/no-buffer-check-overflow REVERT: 0881b61a1 Add a check for min data_section_size REVERT: bdf8c9f19 Remove unused regex REVERT: 1a9a22426 Add VS project file for metadata pointer test REVERT: b2936739b Add bad databases test REVERT: d1851da32 Fix integer overflow in bound checks REVERT: 8287848f7 Add --disable-tests to configure REVERT: 1b378ab8e Merge pull request #139 from nigoroll/submodules_https REVERT: cfdd03352 use https submodule urls REVERT: b8e079635 Merge pull request #133 from maxmind/greg/no-install-libtap REVERT: 7c9ca21a4 Do not try to install libtap REVERT: e0ff6341b Merge pull request #132 from maxmind/greg/build-fixes REVERT: cc6d3fa63 Test on OS X too REVERT: 3fa8cf156 Use libtap's Makefile REVERT: 020d8815d Add Changes entry for #130 REVERT: 566b93c97 Use uint8_t type for maybe_populate_result REVERT: ec7530a17 Fix MSVC compiler warnings REVERT: ebe5a6112 Merge pull request #131 from maxmind/greg/upgrade-libtap REVERT: 307383149 Upgrade libtap to latest version REVERT: 9a9ad0b40 Merge pull request #127 from maxmind/greg/misc REVERT: 2d7c78052 Prefer current directory for maxminddb_config.h REVERT: 00c1ab708 Make use of "mmdb" consistent in the docs (#124) REVERT: f735fb95a Merge pull request #123 from maxmind/autarch/fix-endianness-check REVERT: 892130447 Add docs on the netmask returned for an IPv4 address in an IPv6 database REVERT: cbdaab2cf Add a paragraph explaining you can use MMDB_read_node to iterate over the search tree REVERT: a280aebce Use autoconf to check system endianness rather than compiler macros REVERT: 8f2ad88f0 Update Slack notification REVERT: 5cd80a8e5 Fix example in the docs. Closes #116. REVERT: 4bc4b620e Add a basic PPA release script REVERT: f7934c805 Bumped version to 1.2.0 REVERT: b56b222a5 Update release data REVERT: 0db855145 Merge pull request #111 from maxmind/greg/read-node-update REVERT: 4a5759874 Add more fields to MMDB_search_node_s. Closes GitHub #110 REVERT: 52100fafb Remove outdated release documentation REVERT: 223a83ad8 Bumped version to 1.1.5 REVERT: 432249af0 Version 1.1.5 REVERT: 2472335b2 Re-add release target REVERT: 539772b24 Update relase documentation REVERT: 3e2f86d16 Merge pull request #109 from maxmind/greg/fix-metadata-pointers REVERT: bb5ea0fc5 Allow decoding of dbs with pointers in metadata REVERT: a46eb85d4 Merge pull request #107 from maxmind/greg/simplify-ip-resolution REVERT: 72a81ab0e Set MMDB_IPV6_LOOKUP_IN_IPV4_DATABASE_ERROR on MMDB_lookup_sockaddr too REVERT: a3d75b916 Let getaddrinfo detect the address family REVERT: ff4fbfdf4 Send AppVeyor Slack notifications on every build REVERT: b11fc6f9c A few more typo fixes REVERT: 6691cf788 Fix small typo in libmaxminddb docs REVERT: 854246342 Use a new Slack token for notifications REVERT: 6478aa94c Update AppVeyor to send notifiations via Slack & email REVERT: 7d035196d Small tweaks from .travis.yml munger REVERT: 8654a3405 Send notifications to slack REVERT: 6a1bf9b75 Fix typo in Changes.md REVERT: 36b0bba47 Fix for GitHub release directions REVERT: 63520c6b0 Bumped version to 1.1.4 REVERT: 838f31fd9 Changes for 1.1.4 REVERT: cc0e5f680 Make the safedist target depend on clean REVERT: 5c8b40fa8 Add a few more details on uploading PPAs REVERT: 247537ffc Wrap <> in `` so it shows up on GitHub REVERT: 68dd2d40b More details on the whole release process REVERT: bfdc2df4d Update PPA instructions REVERT: fd462b1bf Bumped version to 1.1.3 REVERT: 150d06eb6 Merge pull request #104 from maxmind/dave/misc-fixes REVERT: ea204980b Update appveyor.yml to send notifications via email instead of hipchat REVERT: acdd24a0d Cast mmdb->file_size to uint32_t when comparing to search_tree_size REVERT: 7040abfb0 Fix wrong var name in dump_entry_list for platforms where int128 is a byte array REVERT: 63b7613e2 dump_entry_list does not return status code, it sets *status and returns NULL REVERT: 9ce3d12b4 Small tweak to wording of change in 1.1.2 REVERT: 7a8d8e071 Add date for today's release REVERT: aa926a96a Add Changes.md entries for memory fixes in this branch REVERT: 9d4cc2424 Reimplement size overflow checks as a macro REVERT: 6a022d195 Added preprocessor statements around SIZE_MAX REVERT: 3e7af59ec Avoid integer overflows during memory allocation REVERT: a860913e4 Check OOM condition in value_for_key_as_string REVERT: 51481f0cf Avoid integer overflow on very large files. REVERT: a159e406f Verify existence of metadata marker REVERT: b2e9398a7 Prevent out of boundary access when using offset REVERT: c65772acb Send all emails to dev-ci@mm REVERT: a2a6c8614 Fix typo in Changes (extra comma) REVERT: 22d96d056 Merge pull request #100 from maxmind/greg/old-db-notice REVERT: 8749c4b4f Added notice about incompatibility with old databases REVERT: 49f4d3ad9 Add debug messages on more errors REVERT: b0fe37a78 Bumped version to 1.1.2 REVERT: e5330a957 Add 1.1.2 release date REVERT: 507fcbedf Merge pull request #99 from maxmind/greg/depth-fixes REVERT: 62e424b42 Limit depth of data structures to 512 REVERT: 55ebd4f5f Check for more errors while decoding metadata REVERT: 243859bea Disallow pointers to pointers per the spec REVERT: a3d4d7434 Merge pull request #98 from maxmind/greg/more-bound-checks REVERT: 51255f113 Fix several segfaults from missing bounds checks REVERT: 9f131156b Merge pull request #96 from maxmind/greg/remove-unused-assignment REVERT: 98f4e23e4 Remove unused assignment. Reorganize. REVERT: 9b788d049 Add pkg-config support REVERT: 00316fefe Merge pull request #91 from maxmind/rafl/docs REVERT: 19f6577fe Fix two small documentation errors REVERT: 3d9626992 Bumped version to 1.1.1 REVERT: 53c0351f5 Added maxminddb-compat-util.h back to source dist REVERT: 1bf066eca Replace utopic with vivid in PPA release instructions REVERT: 8f4549511 Bumped version to 1.1.0 REVERT: dd4bd01dd Update release script REVERT: 46b828e77 Merge pull request #90 from maxmind/greg/includedir REVERT: ba9587c36 All headers in includedir. Do not install internal header. Fixes #89. REVERT: 603ac5a00 Merge pull request #88 from maxmind/greg/fix-clang-analysis-warnings REVERT: 22c8d339a Uncrustify REVERT: f9c218b7d Update changes REVERT: 25266f431 Check status of MMDB_get_entry_data_list REVERT: 72c9d7685 Fix warnings from Clang's scan-build REVERT: f0dcad3b4 Merge pull request #87 from maxmind/dave/use-travis-containers REVERT: f85e366fe Travis handles submodules for us REVERT: 3c8281a1b Use Travis container-based infrastructure REVERT: 464fe0815 Merge pull request #83 from maxmind/greg/mac-os-x-test-fix REVERT: 4249537d1 Fix compile_c++_t.pl test on OS X REVERT: 04af62961 Always put () after function names in Changes.md for consistency REVERT: aab44408e Changes for latest Windows fix REVERT: 610f61dcc Fix typo in Changes.md REVERT: 91ba26848 Merge pull request #78 from blyhostetler/master REVERT: 51eb95c44 Updated per most recent comments on pull request REVERT: afc128e70 Update from pull request review REVERT: ec3a06e48 CreateFileMapping can actually return an error (and returns NULL in that case) REVERT: dff3ce7d8 Added note about W32 file closing fix to change log REVERT: e1519ca53 Merge pull request #76 from blyhostetler/master REVERT: 97f1e068b Issue 75 - handle and WSAStartup cleanup REVERT: 3fab5a81f Merge pull request #74 from maxmind/greg/save-errno REVERT: 3a74dd9b3 Add a comma in Changes.md REVERT: a76792dcb Fixed typo in handle name REVERT: 678811b56 Update change log for errno change REVERT: a354c7ae7 Don't clobber errno when cleaning up from error REVERT: 1886fcb15 Update submodule. Closes #73 REVERT: 7d462ebb7 Add PPA instructions REVERT: 1337363d3 Add basic instructions for releasing to PPA REVERT: 03ac93269 Prepare for 1.0.4 REVERT: a83721bdf Merge pull request #71 from maxmind/greg/update-dist-docs REVERT: a5590f059 Clarify the lookup paths. Fixes #68. REVERT: f6968f9ae Add explicit note about utf8_string's size. Closes #66. REVERT: 8cc92b7aa Use IPC::Run3 from Debian package REVERT: 714d154a1 Update dist to include VS files and update docs REVERT: 69e52dcfa Use correct maxminddb_config.h and remove MMDB_UINT128_IS_BYTE_ARRAY REVERT: a736f102f Added x64 and Release VS12 property pages REVERT: ca7c2b298 Change log for C++ test failure REVERT: 282306ea8 Merge pull request #67 from maxmind/greg/handle-strtol-errors REVERT: 5473b4c78 Remove a pointless memset() call REVERT: 4dc402bb4 Fixed two issues with our error handling of strtol REVERT: d42328fea Merge pull request #63 from Ironholds/master REVERT: 3c5ff46c7 I'm pretty sure that's a typo REVERT: f10f50bdb Merge pull request #62 from maxmind/greg/fix-c++-test REVERT: 0c1897eb8 Run cpanm as root REVERT: 6715da537 Install cpanm REVERT: addb2d79e Install IPC::Run3 for Travis REVERT: cb87a6cb2 Make C++ test work even if libmaxminddb is not installed REVERT: cbfe14e77 Merge pull request #59 from maxmind/greg/vs-tests REVERT: 7e1db37a7 Update changes REVERT: bd43072d4 Revert accidental failing test REVERT: 2f724ac76 Tidy regen script REVERT: 013cdde21 Fix config header and quiet some warnings REVERT: 5c6a85f95 Don't try to run threads test REVERT: 2203a7731 Specify exes directly rather than using forfiles REVERT: ecc639144 Switch back to older version of libtap REVERT: 0d66cad8e Make AppVeyor fail on failure REVERT: 55d2ee7be Check that _MSC_VER is set REVERT: 7a3194c99 Add VS project files for tests and run tests in AppVeyor REVERT: cd37c4057 Automatic release message for tag REVERT: 82e07b83a Don't try to commit if there are no changes REVERT: d660bf4ff Allow git commit to fail if we've already bumped version REVERT: 8ea6206ab Add release date REVERT: dbedfed91 Push all changes including tags when doing release REVERT: 20822d0d5 Remove set -x REVERT: 2b5589625 Bumped version to 1.0.3 REVERT: 3312f5549 Make release script bump version REVERT: 918ebfb66 Merge pull request #58 from maxmind/dave/c++-extern REVERT: 9ff6f7ed5 Add Changes entry for extern "C" bits REVERT: 1face3765 Turn on verbose mode for tests when running under Travis REVERT: 23dd6663e Add extern C to maxminddb.h for C++ compilation and test this REVERT: 15420bd54 We can rely on FindBin always being available REVERT: 07d20f138 Add Changes entry for realloc fixes REVERT: 23f5d7bf5 Merge pull request #56 from maxmind/dave/no-realloc REVERT: 67bfd92da Remove use of realloc but use malloc to allocate dynamic array in MMDB_vget_value REVERT: 527dc6589 Upgrade to the latest libtap REVERT: 01997a8f7 Add change log entry about the Windows header case REVERT: 242dc0862 Merge pull request #57 from SuckerServ/master REVERT: 6bfea21b9 Lowercase Windows includes in order to build with MinGW on GNU/Linux REVERT: f76b80877 Add subdir-objects option when using automake 1.14+ REVERT: 4ed277c44 Update .gitignore for new files produced under make check REVERT: 2eb95c224 Fix outdated comments REVERT: cbae1a2e4 Merge pull request #53 from maxmind/greg/vs-build REVERT: 847e597bb Updated change log and removed .hgtags files REVERT: f0243ee11 Add AppVeyor build file REVERT: 601a0003d Merge pull request #51 from maxmind/greg/lib-path REVERT: 32c1c63d5 Visual Studio build files and Windows fixes REVERT: 2790d5628 Added directions about how to add /usr/local to shared lib path REVERT: 6baa9159f Added change for documentation fix REVERT: 5fa3eb4a8 Merge pull request #50 from fgsch/master REVERT: f05ff6021 Correct example REVERT: 7c2b8a0e7 Added note about leak fix to Changes.md REVERT: cf7d98367 Merge pull request #49 from fgsch/master REVERT: b01925423 Fix leaks in MMDB_open() REVERT: 54e775878 Merge pull request #45 from zno5/master REVERT: 116312b34 The dwMaximumSizeLow parameter of CreateFileMapping function set to zero. The maximum size of the file mapping object is equal to the current size of the file. REVERT: 8798ae2f7 Prepare for 1.0.2 REVERT: 8a82131c3 Merge pull request #44 from maxmind/dave/fix-dangling-pointers REVERT: e2a755f76 Make sure to set pointers to NULL after freeing them REVERT: 4da78594d Add note to Changes about Coverity fixes REVERT: 0398e815e Merge pull request #43 from maxmind/greg/coverity-fixes REVERT: f7d00c278 Add back WSAStartup for Windows REVERT: 22d9f86ad Ignore last Coverity warning REVERT: f29bc3413 Remove unnecessary '0 !=' in if statement REVERT: 424f2839f Close fd is stat fails REVERT: 42320863d Fixes for issues discovered by Coverity REVERT: 070a576e1 Submit build info to Coverity REVERT: df7783484 Merge pull request #42 from maxmind/bz/fix-ld-solaris REVERT: 7a20fb5f7 We should link against -lsocket on solaris REVERT: ef7c94e24 Prepare for 1.0.1 REVERT: b6a2b4e1a Added missing LICENSE and NOTICE. Fixes GitHub #39 REVERT: 716290b3f Add Changes.md and README.md to dist REVERT: a7bb9f4c5 Prepare for 1.0.0 REVERT: 005afbd4f Fix Changes formatting REVERT: 72353d707 Add release date REVERT: 33164f4c7 Bump version REVERT: d715ef33b Merge pull request #38 from maxmind/dave/more-fix-missing-free REVERT: 75cb031d3 Set struct to NULL so later NULL check is sane REVERT: 0b1d7c137 Doc all changes for 0.5.6 REVERT: 84a896655 Make sure to call freeaddrinfo on a getaddrinfo error REVERT: 11dc4eb29 Style fixes - NULL != foo (not the other way around) REVERT: 21396b7f6 Merge pull request #37 from maxmind/dave/fix-missing-free REVERT: ddb2b424e Add leak fix to Changes REVERT: fa1b8b159 Run uncrustify-all REVERT: fd09e1a56 Add the compile file to .gitignore REVERT: 0b084b199 Fix some odd line breaking REVERT: cb7459fc2 Make sure to call free_mmdb_struct() if we can't find metadata in the MMDB file REVERT: 1d54c0961 Merge pull request #33 from maxmind/greg/gh-pages-release-script REVERT: dc380407f Add version metadata REVERT: 6b6a8400c Updated make-release.sh to regenerate gh-pages REVERT: 423ca4200 Merge pull request #32 from maxmind/bz/fix-freebsd REVERT: 5972f0e39 Ignore return code and free every nonnull pointer REVERT: c0d945c6c Use GitHub Flavored Markdown REVERT: d481d73a9 Fix segfault - freeaddrinfo's *addrinfo must be valid. REVERT: bda6b71dc FreeBSD's getaddrinfo can't handle AI_V4MAPPED REVERT: 12b9ec8c2 Merge pull request #31 from maxmind/bz/remove-space-in-dir-check REVERT: 19daf2110 Remove error message libtool warns anyway REVERT: 07465c4da Merge pull request #28 from maxmind/greg/mmdblookup-man REVERT: e50aafb6e Rename $type to $section in code to make man pages REVERT: 7f811f08c Tidy Perl code REVERT: 83c6ba10b Add .perltidyrc file REVERT: 6afa1b57f Removed extra new line REVERT: 43cd8df29 Added a mmdblookup man page REVERT: cd5492e40 Merge pull request #27 from maxmind/bz/remove-non-std-hdr REVERT: 59d0ecf48 Mingw needs malloc.h REVERT: 07206ac24 Merge pull request #25 from maxmind/greg/thread-safety-doc REVERT: d979d54c7 Typo fix REVERT: 0cf3e95a7 Remove non std header REVERT: a3a019bec Merge pull request #26 from maxmind/greg/space-in-path REVERT: 040f2e7e5 Added warning when there is whitespace in build dir name REVERT: 18695f3cc Mention that this library is thread-safe REVERT: c59465627 Merge pull request #23 from maxmind/dave/make-distcheck-work REVERT: 4947aaa3d Add note about make safedist to README.md REVERT: 7d1174b2e I gave up on distcheck and made a safedist target instead REVERT: 91149131e Fix tests for latest test data REVERT: 5f499c14a Move maxmind-db to t/maxmind-db REVERT: d45e05dc4 Ignore all libmaxminddb-* files & dirs REVERT: d45a2a3a9 Merge pull request #22 from maxmind/greg/return-value-doc REVERT: 446af5474 Add more return value notes REVERT: d1eb7c837 Document return value for data lookup functions REVERT: ddb88b57e Merge pull request #21 from thekindofme/patch-2 REVERT: 1031c0c3a Merge pull request #20 from thekindofme/patch-1 REVERT: cf75f7a62 Add instructions for installing via Homebrew to README REVERT: b8559f908 Add missing step to README REVERT: f1774ebdd Bump version REVERT: 1156213ec Add Changes for 0.5.5 REVERT: 6abd936b3 Make sure src/maxminddb-compat-util.h gets included in distro REVERT: e59b6e04d Removed space between Changes.md items REVERT: bab5ed622 Add a document describing how to do a libmaxminddb release REVERT: 27c1b63f6 Bump version in configure.ac REVERT: 08fa6ce42 Add release date to Changes.md REVERT: ca32d0748 Merge pull request #17 from maxmind/dave/const-public-functions REVERT: e28fd0dc2 Fix the signature for MMDB_open in the docs REVERT: ffec74306 Add a bit more const to MMDB_aget_value() REVERT: e139c6c92 Merge pull request #16 from maxmind/dave/const-public-functions REVERT: 630e69c81 Mention const additions in Changes.md REVERT: c18ef8a51 Update docs for const changes REVERT: 440640b89 Small formatting fix REVERT: eaf2025c4 Add more const to MMDB_open filename parameter REVERT: a67ad56ca Create struct all at once rather than initializing each member separately REVERT: e81a0e664 Remove consts that -Wall warned me about REVERT: 8cf222465 First stab at consting public functions REVERT: 4e2efba6e Only try to remove ltmain.sh if it exists REVERT: be985abe2 Update Changes for next release REVERT: bc11aef1d Merge pull request #15 from maxmind/dave/remove-gpl-code REVERT: dcf0d0095 Use git protocol URL for submodule REVERT: b417753b6 Update submodule for travis build REVERT: d0ed9c37a Made t/libtap a submodule instead of copying the files into our repo REVERT: 81cdbe1c3 Update to the latest libtap REVERT: e5a634518 Use memmem, strdup, and strndup from FreeBSD rather than libiberty REVERT: e632760cf Fixed outdated license information REVERT: 2fe92bafd Merge pull request #14 from maxmind/dave/apache-license REVERT: 74a4f8677 Add the full license text back in LICENSE REVERT: 64a90ce95 Rename COPYRIGHT to NOTICE REVERT: 4df83901d Switch to Apache 2.0 license REVERT: 428599dfc Doc MinGW support in Changes REVERT: 575e018f2 Comment tweak for win32 conditional bits REVERT: 1aba9ad40 Cleanup formatting in configure.ac REVERT: be529741c Uncrustify all code REVERT: fc85b027e Removed unnecessary includes REVERT: 22ea5a1df Add Win32 support. REVERT: 9429a82a6 Add make install & ldconfig steps for Git repo install REVERT: 5c04ecacc Add links to the releases, repo, and issue tracker in the docs REVERT: 9472c2a87 Update build instructions to include ldconfig REVERT: f176ad4dd Small markdown fix REVERT: 7bad1f380 Changes for test fix REVERT: 51f278de1 test needs IPC::Run3 as well REVERT: 9d4720fcb Changes for next release REVERT: 4f8a4ec94 Bump library and binary versions REVERT: ab5005fd9 The ip_version in the metadata is a uint16_t in the spec REVERT: 4d542f905 value_for_key_as_uint16 should return a uint16_t, not a uint32_t REVERT: f5ba4521a Add even more debugging output for search tree traversal REVERT: a90fae70a Remove debugging cruft from header REVERT: f8dec34f5 Uncrustify threads_t.c REVERT: f99667a42 Add some more debugging output for error conditions REVERT: 237ca73da Added a note about prereqs for installing from git REVERT: 5f97dd6e5 Use `` instead of "" REVERT: 960e1c3ae Changes for next release (and release dates) REVERT: 2eb49e9cc Bump version to 0.5.2 REVERT: 7a5149c60 Handle man page fakery from Makefile so we don't need to include dev-bin in tarball REVERT: 2e6e2aa5c Bump package version REVERT: 2b223b507 Set -std=c99 REVERT: 9e8423fb2 Set strict CFLAGS under Travis REVERT: d63d82d48 Removed unused variables REVERT: 7ca677841 Added make release target REVERT: 816519838 Separate handling of maxminddb_config.h into an include_exec_HEADERS target REVERT: e39d00dab Mentions threads test in Changes REVERT: fdca76281 Add a test that uses libmaxminddb inside threads REVERT: 47a680020 Add Changes note for memory allocation and const-ness REVERT: 91addf8f5 Make valgrind-all.pl find all the tests rather than hardcoding them by name REVERT: 05e5105d1 Call MMDB_free_entry_data_list() on entry_data_list struct REVERT: 284b33531 Call freeaddrinfo before returning an error REVERT: ffc7f309f Make sure all tests call MMDB_close and free the mmdb struct REVERT: ee2c895a2 Simplify freeing of lookup path - no need for extra elem variable REVERT: 241888913 Add const to various variable declarations REVERT: be6e8c230 avoid unneeded memory allocations REVERT: d723ff353 Add Changes note for OSX & OpenBSD fixes REVERT: 4fe4ecb5f Handle AI_V4MAPPED not existing on OpenBSD REVERT: 51bc57f52 Use "%" PRIu64 instead of "%lu" for printf with uint64 values REVERT: 325446a63 Rename functions copied from libiberty REVERT: 54b28ffed Copy memmem, strdup, and strndup from libiberty rather than writing our own (or copying from some other source) REVERT: c394f9726 define _BSD_SOURCE to get proper prototypes on linux REVERT: e7f304c65 fix osx build REVERT: 395bfb682 Remove test for memmem. We have to use our own it is a gnu extension REVERT: 43a04c1e7 Our custom config should not be in the public header REVERT: 6fb33978d Never define the _GNU_SOURCE macro REVERT: a6d6d68b4 Load our config first REVERT: 8299f68bd Make a fake man page to satisfy make install when run from checkout REVERT: 15578d589 Revert "Add an empty man/man3 dir so "make install" works from checkout dir" REVERT: c068d2d34 Add an empty man/man3 dir so "make install" works from checkout dir REVERT: 477c339f8 Add back .PHONY for man/man3/*.3 to see if this fixes jenkins issues REVERT: df4205d55 Delete .git* files/dirs from distro tarball REVERT: 197a2380a More updates for distro tarball REVERT: 31f97ff50 Include maxmind-db dir in dist REVERT: 6cc62ffe9 Update Changes.md to mention man pages REVERT: 31ebfc327 Make sure dist includes all files in t/ dir REVERT: 31d2876bc Reformat all code so it doesn't go past column 80 REVERT: 502534037 Tweak generated man page to only indent code blocks by 4 spaces (not 8) REVERT: c57f94b0a Apparently there's no need for the .PHONY bit (which I misspelled as .PHONE) REVERT: 57b63a27f Add a fake do-nothing man/man3/*.3 target to make "make all" happy REVERT: bb7a6502b Generate man pages using pandoc as part of "make dist" REVERT: 159b18652 Only require autoconf 2.63 REVERT: 23a3a1ab7 Update Changes.md for pointer fix REVERT: eb8e883f2 Make decode_one_follow smarter when handling offset_to_next REVERT: 3051c5b03 Fix typo for error name REVERT: 763acdbd2 Add an additional test for pointer handling bugs REVERT: f77bdb8d0 Bump -version-info for library REVERT: 87e3467b5 Start recording change history in Changes.md REVERT: 19a58cbb6 Add --recursive to git clone instructions REVERT: 1c8bea8a1 Rename MMDB_LOOKUP_PATH_DOES_NOT_MATCH_DATA define to MMDB_LOOKUP_PATH_DOES_NOT_MATCH_DATA_ERROR REVERT: 75e7716d0 Not using C::Scan in regen-prototypes.pl REVERT: 9ea39056f Remove extra whitespace REVERT: 12dc63f29 Fix handling of pointers when looking up paths in an array or map REVERT: 7949b9a14 Fix a bug in the pointer bug tests and generaly improve data_ok() in the test helper REVERT: e94b91ce1 Make sure that entry_data is always zeroed out when MMDB_get_value returns an error status REVERT: d1b4e2c46 Don't run all tests if lookup fails REVERT: c20746b0b Add more debugging output REVERT: 6cae2d416 Add new test file to t/Makefile.am REVERT: 53fb6f7ca Add a failing test for the pointer bug reported in https://github.com/maxmind/libmaxminddb/issues/2 REVERT: 47c0015af Check the return value of recursive calls to skip_map_or_array REVERT: 7bdfb910d Add more debugging output REVERT: 35654f59c Added a number of tests for the Xget_value functions REVERT: 546e50c11 We also need libgen.h REVERT: 550dad857 mmdblookup.c is not using assert.h REVERT: 482f7adb5 We're not using anything from assert.h REVERT: 8deb8b0d0 Actually check for all the headers we use REVERT: 83152b960 Add an explicit error when someone attempts to look up an IPv6 address in an IPv4-only database. REVERT: 4c2393fb7 Fix typo in README.md REVERT: 3a1b68b91 When we calculate the IPv4 start node, we also need to know the netmask where we found it REVERT: 4da7b8aa6 Don't regen prototype for strndup in maxminddb_test_helper.c REVERT: bcac4502b Run uncrustify on code REVERT: ec7e86855 Add an IPv4 start node cache - all tests pass REVERT: ddf03d4ec Put string error in diag, not mmdb error code REVERT: 6246ddfd3 Rename record_info struct to record_info_s for consistency REVERT: 906b9bffe Make ip_version a uint8_t REVERT: 43991ec7a Minor clean-up REVERT: 0354e8e2d Don't install libmmdbtest REVERT: 9e733fb15 Call uncrustify twice for each file to avoid flip-flopping style changes REVERT: dadc65773 Add a version to the library REVERT: c971829e2 Pass --foreign to automake so it doesn't complain that we don't have a README REVERT: 6f78c1d3a Bump the libmaxminddb version REVERT: ff15da8c9 Small formatting tweaks in README.md REVERT: 2fa89cee4 Rename README to README.md REVERT: 4a5bc7100 Write a real README for libmaxminddb REVERT: c8e6f8af6 Remove auto-generated INSTALL file from repo REVERT: e9bc21e2f Revert "C99 does not allow anonymous unions in a struct" REVERT: ab37031f4 Add -fms-extensions to compiler flags if the compiler will accept it REVERT: 90a0c2886 Use a slightly less gross method of ensuring we get c99, not gnu99 REVERT: 037392958 On some systems strndup may be defined as a macro REVERT: ec5e6edc2 Add comment about gross autoconf bits REVERT: 57648a33b C99 does not allow anonymous unions in a struct REVERT: a80808d92 Changes to get code compiling under --std=c99 REVERT: 8aaa0f0b2 We need _BSD_SOURCE to get MAP_ANONYMOUS REVERT: 7f9023dfa Remove include/maxminddb_config.h from repo - this should never be checked in REVERT: e29e82e48 Update docs to reflect current state of uint128 handling REVERT: dbbda1d47 Changes to get libmaxminddb working with GCC 4.{4,5} version of int128 REVERT: 543c6784f Fix snprintf call - size should include null byte REVERT: fef558b68 Add license file and add license & copyright info to docs REVERT: 6c8d60f82 Add AUTHORS to docs REVERT: f5906c0d2 Add tests for bad pointers REVERT: 55bf84d65 Remove an unused var passed to lookup_path_in_{array,map} REVERT: 45d3b978b Add some more complex lookup path tests for deeply nested data structures REVERT: 6d565c10b Check aget_value with an array index other than 0 REVERT: d89a0da22 Remove unused int_pread function REVERT: 3cdec8d18 Fix check for iterations - missing a star REVERT: e8ba963ac Remove unused vars and fix signed vs unsigned comparison issues REVERT: 1db2a6a0c Check status of lookup_path_in_* functions REVERT: 8c7df5591 Use snprintf instead of GNU-specific asprintf REVERT: 782d245f3 Handle functions with no arguments REVERT: 3e8a4738f Made ip_address not required in benchmark mode REVERT: b4a5bb7ab Added a better benchmark mode (IPv4 only) REVERT: 2195efe56 Add string error for MMDB_INVALID_NODE_NUMBER_ERROR REVERT: 876ef775f Make sure all error status codes end with _ERROR REVERT: 08b718ccc Uncrustify test code REVERT: d87ab41d0 Add an MMDB_read_node function REVERT: f53196564 Remove unused DPRINT_KEY REVERT: a69e2ba48 Test and fix handling of zero-length entries REVERT: 58e51127b Fix a bug where offset_to_next was wrong after following a pointer REVERT: b675c4d89 Fix typo in test description REVERT: 8dac36eb7 Refactor MMDB_aget_value REVERT: daf4ea0e0 Updated to latest test data REVERT: 0b4faefa1 Add some more debugging output REVERT: 394f725b1 Rename a confusing variable REVERT: 51614498c Debug functions need to be at top of file to be seen REVERT: 4385eb3a9 Update to latest test data REVERT: 643f323b3 Loosen build_epoch test - just check that value is greater than a known epoch REVERT: cde10cafc Clarify the lookup path argument(s) to the {,v,a}get_value() functions REVERT: eda042947 Small wording tweak in docs REVERT: a730feaed Remove the memory cache mode REVERT: e008a6daa Add a --benchmark options to mmdblookup REVERT: 92c554a21 Change SYNOPSIS to just show prototypes and some data structures REVERT: 94ecf15b7 Minor wording changes REVERT: 497fd7c6d Make sure maxminddb_config.h gets installed REVERT: 584d7e37c Define public maxminddb_config.h header properly REVERT: 4daf9f093 Revert "Install config.h as maxminddb_config.h" REVERT: bf9ea1730 Remove unused MMDB_new_mddb function REVERT: 08ec9d99b Make open_ok() check to see if the file is readable first REVERT: 9f4a988a5 Install config.h as maxminddb_config.h REVERT: 6c412f758 Expose a MMDB_UINT128_IS_BYTE_ARRAY macro REVERT: a375982c6 doc spell fix REVERT: 09ec1079b Reflow paragraphs and clean up whitespace. REVERT: 986135ae8 Add link to MaxMind DB spec REVERT: 9f343cf8a Small doc tweak for clarity REVERT: 2b311b712 Fix memory leaks in metadata_t.c REVERT: ae94effc1 Forgot to regen the headers after the last change REVERT: addd3a0f0 Remove obsolete docs and pydemo code REVERT: 0d5712c80 Docs are now complete REVERT: 02d8469a8 MMDB status codes are int's, not uint16_t's REVERT: be40c31a2 Make MMDB_new_entry_data_list private - there's no need for external code to call this REVERT: b3f1f0bad Spell out POINTER and EXTENDED in data type macros REVERT: b93c3ed0c Add a has_data member to the MMDB_entry_data_s struct REVERT: 3e8302b01 Make MMDB status/error code an int everywhere REVERT: cb9d3a11a Suppress unused var warning REVERT: 169e66064 Rename vars for *_get_value for consistency REVERT: cc8c40842 Compile with Clang as well REVERT: d800c47bc Work in progress on docs REVERT: ba0281287 Replace if chain with switch in MMDB_strerror REVERT: 4fd969156 Comment on why the calloc() calls are needed. REVERT: 77cb5559b Replace a calloc with a malloc REVERT: 28faef232 This code doesn't compile as C++ so remove the __cplusplus cruft REVERT: 9f8c2233d Make MMDB_metadata_s->database_type const REVERT: d35dc0f70 Avoid a warning from the test code REVERT: 8a66761d8 Make MMDB_s->filename const REVERT: 50eae774b Reverse the sense of the check for the unsigned __int128 type REVERT: 534854970 Use autoconf to check whether we need to link against libm REVERT: 8fb73ea7d The only function we actually check for in the code is memmem REVERT: 4eff1e54b Skip the entire test if we don't have open_memstream REVERT: ed78bd389 Rename HAS_* macros to HAVE_* REVERT: 1ce227a36 Check for the open_memstream() function in configure.ac REVERT: 2435df4e3 clang wants -lm and this doesn't seem to matter either way for gcc REVERT: 4b0b0a21f All my todos are done! REVERT: 809ae49a3 Add conditional compilation for UINT128 REVERT: 25e9aef68 Fix broken use of strcmp when I needed to use strstr REVERT: 0381d396a Add a check for unsigned __int128 type REVERT: 74c29f614 We're not using the uintptr_t type in the library REVERT: 0c510452a Make sure that we don't attempt to read past the end of the data section REVERT: 53581c872 No record in the search tree should ever resolve to zero REVERT: df9b29f41 Check that a search tree's resolved data pointer doesn't go beyond the bounds of the data section REVERT: 60d63725d Add comment about remoing -O2 from CFLAGS & CXXFLAGS REVERT: 050ac9663 Check that metadata ip_version is 4 or 6 REVERT: a29e68c8a Add size validity checks for float & double types REVERT: cff58f726 There's really no case where we shouldn't follow a pointer during decoding REVERT: 410942079 Can't run cpanm for a C project in Travis REVERT: bec7d51b2 More TODOs are done REVERT: 63e6471e0 Install Test::More and IPC::Run3 for the benefit of the mmdblookup test REVERT: 878467d9f Add some tests for mmdblookup REVERT: 4ef5b20b8 More TODOs are done REVERT: ae1e8ecc4 Add details about lookup paths to the mmdblookup help output REVERT: 2dc2a6756 Add an API to get the database's metadata as an *entry_data_list REVERT: 1f3b5c5ac Use Greg's suggested algorithm for bytes_to_hex REVERT: 39073873f Put a guard around the #define _GNU_SOURCE line REVERT: dd51d1060 Shut up one last warning from test code REVERT: aa5f6b54f Mark function only used for debugging so they're not put into prototypes at top of file REVERT: 047cd6364 A few more uncrustify tweaks REVERT: ba5426697 Add UNUSED macro to mark unused parameters REVERT: ed87e2dd1 Sort and align each group of config directives REVERT: 8bbae8366 Fix compiler warnings in test files REVERT: e5562f906 Fix "sed" typo in configure.ac REVERT: f8ee47dab Fix various compiler warnings in mmdblookup.c REVERT: 408f5a70a Ran uncrustify REVERT: 56604952f Only use MMDB_aget_value internally REVERT: 99318056a Since we're going to read or mmap the entire file, just use that to find metadata REVERT: 3cd782cd6 Move debugging macros to maxminddb.c and start refactoring debug output REVERT: 7fc8f047a The binary_format_minor_version can be 0 so we can't really check it REVERT: 5128081c2 Include string error when open fails REVERT: 73a6d7ec1 Don't free path when we still need it REVERT: 71d534e53 Check that every metadata key has a sane value REVERT: c093136c2 Don't add -O2 when configure gets --enable-debug flag REVERT: 7004f6df4 Just use (char *) for strings, not (unsigned char *) REVERT: 766099ac5 Fix a bunch of warnings from -Wall and -Wextra REVERT: 2195a7ed9 Add --enable-debug configure flag REVERT: 1f9aee5f1 Reorder functions in maxminddb.c to roughly match call order REVERT: 900ac7d83 Small code simplification REVERT: 46495c1b8 include more information when MMDB_open fails REVERT: 8b2b6a18e Remove pointless init() function REVERT: c7eb75b50 Don't attempt to read more data than the size of the file when looking for metadata REVERT: 4b485dbb6 Make comparison look like all the others (NULL == ...) REVERT: 372397a15 Improve error message formatting for mmdblookup REVERT: 3f4657056 Don't blow up with a bad read when we fail to initialize the metadata REVERT: 051472e0c Add a bunch of missing frees in dump_t.c REVERT: 925c844dd Fix a few more memory errors REVERT: dd901643b Fix memory errors in MMDB_lookup_string and resolve_any_address found by valgrind REVERT: 79b3a3a88 Just call MMDB_lookup_sockaddr from MMDB_lookup_string REVERT: 2b7290427 Update valgrind-all which new tests and removed CLIs REVERT: d266fa870 Check all allocations in MMDB_vget_value REVERT: d0e221cb3 Greatly simplify MMDB_lookup_string REVERT: bf3f55719 Properly regen prototypes in maxminddb.c REVERT: abb467e93 Uncrustify mmdblookup.c REVERT: 8d9bdf78f Don't try to regen prototypes for files which no longer exist REVERT: ad19e61f8 Remove unused code in bin and update bin/Makefile.am REVERT: ddb312ddb The mmdblookup command now works for any type of lookup REVERT: c02261a52 Uncrustify new test code REVERT: 0d6704fb6 Rename path_elemlen to path_elem_len REVERT: c07908ce1 Rename src_key => path_elem REVERT: df6b55151 Add MMDB_aget_value function REVERT: 89cfc93d9 Fix struct initializer alignment with uncrustify REVERT: 049dbfccb Untabify file REVERT: 64729b4f4 Set max line length for uncrustify REVERT: 039cd144b Check in properly regen'd headers REVERT: 7b8b30e24 Fix one last bug with regen headers REVERT: acf71545b Don't rewrite files when they haven't changed REVERT: 933361fc6 Run regen-prototypes on mmdblookup.c REVERT: 64c015d18 Fix regen-prototypes to actually work REVERT: fedb8e6e3 Remove semi-colon from macro REVERT: e9703d0cb Align the backslash for multi-line macros REVERT: 2dff8eb5f Uncrustify appears to be idempotent - no need to run it twice on each file REVERT: 4b76a3c18 Use uncrustify instead of indent REVERT: 901066f83 Remove semi-colon from macro REVERT: 67bef088d Add a script to run indent on all files at once REVERT: 2bdbc8033 Remove not very useful comment REVERT: 6daad287e Don't let indent reformat auto-generated prototypes. REVERT: 6eb2ecf2f Add MMDB_lookup_sockaddr function to libmaxminddb REVERT: 81dc11136 Replace int with bool for is_ipv4 variable REVERT: c8a6317c7 Don't assume struct only contains one member REVERT: a2c54f600 Shut up compiler warning REVERT: 2cf725ccb Rename lookup_ok to string_lookup_ok in the test helper lib REVERT: c7842ac5d Make MMDB_lookup_string return a result struct, not a pointer REVERT: 3ac9deb4d Rename MMDB_lookup to MMDB_lookup_string REVERT: 82304fcab Remove a done todo REVERT: 508954682 Add tests for MMDB_dump_entry_data_list REVERT: 21ba65c50 More todos done REVERT: d381dc2da Make the entry list dump output pretty REVERT: fcf67d543 Change MMDB_DTYPE to MMDB_DATA_TYPE REVERT: c2be9ad3e Remove MMDB_DTYPE_MAX REVERT: 68e215fd5 Rename the various error macros REVERT: f47d97dd0 Some todos are done REVERT: 2af119bf9 Add MMDB_INVALID_DATA to MMDB_strerror and add handling for unknown error codes REVERT: 7b1ff3927 Allow dump_entry_data_list to set a *status var to indicate errors REVERT: a641b8d07 Update header file for earlier MMDB_free_entry_data_list var name change REVERT: 5e17b50f8 Check memory allocations in dump_data_entry_list REVERT: 76a32aee8 Move declarations in dump_entry_data_list to where the variables are used REVERT: 4793d6263 fixed spelling REVERT: 1d64d7d64 More todos REVERT: 7712033fe Some todos done REVERT: e4cfdc5bc Make valgrind-all more thorough REVERT: 67af3d99c Make valgrind-all.pl executable REVERT: eb135135c Shut up some compiler warnings REVERT: 9ed330734 Fix memory leaks in no_map_get_value_t REVERT: ec6f82559 Fix memory leaks in metadata_t REVERT: 67a9f58e2 Fix memory leak in data_types_t REVERT: 6a2e44d06 Fix memory leak in basic_lookup_t REVERT: 40c294817 Add a script to run valgrind against all our binaries and tests REVERT: d8381849f Make tests a little smarter about finding the path to the test data REVERT: 0c2f942e9 Free all memory allocated in data_entry_list_t REVERT: d023e55de Rename var - freeme => entry_data_list REVERT: fe761c852 Add a test for the MMDB_get_entry_data_list function and the data structure it returns REVERT: d94d678b8 Add compare_float to maxminddb_test_helper and use that in data_types_t.c REVERT: 80b274abe Add missing test_database_path declaration back to maxminddb_test_helper.h REVERT: e1fb1f1da Fix parsing for prototypes so it doesn't break on static var declarations REVERT: 9d2246a02 Use new compare_double function to test double value REVERT: 422c113bb Use regen-prototypes.pl on t/maxminddb_test_helper.* REVERT: 71ad44799 Add compare_double function to maxmind_test_helper.c REVERT: 019756d72 Don't free the underlying MMDB_s struct in free_mmdb_struct REVERT: 27a843456 Rename MMDB_new to MMDB_new_mmdb REVERT: e580381b7 Rename MMDB_alloc_entry_data_list to MMDB_new_entry_data_list REVERT: 23d6a8679 Rename metadata_content var to last_128kb since that's what it is REVERT: 3553b00b0 Fix the metadata finding algorithm REVERT: b3afd6ae8 Don't export every function in maxminddb_app_helper.c REVERT: 867593f84 Update metadata max block size to 128kb REVERT: 0662f07e6 Make macros ALL_CAPS REVERT: b19b8cd89 Make regen-prototypes.pl run on bin/maxmind_app_helper.* too REVERT: d23ceca06 Remove unused code maxmind_app_helper.* REVERT: 224f7bf2d Add an MMDB_new() convenience function REVERT: b9eb76e33 Get CLI apps working (ish) REVERT: c46989e6f Make dump take a FILE * stream rather than only printing to stdout REVERT: 23cb1ba03 Add missing word in comment REVERT: 6460a5526 The entry_data.data_size member is a uint32_t, not an int or size_t REVERT: ebbf916af Move type declarations closer to where variables are first used REVERT: 103c3476b Slightly simplify some code REVERT: 02ce16e08 Update TODO list REVERT: 0f744fabf Make all decoding function return a status and check that status wherever they are called REVERT: c49648b92 Replace a bunch of assert() calls with error codes REVERT: ab0b4dded No need to chcek metadata_content allocation twice REVERT: 6869317a6 Update the TODO list REVERT: 8dd6d1a0f Rename silly_pindent to print_indentation REVERT: 681fb4f2a Check almost every memory allocation and return MMDB_OUT_OF_MEMORY if it fails REVERT: 0424d7c9f More todo items REVERT: e4608a212 s/MMDB_MODE_STANDARD/MMDB_MODE_MMAP/g REVERT: ca73d1a41 Remove MMDB_resolve_address REVERT: 5b8bb0d53 More todo items done REVERT: a346ee07a Updated many comments REVERT: c9985fcbb s/fname/filename/ for consistency in code base REVERT: 25f599886 Add a comment explaining use of MMDB_s when reading metadata REVERT: b1fac1cc7 Not going to create accessors for the metadata REVERT: 1462bdfec Not going to try to hide the struct definitions from the public API REVERT: f9a826933 Use metadata to determine ip_version, not mmdb->depth REVERT: facc8b31e Remove the fake_metadata_db and meta members from the MMDB_s struct REVERT: 661c85b69 Rename a few MMDB_s struct members REVERT: f8c516344 Another todo done REVERT: 65e4449a1 Fix MMDB_vget_value so it can lookup the first entry that an IP points to REVERT: 0293d4cd8 We need zero out the MMDB_entry_data_s struct REVERT: 96c9115d6 Fix a bug introduced in some debugging code after an earlier refactoring REVERT: 455ae069b Rename var from ioerror => status - it's not IO-specific REVERT: e250ebd6f Remove now unused custom test data REVERT: 460c5b3d2 Remove all references to MMDB_DEFAULT_DATABASE REVERT: 4ba303cb6 Remove another done todo REVERT: 7c7203178 Make guard macro name match file name REVERT: dadbfed7b Fix indentation issues when inserting prototypes into maxminddb.h REVERT: 167451877 Rename get_tree to get_entry_data_list REVERT: ae69f4a00 Rename MMDB_decode_all_s to MMDB_entry_data_list_s REVERT: 27d3e187d Get rid of the MMDB_decode_s struct entirely REVERT: 2625489e0 More todo items REVERT: 5ab59b2a4 More todo REVERT: 3a42c1b38 Make regen-prototypes.pl update the header file as well REVERT: 936cee314 Rename MMDB_return_s to MMDB_entry_data_s REVERT: 4e716f350 Add a TODO item REVERT: 976f3f15a Small variable rename - res => result REVERT: f6b6b13dc Make get_sintX return int32_t, not int REVERT: f6bef742f Remove some done todos REVERT: 8b4f6fc8f Actually rename MMDB_Helper.* files REVERT: c04abee96 Rename apps => bin REVERT: c463d943c Rename MMDB_Helper to maxminddb_app_helper REVERT: 12e5bd84c Rename MMDB_test_helper to maxmind_test_helper REVERT: e8fb21994 Removed old lookup functions REVERT: 6ca035d85 Make MMDB_DATA_SECTION_SEPARATOR private to maxminddb.c REVERT: 7a3a2bcb7 Rename MMDB_DATASECTION_NOOP_SIZE to MMDB_DATA_SECTION_SEPARATOR REVERT: 6bc43777b Remove some unused macros REVERT: 3850cf7b6 Tighten up type declarations REVERT: 0f041311c Changed the main data return type to include one union field for every data type REVERT: cb839350c Rename float & double macros to remove IEEE754_ from name REVERT: f4d24d7ac Use the uint64_t type for 64-bit ints REVERT: 16bde81a0 Remove some done todo items REVERT: 8e0336b5d Remove MMDB_strcmp_result, MMDB_pread, and bytesdup functions REVERT: 99eb96713 Run indent on code REVERT: d687098a9 Rename root => result REVERT: 3e6654b89 Moved and renamed many files REVERT: 702f3faec Simplify Makefile.am for apps directory REVERT: 19301bcbd Remove commented our programs REVERT: c44b27ca7 Remove country_lookup app REVERT: 504da65a6 Remove the dump test, since it's not really a unit test REVERT: d31484ec5 Indent code REVERT: 01b2573bd Simplify loop when checking search for address REVERT: ad7c08e0a Check that record size is 24, 28, or 32 - we can't handle other sizes right now REVERT: a3d6e6b3e Use a single function to search both IPv4 and IPv6 trees REVERT: 545a64a84 Don't hard code depth, get it from mmdb struct REVERT: 70ac743c9 Shut up some compiler warnings from test code REVERT: 9d87eb628 Free all result objects REVERT: f848c7219 Fix bad malloc size - we need the size of the struct, not the size of the pointer REVERT: a2e860655 Fix memory leaks in test code REVERT: e1eccfbb5 Fix memory leak in MMDB_lookup when lookup fails for some reason REVERT: 00180ef80 Add a thorough lookup test REVERT: cdca24377 We have to convert the result of getaddrinfo into network byte order when calling MMDB_lookup_by_ipnum() REVERT: 2f94c5f06 Copy the sin_addr.s_addr struct member rather than the whole sin_addr struct REVERT: 17d22f23e Use MAP_FAILED macro to check mmap result REVERT: 9d6dd3d7a Sort include lines REVERT: 1c75e8bc7 Move all headers needed by tests to MMDB_test_helper.h REVERT: aca84b2e5 Move tap code to t/libtap REVERT: 2061c5788 Require mmap function REVERT: c6bc7f18b Require the uint64_t type REVERT: 6583d9c72 Use cmp_ok() instead of ok() where appropriate REVERT: 9eda7f767 Move type declarations to where variables are used REVERT: a3ffe1e70 Get build_epoch metadata key and test this REVERT: 39ac8ca22 Get rid of file mode REVERT: 3795e4f6a Complete data types test REVERT: 47d7044c8 Updated maxmind-db submodule REVERT: 770224aaf Make vget_value an external function as MMDB_vget_value REVERT: ead704dfd Rename variable from ok to is_ok so it's not the same as the ok() function REVERT: 8587968de Reorder a few more functions REVERT: 0974659c8 Reorder functions and defines REVERT: 398b25822 Use ip_version from metadata rather than depth REVERT: 06b2eed35 Remove MMDB_BROKEN_TYPE define REVERT: c22ca8a1c Move all local function prototypes to the top of MMDB_Core.c so we can order them sanely REVERT: 7cb5638b4 Make sure all MMDB_ prefixed functions are in MMDB.h REVERT: b4bf47a1a Tell indent about all of our typedefs and re-indent source files REVERT: 1c475030b Rename MMDB_root_entry_s to MMDB_lookup_result_s REVERT: 0c5344b5e Include struct name in declaration REVERT: 7c5faa304 Run indent on all updated code REVERT: 8d39c9ace Change .indent.pro to spell all options out and sort them REVERT: 19247e4cb Avoid possible double free of metadata_content REVERT: 5fb4dd77f Fix various compiler warnings about implicit casts REVERT: caf96044d Free path string REVERT: f14350549 Make sure to free metadata_content if we're not saving it in the mmdb struct REVERT: 4c1ec9cea Make sure to free allocated decode_all structures while getting metadata REVERT: c32385455 Add implementation and tests for getting description metadata REVERT: 41d6cc7f0 Don't hard code string length, use strlen() instead REVERT: 265dc075f Avoid a compiler warning by casting to non-const when calling free() REVERT: 33ef5e022 Include cast in call to strndup REVERT: 9f894d851 Tweak TODO wording REVERT: 72836ff23 Add a TODO file REVERT: bebd98fb1 Improve debugging output for string & byte fields REVERT: 00cb43887 Populate languages in metadata REVERT: db7f9192c Improve dump to show more info about all types REVERT: 2e570f6a6 Move metadata marker string to a define REVERT: f5eed25ad Make MMDB_get_tree void REVERT: 8862d1633 Avoid warning from call to free REVERT: 5ff5aff59 Rename variable named "tmp" REVERT: 036212076 Remove unneeded variable REVERT: 13dabd18d Get database_type metadata REVERT: f2623c886 Use MMDB_get_value in get_uint_value, and do pass NULL as last arg REVERT: e328a11b8 Move get_uint_value so it's near the only function that uses it REVERT: 2286a06bd Remove unneeded MMDB_get_uint function REVERT: a0adeff81 Start refactoring metadata handling REVERT: 81cedc52e Add a helper function to construct the full path to a test database REVERT: a4b95a76d Check all malloc calls with an assert REVERT: 7d498f7ce Can't reorder struct defs in MMDB.h REVERT: f9f1f006e Run indent on MMDB_Core.c REVERT: 2afa96b1a Small cleanup to MMDB.h REVERT: d7c9ab551 Add MMDB_lookup public function to lookup an entry from a string address REVERT: 9578bc260 Update to latest MaxMind-DB test data REVERT: bff8ca3d5 Make fdlookup_* function LOCAL REVERT: bb3cc8daf Start of new tests with more helpers REVERT: d5e011cd3 Make MMDB_open return the status code so we can do something useful with failures REVERT: df059e211 Rename error codes to be more readable and make them positive numbers REVERT: b74face41 The BROKEN_PTR issue has been resolved for a while, remove this macro REVERT: 6e46a3103 Update maxmind-db submodule REVERT: 3b104ea67 Fix ignore rules for generated files in t/ dir REVERT: b4689d8a6 Work in progress on revising the libmaxminddb tests REVERT: 9a85bf535 Add a .indent.pro file REVERT: dedf3389b Make indentation in configure.ac consistent and remove tabs REVERT: 250d5ccad Add maxmind-db submodule REVERT: 8b70b2ee6 Bump the version and switch to three-part version (0.4.0) REVERT: 5b8b4f300 Check the return value of all memory allocation operations REVERT: 423e39c18 Put curly braces on all if/while/for clauses REVERT: 11d0d2cd3 Remove vestigial if clause REVERT: 8aa0d3a59 Rename MMDB_lookupaddressX to MMDB_resolve_address REVERT: 436d90c36 Move all types into the switch statement in get_tree REVERT: d7c493122 Remove an extra unneeded variable assignment REVERT: 554760c09 Fix indentation REVERT: 075f5fbc4 Simplify the implementation of MMDB_get_tree REVERT: 1faef32a4 Add .gitignore REVERT: 6c664dcd3 Remove extra sets of parens REVERT: 984aeaba0 Remove trailing whitespace REVERT: bd9b63617 Add docs and example how to use the CAPI REVERT: b24929ce6 Remove commented area REVERT: dbb91d02f Remove used code REVERT: 4d766bd81 Handle only known binary databases REVERT: c8bdc106c Configure should check for some more types and functions REVERT: c3b3c67ce Free meta buffer on cleanup REVERT: 82f13af73 Beautify the helper functions a bit REVERT: 8ecb5d325 Add more tests REVERT: 56df93005 Search the database for a specific field. REVERT: 77a24abab Fix debug output typo REVERT: bfdf3a090 The default database file should be GeoIP2-City.mmdb REVERT: 2f6726ba7 The filename is read only REVERT: a2fff26fa Remove superfluous default db definition REVERT: 138595e8f The default database name has changed REVERT: 98f231028 free_all is not a public function REVERT: 37a720d0d .travis.yml typo fix REVERT: 8db63d5b3 Test with Travis REVERT: beb213082 Test automake version before using serial-tests REVERT: 5c30791b2 Use the same pread like function erverywhere REVERT: f2e53b4e1 Run test more comfortable REVERT: d7a149804 Rename atomic_read to int_pread REVERT: 66a08c412 Remove unused code REVERT: dde4937a3 Use generic pointers to our data REVERT: fc6d65ef7 Enable tests for file based databases REVERT: 7dcd68599 The diskbased functions to dump the database structure need to know about the database / filehandle / size / ... REVERT: fda904f0a Export MMDB_pread - comfortable pread replacement REVERT: a29b08cda Force binary float and double types to 4 and 8 bytes in size REVERT: 12c456ec5 Paranoid check the size of larger integer types REVERT: 0de283e29 Force the size of the binary float and double types to 4 and 8 REVERT: 85ceba87d Paranoid check the size of larger integer types and read them into the buffer REVERT: 405bb710c Make sure the minibuffer size is at least 128 bit REVERT: 36c3cbe0e Add debug info REVERT: e62f2669a Do not test the diskmode, it is unfininshed REVERT: d4e230293 Use a more common method to check the byte order REVERT: 7b1687fd7 Add missing include math.h REVERT: d74b1dab6 Remove the v4 test file. REVERT: ee3c62efa The lookup test use all new test databases REVERT: 50cc741ec Add test database files REVERT: b788ee7bd Update test database REVERT: 26b28750b Add new float and double types - remove the old double type REVERT: 2e1688617 Add function to compare floats REVERT: 735c89309 Simplify string double types. REVERT: dac990d5f Update version to 0.3 since API has changed - we support binary float and double REVERT: 0f489f7fb Update configure.ac make sure the OS provide whatever we need REVERT: 1e3818fe5 Memorize database filename REVERT: 83fbd55f9 Fix typo the function name is memmem REVERT: fa682785a Use custom memmem function unless OS provides memmem REVERT: aa82d4e68 configure should check for memmem REVERT: dda2c526e Add AC_PROG_LIBTOOL to configure.ac REVERT: 0265d606f Check error codes more carefully REVERT: bacb32f5e Remove odds and ends from fast ipaddress conversion. We use the simple semifast getaddrinfo for now. REVERT: c4afd570b Remove unused vars REVERT: b05699da6 No need to initialize MMDB_decode_all_s REVERT: b7be4ef21 No need to initialize MMDB_decode_all_s REVERT: e750068bf Remove unused vars REVERT: 6fc5508ca Silence warining REVERT: 0e6ce35da Silence sign warnings in endian test case REVERT: eca7fb030 Add simple test for bin float and double types REVERT: c105e1f45 Add binary float and double types REVERT: dc74aa06a The country code's name has changed to iso_3166_1_alpha_2 REVERT: 3661d32df Use names not name REVERT: 10668e70b Jump to disk functions in STANDARD_MODE REVERT: f635a1f14 Metadata is always in memory. REVERT: 4ac2410b9 Skip some tests if the database is to depth for the test REVERT: e844317a3 Use GeoIP2-City.mmdb as default database REVERT: 2ad26e31c Simplify all tests REVERT: 4be5ff8cf Add test_helper.[ch] to our test files REVERT: f6ac474d9 t/dump_t.c: Remove unsed code REVERT: 1d23b9aea Remove unused code. REVERT: 2c2c3e3e6 Make all defines consistent REVERT: c5ef0d501 Add boolean test. Unfortunately there is a bug in the diskbased code somewhere REVERT: 3513a3263 Update v4-28.mmdb b/c the database file was broken. REVERT: 954c67a63 Add v4 test database with boolean data REVERT: 442a4ca20 dump can handle boolean data REVERT: c098e59ba Update version number 0.2 b/c boolean is a new datatype REVERT: 9eeec3a2c Handle boolean datatype REVERT: 394fe05f4 Add MMDB_TRUE and MMDB_FALSE it looks better REVERT: fa630999c Require autoconf 2.65 rather than 2.68 REVERT: 7fac05fa6 Copied bootstrap script from geoip-api-c to be used by the installer REVERT: 71c2e5756 Simplify code. REVERT: 9da53a2f6 Remove mmdblookup6 - mmdblookup can do almost the same REVERT: 49d5f49ff mmdblookup works for IPv6 and v4 REVERT: 829acaf82 Remove superfluous code REVERT: 2a709a013 Move is_ipv4 to MMDB_Helper.c REVERT: c85f7e73b Remove mmdbdump6 - mmdbdump can do almost the same REVERT: 0c70997e0 No need to allocate memory. MMDB_get_tree does it for us REVERT: 089bfd931 mmdbdump works with IPv4 or v6 databases REVERT: 3a1ff3ad9 Allocate the structure inside MMDB_get_tree - One line of code less in user code. REVERT: aa5e7fe21 Remove unused functions REVERT: dcd644e1d MMDB_lookupaddress* functions convert hostname or ipaddress into useful numbers REVERT: 6df4817e9 Fix largest memory leak temporary REVERT: 9770fc419 Use calloc(count, size) not the other way around REVERT: 41cc100ae Add new functions MMDB_alloc_decode_all and MMDB_free_decode_all REVERT: 422974bec Do not free memory twice REVERT: ea9d80aa1 Remove usage function. It is now in MMDB_Helper.c REVERT: ef699913f mmdbdump use the same dump functions as mmdbdump6 and mmdblookup* REVERT: 4edddad33 Add mmdbdump6 REVERT: e26060755 Remove unused vars REVERT: e770bce15 Use another default database and update the country code field name REVERT: 73fdf259a mmdblookup should share some code with mmdblookup6 REVERT: 64035ed54 Add mmdblookup6 to lookup v6 databases REVERT: 8f4786219 Fix strange decoding bug REVERT: d7334b480 MMDB_dump: Assume success until I have a better idea REVERT: f572243a0 We renamed the fields in the database. So I do here REVERT: 7790bc4e1 Rename err to status REVERT: 6b0875ee2 Fix Makefile to build mmdbdump REVERT: 4370d658d Fix Makefile for mmdbdump REVERT: 520ae4e7b Dump should dump to stdout REVERT: 425b59615 Add debug info in get_tree REVERT: 22828d2b3 Fix follow pointers almost REVERT: 32bdcf655 Fix MMDB_DTYPE_UINT64 and MMDB_DTYPE_UINT128 REVERT: e0e302f80 Read MMDB_DTYPE_INT32 datatypes a bit smarter. REVERT: cb4dc7800 Define internal functions as static but not in debug mode. REVERT: 1a238728d Remove BROKEN_SEARCHTREE workaround. The searchtree is fixed. REVERT: ad35795de Make sure to chain array entries in the correct order REVERT: 792414869 Calculate array and hash size correct REVERT: 83e7c658d Define MMDB_DATASECTION_NOOP_SIZE - really. REVERT: 9118544be Asume pointers do not include the size of MMDB_DATASECTION_NOOP_SIZE. REVERT: 432f11c5c Fix: ptr was not defined in MMDB_open/init REVERT: c3d01b4c8 Add debug output REVERT: b9a7fd845 The current type is still broken, but in a minor way REVERT: 52a9cbe88 Pointer seems to be fixed. Do not use the BROKEN_PTR workaround REVERT: 6b0bb5b80 Add debug macros REVERT: 8f77a66aa Add MMDB_DTYPE_MAX - simplify internal error checking REVERT: e40ff0e04 Successful searches without result return now the number of nodes REVERT: b77418f0d Add apps/mmdbdump - tool to dump a poor hash REVERT: af8f50a5e mmdblookup: Cleanup earlier REVERT: 056d0b4a2 mmdblookup: Die if the database is not avail for some reason REVERT: 850a29e4e mmdblookup: Make sure we have a database name REVERT: 03f626293 mmdblookup: Add simple metadata dump option REVERT: d7c2f63c6 mmdblookup: Simplify die on error REVERT: 7c176fe15 Add MMDB_close the database and cleanup REVERT: 5259f4416 Add dump_meta_t.c example to dump the meta data hash. REVERT: 0ddb96653 Create a database entry structure for the meta data. REVERT: 267a85be0 Add dump_t.c example REVERT: aecba2d71 Autoconf should know about the dump_t script REVERT: bf927d816 Add UINT64 and UINT128 datatypes REVERT: 946f63c63 HASH is called MAP nowadays REVERT: 6132cac83 Fix overlooked merge conflict REVERT: 995b2c79b Add functions to map and dump the whole hash REVERT: 2dfde88c1 Rename some vars inside atomic_read REVERT: 0822dfef9 Convert only numbers with 255 or less characters REVERT: 843ae39f0 Fix test open_t.c REVERT: 7e3d84ce0 Rename MMDB_s.segments to MMDB_s.node_count REVERT: fed1c68e7 Add UINT64 and UINT128 datatypes REVERT: fa6482fbd Remove missing underscore from function names REVERT: d80c892cc Replace recbits with full_record_size_bytes REVERT: 8e2ce23b4 Rename HASH to MAP REVERT: 25ab273d4 Remove MMDB_s.info REVERT: 4ddf31662 My linux provide only this version REVERT: d02f3631b Fix issues with linux headers REVERT: 6166c2c1b Install header files REVERT: dde3ee511 Check version string only if MMDB_lib_version != NULL REVERT: 5749806f8 Add test version_t REVERT: 4fd99c806 Add MMDB_lib_version REVERT: f463b568b Do not install test scripts REVERT: 3c60068f6 MMDB_lookup_by_ipnum use MMDB_fdlookup_by_ipnum for now to make the tests happy REVERT: 380e4dd1e Add tests for STANDARD MODE REVERT: 9ba7403c0 Workaround the ext_type implementation of MMDB REVERT: 5735b0547 Remove leading underscore from static functions REVERT: 2474d6bb5 Rename MMDBget_uint to MMDB_get_uint REVERT: e14ec986b Add small description to our structures. REVERT: a4a8e7411 Remove currently unused fields in MMDB_entry_s REVERT: 1cf19db5f Reindent REVERT: 77614913a Move MMDB_strcmp_result into libmaxminddb. REVERT: 67b4ce67c Rename wantatomic_read to want_atomic_read REVERT: fe39c3d5a Remove forgotten return MMDB_IOERROR line REVERT: 3bbfe45a3 Cleanup MMDB_lookup_by_ipnum a bit REVERT: 034a362a2 Fix warnings to keep the compiler happy REVERT: 7634e7d05 Move function definition of get_ext_type REVERT: f2499d0f1 get_ext_type is a function REVERT: 376e82ecc Avoid underscore functionnames. Extenal functions use the MMDB_ prefix all others are static REVERT: ab7fc2804 Add missing functions to complete the STANDARD_MODE REVERT: dbde94b61 Add missing prototype REVERT: d231711f6 Add prototype for _fdskip_hash_array REVERT: 82edb23da Add _fdvget_value the invisible part of MMDB_vget_value REVERT: 16064cc74 Add _fdskip_hash_array - skip diskbased hashs or arrays REVERT: c7721df47 Refactor fd functions REVERT: a6760bc17 Move MMDB_strcmp_result around REVERT: d491eb4ee Add lookup tests REVERT: 4e24c03eb Simplify Makefile.am REVERT: 2570fbf26 Add mmdblookup and country_lookup apps REVERT: 591029536 Remove examples for now. REVERT: 7d56c8537 Add tests REVERT: bbd4025b8 Prototypes must be static for static functions REVERT: 6ca8a19fc Use a macro to end the search until the database build code is updated. REVERT: d66abc9ec MMDB_vget_value works and pass all tests, but it should be refactored once we have more tests. REVERT: 56bce06fc Functions without the MMDB_ prefix should be static REVERT: 403769bef offset should be uint32_t otherwise real big databases might not work REVERT: 1b0927d39 Use just U not UL for unsigned constants REVERT: c3115b0ab Add woraround the broken end of search marker. It should be segments not zero. REVERT: 149a4c0f5 Cleanup - Remove unused includes REVERT: 41647d563 MMDB_vget_value return useful data and handles all our datatypes REVERT: 41f524357 _decode_one survive MMDB_DTYPE_ARRAY types REVERT: d9a4b8ac9 Add utility function ( _skip_hash_array ) to skip over inlined arrays or hashes. REVERT: 21188ee2e Add function _DPRINT_KEY it printf the key's name to stderr REVERT: f7195c7e2 Remove superfluous function definition REVERT: 0e888e631 Ignore database_type for now. REVERT: 6e591f5e8 Store the start of the datasection in MMDB_s.dataptr REVERT: e2f6d32f3 Remove MMDB_s from *lookup_by_ipnum*'s declaration and definition REVERT: 2a05543f0 _decode_one store the start of the decoded field REVERT: ecb9aac97 Our small pointers include always the smaller range. REVERT: f4ef6f88a MMDB_return_s holds more return types and the beginning of the decoded field REVERT: 87b90201d Declare some functions in MMDB.h REVERT: 752513446 link mmdblookup with the mmdb library REVERT: 0760a6da5 EXT_TYPE is encoded wrongly - Compile with -DBROKEN_TYPE REVERT: 2af8cb8bf data_size is not part of the union. REVERT: 5058f9a56 _init use the new metadata hash REVERT: e92eefeea Add new function to search for a value in a hash or nested hash REVERT: 08ea173d9 Add macro to simplify variadic arguments REVERT: 21d3edc0b Add temporary helper function to decode signed 32 bit integer values REVERT: 3ec2f172e Add const correctness to _get_ptr_from and fix a typo REVERT: 0622123fe The new function _decode_one decodes exactly one item REVERT: 9824aaa8e MMDB_decode_s replaces MMDB_decode_key_s, MMDB_Decode_Value and MMDB_Decode_Key REVERT: 686b53806 Rename MMDB_entry_s.ipdb to MMDB_entry_s.mmdb REVERT: e6d50eb83 _decode_key does not use segments ( segments was always 0 ) REVERT: 41b81fa44 Add new function to search for values in hashes REVERT: 84891bd81 Rename ipdb with mmdb REVERT: 4435119be Refactor pointer lookups in _decode_key and _fddecode_key REVERT: 1307a46bc Add struct MMDB_return_s - the anything container REVERT: d249fa7de Add array datatype REVERT: 9a5f2215c Use the new name libmaxminddb in the apps/ directory REVERT: 5d2df54f5 Rename the database to maxminddb REVERT: c1df0e1d0 Add some options to the dummy lookuptool mmipdblookup REVERT: d56918877 Add stdlib.h to configure.ac REVERT: b4025ff67 Another cast to make the compiler more happy REVERT: 8b8a172a3 The database file is read only for the decoder REVERT: 885ae1b7c cast to const char * makes the compiler happy REVERT: b28e857f7 The search result is an offset not a pointer. REVERT: c6f1f0244 struct MMIPDB_Lookup is now MMIPDB_root_entry_s REVERT: ae71d89aa Remove private functions from MMIPDB.h REVERT: 63f758c26 Add MMIPDB_decode_key_s the replacement for struct MMIPDB_Decode_Key REVERT: 906196793 Add missing header files REVERT: 3b41f8bff Add more types and headers to configure.ac REVERT: f0933495a Update and indent the dummy helper and lookup program REVERT: fe40cd9d2 Update name and path in our Makefiles and configure scripts. REVERT: 1e46de58a Rename files in apps/ REVERT: 37db860db Rename GEOIP_CHKBIT_V6 to MMIPDB_CHKBIT_128 REVERT: 70383cf85 Fix a few datatypes REVERT: 14cb6c851 Use MMIPDB* instead of IPDB* REVERT: 5fa8b701b Indent MMIPDB* files REVERT: 151b44a7d libIPDB is now libmaxmindipdb REVERT: 3a7032002 Rename IPDB* to MMIPDB REVERT: bd856e962 Add used indent.pro style to the README REVERT: 40048f527 Add apps/ directory with ipdblookup REVERT: 02c8a477e Include tap files from https://github.com/zorgnax/libtap for the tests REVERT: 903a1b81e libGeoIPDB is now libIPDB REVERT: 74e8ef9c1 autotools use libIPDB REVERT: 7ae9d6181 __IN6_ADDR_IS_NULL check if ipnum is all zero or not REVERT: 84e6c5aab Update Makefile.am REVERT: 2c018bb7d Rename GeoIPDB to IPDB REVERT: eabb788a9 Use ipdb instead of gi for the database object REVERT: ae9dfece8 Use IPDB_s for our struct IPDB REVERT: c7b5686aa Rename GeoIPDB to IPDB. REVERT: 258360417 Indent GeoIPDB_Core.c REVERT: 9e7ae48e7 We use struct in_addr and struct in6_addr to do the lookup. REVERT: e501579c0 We do not use v6 addresses, instead we work with 128 numbers REVERT: 7abe19c92 Rename struct GeoIP2 and GeoIP2 function prefix to GeoIPDB REVERT: 9ee6959b4 Rename error codes and database constants REVERT: 3f5feb9fe Remove more functions that deal with ipaddr - users can do it on there own REVERT: 3bc518fbf Remove another fucntion to convert the ipaddress fast into ipnum REVERT: 73bc5a99a Rename U32 and U8 to more common uint32_t and uint8_t REVERT: 216a83fa3 Remove functions to convert the IP-Address to ipnum REVERT: 1059d2661 Rename the library almost everywhere REVERT: 9c06f14d3 Rename GeoIP2 as GeoIPDB REVERT: 8df30d87e Move the structs into a meaningful order REVERT: f18d67e4c Add some early build notes to the README REVERT: 4c273eeb6 Indent header file and rename structures a bit. REVERT: 48321c4d8 Create geoip2-api-c repo with autotools git-subtree-dir: src/deps/src/libmaxminddb git-subtree-split:f24301d52b
This commit is contained in:
Théophile Diot
parent
805e5c9cee
commit
3595b0c77a
6023 changed files with 1595694 additions and 178 deletions
6
.dockerignore
Normal file
6
.dockerignore
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
.git
|
||||
.idea/
|
||||
.vscode/
|
||||
__pycache__
|
||||
env
|
||||
node_modules
|
||||
21
.gitattributes
vendored
Normal file
21
.gitattributes
vendored
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
* text=auto eol=lf
|
||||
|
||||
# Folders
|
||||
src/deps/src/** -text -eol linguist-vendored=true
|
||||
src/common/core/modsecurity/files/** -text -eol linguist-vendored=true
|
||||
src/ui/static/js/editor/** -text -eol linguist-vendored=true
|
||||
src/ui/static/js/utils/purify/** -text -eol linguist-vendored=true
|
||||
src/ui/static/webfonts/** -text -eol linguist-vendored=true
|
||||
src/ui/templates/*.html -text -eol linguist-vendored=true
|
||||
src/common/core/antibot/files/*.html -text -eol linguist-vendored=true
|
||||
|
||||
# Files
|
||||
src/deps/misc/lua-pack.Makefile -linguist-vendored=true
|
||||
src/deps/misc/ngx_http_modsecurity_access.c -linguist-vendored=true
|
||||
src/ui/static/css/datepicker-foundation.css -linguist-vendored=true
|
||||
src/ui/static/css/flatpickr.css -linguist-vendored=true
|
||||
src/ui/static/css/flatpickr.dark.css -linguist-vendored=true
|
||||
src/ui/static/js/tsparticles.bundle.min.js -linguist-vendored=true
|
||||
src/ui/static/js/utils/flatpickr.js -linguist-vendored=true
|
||||
src/common/core/errors/files/error.html -linguist-vendored=true
|
||||
src/common/core/misc/files/default.html -linguist-vendored=true
|
||||
91
.github/ISSUE_TEMPLATE/bug_report.yml
vendored
Normal file
91
.github/ISSUE_TEMPLATE/bug_report.yml
vendored
Normal file
|
|
@ -0,0 +1,91 @@
|
|||
name: 🐛 Bug Report
|
||||
description: Create a report to help us reproduce and fix the bug
|
||||
title: "[BUG] "
|
||||
labels: ["bug"]
|
||||
body:
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: >
|
||||
#### Before submitting a bug, please make sure the issue hasn't been already addressed by searching through [the existing and past issues](https://github.com/bunkerity/bunkerweb/issues?q=is%3Aissue+sort%3Acreated-desc+).
|
||||
- type: textarea
|
||||
id: what-happened
|
||||
attributes:
|
||||
label: What happened?
|
||||
description: Concise description of what you're trying to do, the expected behavior and the current bug.
|
||||
placeholder: Describe the bug, the expected behavior and the current behavior
|
||||
validations:
|
||||
required: true
|
||||
- type: textarea
|
||||
id: how-to-reproduce
|
||||
attributes:
|
||||
label: How to reproduce?
|
||||
description: Concise description of how to reproduce the issue.
|
||||
placeholder: Describe how to reproduce the issue
|
||||
validations:
|
||||
required: true
|
||||
- type: textarea
|
||||
id: configuration-file
|
||||
attributes:
|
||||
label: Configuration file(s) (yaml or .env)
|
||||
description: |
|
||||
Please copy and paste your configuration file or the relevant part of it.
|
||||
⚠️ DON'T FORGET TO REMOVE PRIVATE DATA LIKE IP ADDRESSES ! ⚠️
|
||||
placeholder: Configuration file
|
||||
render: YAML
|
||||
- type: textarea
|
||||
id: logs
|
||||
attributes:
|
||||
label: Relevant log output
|
||||
description: |
|
||||
Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
|
||||
⚠️ DON'T FORGET TO REMOVE PRIVATE DATA LIKE IP ADDRESSES ! ⚠️
|
||||
placeholder: Log output
|
||||
render: shell
|
||||
- type: input
|
||||
id: version
|
||||
attributes:
|
||||
label: BunkerWeb version
|
||||
description: What version of BunkerWeb are you running?
|
||||
placeholder: Version
|
||||
value: 1.5.5
|
||||
validations:
|
||||
required: true
|
||||
- type: dropdown
|
||||
id: integration
|
||||
attributes:
|
||||
label: What integration are you using?
|
||||
options:
|
||||
- Docker
|
||||
- Autoconf
|
||||
- Swarm
|
||||
- Kubernetes
|
||||
- Linux
|
||||
- Ansible
|
||||
- Vagrant
|
||||
default: 0
|
||||
validations:
|
||||
required: true
|
||||
- type: input
|
||||
id: linux-distribution
|
||||
attributes:
|
||||
label: Linux distribution (if applicable)
|
||||
description: What Linux distribution are you using? (e.g. Ubuntu Server 18.04)
|
||||
placeholder: Linux distribution
|
||||
- type: checkboxes
|
||||
id: removed-private-data
|
||||
attributes:
|
||||
label: Removed private data
|
||||
description: |
|
||||
We would like to emphasize that we are not responsible for any private data that may be inadvertently included in the logs or configuration files.
|
||||
⚠️ I have removed all private data from the configuration file and the logs ⚠️
|
||||
options:
|
||||
- label: I have removed all private data from the configuration file and the logs
|
||||
required: true
|
||||
- type: checkboxes
|
||||
id: terms
|
||||
attributes:
|
||||
label: Code of Conduct
|
||||
description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/bunkerity/bunkerweb/blob/master/CODE_OF_CONDUCT.md)
|
||||
options:
|
||||
- label: I agree to follow this project's Code of Conduct
|
||||
required: true
|
||||
29
.github/ISSUE_TEMPLATE/documentation.yml
vendored
Normal file
29
.github/ISSUE_TEMPLATE/documentation.yml
vendored
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
name: 📚 Documentation enhancement
|
||||
description: Suggest an idea that will improve BunkerWeb documentation or declare a bug in the documentation
|
||||
title: "[DOC] "
|
||||
labels: ["documentation"]
|
||||
body:
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: >
|
||||
#### Before submitting a documentation enhancement request, please make sure the feature hasn't been already addressed by searching through [the existing and past documentation enhancement requests](https://github.com/bunkerity/bunkerweb/issues?q=is%3Aissue+sort%3Acreated-desc+%5BDOC%5D+in%3Atitle).
|
||||
- type: textarea
|
||||
id: description
|
||||
attributes:
|
||||
label: Description
|
||||
description: Concise description of the error or what is missing.
|
||||
validations:
|
||||
required: true
|
||||
- type: textarea
|
||||
id: proposed-solution
|
||||
attributes:
|
||||
label: Proposed solution (optional)
|
||||
description: How it should be fixed or what should be added ?
|
||||
- type: checkboxes
|
||||
id: terms
|
||||
attributes:
|
||||
label: Code of Conduct
|
||||
description: By submitting this documentation enhancement request, you agree to follow our [Code of Conduct](https://github.com/bunkerity/bunkerweb/blob/master/CODE_OF_CONDUCT.md)
|
||||
options:
|
||||
- label: I agree to follow this project's Code of Conduct
|
||||
required: true
|
||||
29
.github/ISSUE_TEMPLATE/feature_request.yml
vendored
Normal file
29
.github/ISSUE_TEMPLATE/feature_request.yml
vendored
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
name: 🚀 Feature Request
|
||||
description: Suggest an idea that will improve BunkerWeb
|
||||
title: "[FEATURE] "
|
||||
labels: ["enhancement"]
|
||||
body:
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: >
|
||||
#### Before submitting a feature request, please make sure the feature hasn't been already addressed by searching through [the existing and past feature requests](https://github.com/bunkerity/bunkerweb/issues?q=is%3Aissue+sort%3Acreated-desc+%5BFEATURE%5D+in%3Atitle).
|
||||
- type: textarea
|
||||
id: whats-needed-and-why
|
||||
attributes:
|
||||
label: What's needed and why?
|
||||
description: Describe the feature you would like to see in the project and why it should be implemented.
|
||||
validations:
|
||||
required: true
|
||||
- type: textarea
|
||||
id: implementations-ideas
|
||||
attributes:
|
||||
label: Implementations ideas (optional)
|
||||
description: How it should be used and integrated into the project ? List some posts, research papers or codes that we can use as implementation.
|
||||
- type: checkboxes
|
||||
id: terms
|
||||
attributes:
|
||||
label: Code of Conduct
|
||||
description: By submitting this feature request, you agree to follow our [Code of Conduct](https://github.com/bunkerity/bunkerweb/blob/master/CODE_OF_CONDUCT.md)
|
||||
options:
|
||||
- label: I agree to follow this project's Code of Conduct
|
||||
required: true
|
||||
13
.github/codeql.yml
vendored
Normal file
13
.github/codeql.yml
vendored
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
name: "CodeQL config"
|
||||
|
||||
paths:
|
||||
- src/autoconf
|
||||
- src/scheduler
|
||||
- src/ui
|
||||
- src/common
|
||||
paths-ignore:
|
||||
- src/ui/static/js/tsparticles.bundle.min.js
|
||||
- src/ui/static/js/editor
|
||||
- src/ui/static/js/utils/flatpickr.js
|
||||
- src/ui/static/js/utils/purify
|
||||
- src/common/core/modsecurity/files
|
||||
202
.github/dependabot.yml
vendored
202
.github/dependabot.yml
vendored
|
|
@ -1,6 +1,200 @@
|
|||
version: 2
|
||||
|
||||
updates:
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: daily
|
||||
# GHA
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/gha"
|
||||
target-branch: "dev"
|
||||
|
||||
# Linux
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/src/linux"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/linux"
|
||||
target-branch: "dev"
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/tests/linux"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/tests/linux"
|
||||
target-branch: "dev"
|
||||
|
||||
# BW
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/src/bw"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/bw"
|
||||
target-branch: "dev"
|
||||
|
||||
# Scheduler
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/src/scheduler"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/scheduler"
|
||||
target-branch: "dev"
|
||||
- package-ecosystem: "pip"
|
||||
directory: "/src/scheduler"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/scheduler"
|
||||
target-branch: "dev"
|
||||
|
||||
# Autoconf
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/src/autoconf"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/autoconf"
|
||||
target-branch: "dev"
|
||||
- package-ecosystem: "pip"
|
||||
directory: "/src/autoconf"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/autoconf"
|
||||
target-branch: "dev"
|
||||
|
||||
# UI
|
||||
- package-ecosystem: "docker"
|
||||
directory: "/src/ui"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/ui"
|
||||
target-branch: "dev"
|
||||
- package-ecosystem: "pip"
|
||||
directory: "/src/ui"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/ui"
|
||||
target-branch: "dev"
|
||||
|
||||
# Misc
|
||||
- package-ecosystem: "pip"
|
||||
directory: "/src/deps"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/deps"
|
||||
target-branch: "dev"
|
||||
- package-ecosystem: "pip"
|
||||
directory: "/src/common/gen"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/common/gen"
|
||||
target-branch: "dev"
|
||||
- package-ecosystem: "pip"
|
||||
directory: "/src/common/db"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "TheophileDiot"
|
||||
reviewers:
|
||||
- "TheophileDiot"
|
||||
commit-message:
|
||||
prefix: "deps/common/db"
|
||||
target-branch: "dev"
|
||||
|
||||
# Terraform
|
||||
- package-ecosystem: "terraform"
|
||||
directory: "/tests/terraform"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "09:00"
|
||||
timezone: "Europe/Paris"
|
||||
assignees:
|
||||
- "fl0ppy-d1sk"
|
||||
reviewers:
|
||||
- "fl0ppy-d1sk"
|
||||
commit-message:
|
||||
prefix: "deps/terraform"
|
||||
target-branch: "dev"
|
||||
|
|
|
|||
283
.github/workflows/beta.yml
vendored
Normal file
283
.github/workflows/beta.yml
vendored
Normal file
|
|
@ -0,0 +1,283 @@
|
|||
name: Automatic push (BETA)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [beta]
|
||||
|
||||
jobs:
|
||||
# Build amd64 + 386 containers images
|
||||
build-containers:
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
arch: [linux/amd64, linux/386]
|
||||
include:
|
||||
- release: beta
|
||||
cache: false
|
||||
push: false
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
- arch: linux/amd64
|
||||
cache_suffix: amd64
|
||||
- arch: linux/386
|
||||
cache_suffix: "386"
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
CACHE: ${{ matrix.cache }}
|
||||
PUSH: ${{ matrix.push }}
|
||||
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
# Create ARM environment
|
||||
create-arm:
|
||||
uses: ./.github/workflows/create-arm.yml
|
||||
secrets:
|
||||
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
|
||||
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Build arm64 + arm/v7 images
|
||||
build-containers-arm:
|
||||
needs: [create-arm]
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
arch: ["linux/arm64,linux/arm/v7"]
|
||||
include:
|
||||
- release: beta
|
||||
cache: false
|
||||
push: false
|
||||
cache_suffix: arm
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
CACHE: ${{ matrix.cache }}
|
||||
PUSH: ${{ matrix.push }}
|
||||
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Build Linux packages
|
||||
build-packages:
|
||||
needs: [create-arm]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, rhel]
|
||||
platforms: [linux/amd64, linux/arm64]
|
||||
include:
|
||||
- release: beta
|
||||
- linux: ubuntu
|
||||
package: deb
|
||||
- linux: debian
|
||||
package: deb
|
||||
- linux: fedora
|
||||
package: rpm
|
||||
- linux: rhel
|
||||
package: rpm
|
||||
uses: ./.github/workflows/linux-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
TEST: false
|
||||
PLATFORMS: ${{ matrix.platforms }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Wait for all builds and extract VERSION
|
||||
wait-builds:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build-containers, build-containers-arm, build-packages]
|
||||
outputs:
|
||||
version: ${{ steps.getversion.outputs.version }}
|
||||
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
|
||||
steps:
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Get VERSION
|
||||
id: getversion
|
||||
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
|
||||
- name: Get VERSION (for RPM based)
|
||||
id: getversionrpm
|
||||
run: echo "versionrpm=$(cat src/VERSION | tr -d '\n' | sed 's/-/_/g')" >> "$GITHUB_OUTPUT"
|
||||
|
||||
# Push Docker images
|
||||
push-images:
|
||||
needs: [create-arm, wait-builds]
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
[bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
|
||||
include:
|
||||
- release: beta
|
||||
- image: bunkerweb
|
||||
cache_from: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: bunkerweb-scheduler
|
||||
cache_from: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: bunkerweb-autoconf
|
||||
cache_from: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: bunkerweb-ui
|
||||
cache_from: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/push-docker.yml
|
||||
with:
|
||||
IMAGE: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }}
|
||||
CACHE_FROM: ${{ matrix.cache_from }}-${{ matrix.release }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Push Linux packages
|
||||
push-packages:
|
||||
needs: [wait-builds]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, rhel]
|
||||
arch: [amd64, arm64]
|
||||
include:
|
||||
- release: beta
|
||||
repo: bunkerweb
|
||||
- linux: ubuntu
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: jammy
|
||||
package: deb
|
||||
- linux: debian
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: bookworm
|
||||
package: deb
|
||||
- linux: fedora
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 39
|
||||
package: rpm
|
||||
- linux: el
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 8
|
||||
package: rpm
|
||||
- linux: ubuntu
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: debian
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: fedora
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: el
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: ubuntu
|
||||
arch: arm64
|
||||
package_arch: arm64
|
||||
- linux: debian
|
||||
arch: arm64
|
||||
package_arch: arm64
|
||||
- linux: fedora
|
||||
arch: arm64
|
||||
package_arch: aarch64
|
||||
- linux: el
|
||||
arch: arm64
|
||||
package_arch: aarch64
|
||||
uses: ./.github/workflows/push-packagecloud.yml
|
||||
with:
|
||||
SEPARATOR: ${{ matrix.separator }}
|
||||
SUFFIX: ${{ matrix.suffix }}
|
||||
REPO: ${{ matrix.repo }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
VERSION: ${{ matrix.version }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
BW_VERSION: ${{ matrix.package == 'rpm' && needs.wait-builds.outputs.versionrpm || needs.wait-builds.outputs.version }}
|
||||
PACKAGE_ARCH: ${{ matrix.package_arch }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
secrets:
|
||||
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
|
||||
# Create doc PDF
|
||||
doc-pdf:
|
||||
needs: [wait-builds, push-images, push-packages]
|
||||
uses: ./.github/workflows/doc-to-pdf.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
|
||||
# Push on GH
|
||||
push-gh:
|
||||
needs: [wait-builds, doc-pdf]
|
||||
permissions:
|
||||
contents: write
|
||||
discussions: write
|
||||
uses: ./.github/workflows/push-github.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
PRERELEASE: true
|
||||
|
||||
# Push doc
|
||||
push-doc:
|
||||
needs: [wait-builds, push-gh]
|
||||
permissions:
|
||||
contents: write
|
||||
uses: ./.github/workflows/push-doc.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
ALIAS: beta
|
||||
secrets:
|
||||
BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
|
||||
|
||||
# Remove ARM VM
|
||||
rm-arm:
|
||||
if: ${{ always() }}
|
||||
needs: [create-arm, push-images, build-packages]
|
||||
uses: ./.github/workflows/rm-arm.yml
|
||||
secrets:
|
||||
ARM_ID: ${{ needs.create-arm.outputs.id }}
|
||||
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
|
||||
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
46
.github/workflows/codeql.yml
vendored
Normal file
46
.github/workflows/codeql.yml
vendored
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
name: CodeQL Analysis
|
||||
|
||||
on:
|
||||
schedule:
|
||||
# Weekly on Saturdays.
|
||||
- cron: "30 1 * * 6"
|
||||
workflow_call:
|
||||
|
||||
jobs:
|
||||
code-security:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
language: ["python", "javascript"]
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Set up Python 3.9
|
||||
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
|
||||
if: matrix.language == 'python'
|
||||
with:
|
||||
python-version: "3.9"
|
||||
- name: Install python dependencies
|
||||
if: matrix.language == 'python'
|
||||
run: |
|
||||
python -m pip install --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements.txt
|
||||
python -m pip install --no-cache-dir --require-hashes -r src/scheduler/requirements.txt
|
||||
python -m pip install --no-cache-dir --require-hashes -r src/ui/requirements.txt
|
||||
python -m pip install --no-cache-dir --require-hashes -r src/common/gen/requirements.txt
|
||||
python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt
|
||||
echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
config-file: ./.github/codeql.yml
|
||||
setup-python-dependencies: false
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
|
||||
with:
|
||||
category: "/language:${{matrix.language}}"
|
||||
134
.github/workflows/container-build.yml
vendored
Normal file
134
.github/workflows/container-build.yml
vendored
Normal file
|
|
@ -0,0 +1,134 @@
|
|||
name: Build container (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
ARCH:
|
||||
required: true
|
||||
type: string
|
||||
IMAGE:
|
||||
required: true
|
||||
type: string
|
||||
DOCKERFILE:
|
||||
required: true
|
||||
type: string
|
||||
CACHE:
|
||||
required: false
|
||||
type: boolean
|
||||
default: true
|
||||
PUSH:
|
||||
required: false
|
||||
type: boolean
|
||||
default: true
|
||||
CACHE_SUFFIX:
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
secrets:
|
||||
DOCKER_USERNAME:
|
||||
required: true
|
||||
DOCKER_TOKEN:
|
||||
required: true
|
||||
ARM_SSH_KEY:
|
||||
required: false
|
||||
ARM_SSH_IP:
|
||||
required: false
|
||||
ARM_SSH_CONFIG:
|
||||
required: false
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Replace VERSION
|
||||
if: inputs.RELEASE == 'testing'
|
||||
run: ./misc/update-version.sh testing
|
||||
- name: Setup SSH for ARM node
|
||||
if: inputs.CACHE_SUFFIX == 'arm'
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_IP: ${{ secrets.ARM_SSH_IP }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Setup Buildx
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
if: inputs.CACHE_SUFFIX != 'arm'
|
||||
- name: Setup Buildx (ARM)
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
if: inputs.CACHE_SUFFIX == 'arm'
|
||||
with:
|
||||
endpoint: ssh://root@arm
|
||||
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to ghcr
|
||||
if: inputs.PUSH == true
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
# Compute metadata
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0
|
||||
with:
|
||||
images: bunkerity/${{ inputs.IMAGE }}
|
||||
# Build cached image
|
||||
- name: Build image
|
||||
if: inputs.CACHE == true
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: .
|
||||
file: ${{ inputs.DOCKERFILE }}
|
||||
platforms: ${{ inputs.ARCH }}
|
||||
load: true
|
||||
tags: local/${{ inputs.IMAGE }}
|
||||
cache-from: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }}
|
||||
cache-to: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }},mode=min
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
# Build non-cached image
|
||||
- name: Build image
|
||||
if: inputs.CACHE != true
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: .
|
||||
file: ${{ inputs.DOCKERFILE }}
|
||||
platforms: ${{ inputs.ARCH }}
|
||||
load: ${{ inputs.CACHE_SUFFIX != 'arm' }}
|
||||
tags: local/${{ inputs.IMAGE }}
|
||||
cache-to: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }}-${{ inputs.CACHE_SUFFIX }},mode=min
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
# Check OS vulnerabilities
|
||||
- name: Check OS vulnerabilities
|
||||
if: ${{ inputs.CACHE_SUFFIX != 'arm' }}
|
||||
uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
|
||||
with:
|
||||
vuln-type: os
|
||||
skip-dirs: /root/.cargo
|
||||
image-ref: local/${{ inputs.IMAGE }}
|
||||
format: table
|
||||
exit-code: 1
|
||||
ignore-unfixed: false
|
||||
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
|
||||
trivyignores: .trivyignore
|
||||
# Push image
|
||||
- name: Push image
|
||||
if: inputs.PUSH == true
|
||||
run: docker tag local/$IMAGE ghcr.io/bunkerity/$IMAGE-tests:$TAG && docker push ghcr.io/bunkerity/$IMAGE-tests:$TAG
|
||||
env:
|
||||
IMAGE: "${{ inputs.IMAGE }}"
|
||||
TAG: "${{ inputs.RELEASE }}"
|
||||
86
.github/workflows/create-arm.yml
vendored
Normal file
86
.github/workflows/create-arm.yml
vendored
Normal file
|
|
@ -0,0 +1,86 @@
|
|||
name: Create ARM node (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
outputs:
|
||||
id:
|
||||
description: "ARM ID"
|
||||
value: ${{ jobs.build.outputs.id }}
|
||||
ip:
|
||||
description: "ARM IP"
|
||||
value: ${{ jobs.build.outputs.ip }}
|
||||
|
||||
secrets:
|
||||
SCW_ACCESS_KEY:
|
||||
required: true
|
||||
SCW_SECRET_KEY:
|
||||
required: true
|
||||
SCW_DEFAULT_PROJECT_ID:
|
||||
required: true
|
||||
SCW_DEFAULT_ORGANIZATION_ID:
|
||||
required: true
|
||||
ARM_SSH_KEY:
|
||||
required: true
|
||||
ARM_SSH_CONFIG:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
id: ${{ steps.getinfo.outputs.id }}
|
||||
ip: ${{ steps.getinfo.outputs.ip }}
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Get ARM availabilities
|
||||
id: availabilities
|
||||
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
|
||||
with:
|
||||
args: instance server-type get zone=fr-par-2
|
||||
export-config: true
|
||||
access-key: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
secret-key: ${{ secrets.SCW_SECRET_KEY }}
|
||||
default-project-id: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
default-organization-id: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
- name: Extract ARM type
|
||||
run: |
|
||||
TYPE=$(echo "$JSON" | jq '.servers | with_entries(select(.key | contains("AMP"))) | with_entries(select(.value.availability != "shortage")) | keys[] | select(. | test("^AMP2-C[0-9]+$")) | sub("AMP2-C"; "") | tonumber' | sort -n | tail -n 1 | xargs -I {} echo "AMP2-C{}")
|
||||
echo "Type is $TYPE"
|
||||
echo "TYPE=$TYPE" >> "$GITHUB_ENV"
|
||||
env:
|
||||
JSON: ${{ steps.availabilities.outputs.json }}
|
||||
- name: Create ARM VM
|
||||
id: scw
|
||||
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
|
||||
with:
|
||||
args: instance server create zone=fr-par-2 type=${{ env.TYPE }} root-volume=block:50GB
|
||||
- name: Get info
|
||||
id: getinfo
|
||||
run: |
|
||||
echo "id=${{ fromJson(steps.scw.outputs.json).id }}" >> "$GITHUB_OUTPUT"
|
||||
echo "ip=${{ fromJson(steps.scw.outputs.json).public_ip.address }}" >> "$GITHUB_OUTPUT"
|
||||
- name: Wait for VM
|
||||
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
|
||||
with:
|
||||
args: instance server wait ${{ fromJson(steps.scw.outputs.json).ID }} zone=fr-par-2
|
||||
- name: Wait for SSH
|
||||
uses: iFaxity/wait-on-action@628831cec646e6dacca502f34a6c6b46e131e51d
|
||||
with:
|
||||
resource: tcp:${{ fromJson(steps.scw.outputs.json).public_ip.address }}:22
|
||||
timeout: 300000
|
||||
- name: Setup SSH for ARM node
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_IP: ${{ fromJson(steps.scw.outputs.json).public_ip.address }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Install Docker
|
||||
run: ssh root@$SSH_IP "curl -fsSL https://test.docker.com -o test-docker.sh ; sh test-docker.sh"
|
||||
env:
|
||||
SSH_IP: ${{ fromJson(steps.scw.outputs.json).public_ip.address }}
|
||||
61
.github/workflows/dev-update-mmdb.yml
vendored
Normal file
61
.github/workflows/dev-update-mmdb.yml
vendored
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
name: Update cached mmdb files
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 12 1 * *"
|
||||
|
||||
jobs:
|
||||
mmdb-update:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
token: ${{ secrets.BUNKERBOT_TOKEN }}
|
||||
ref: dev
|
||||
- name: Download mmdb files
|
||||
run: |
|
||||
mkdir -p src/bw/misc/
|
||||
cd src/bw/misc/
|
||||
CURL_RETURN_CODE=0
|
||||
CURL_OUTPUT=`curl -w httpcode=%{http_code} -s -o asn.mmdb.gz https://download.db-ip.com/free/dbip-asn-lite-$(date +%Y-%m).mmdb.gz 2> /dev/null` || CURL_RETURN_CODE=$?
|
||||
if [ ${CURL_RETURN_CODE} -ne 0 ]; then
|
||||
echo "Curl connection failed when downloading asn-lite mmdb file with return code - ${CURL_RETURN_CODE}"
|
||||
exit 1
|
||||
else
|
||||
echo "Curl connection success"
|
||||
# Check http code for curl operation/response in CURL_OUTPUT
|
||||
httpCode=$(echo "${CURL_OUTPUT}" | sed -e 's/.*\httpcode=//')
|
||||
if [ ${httpCode} -ne 200 ]; then
|
||||
echo "Curl operation/command failed due to server return code - ${httpCode}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
CURL_RETURN_CODE=0
|
||||
CURL_OUTPUT=`curl -w httpcode=%{http_code} -s -o country.mmdb.gz https://download.db-ip.com/free/dbip-country-lite-$(date +%Y-%m).mmdb.gz 2> /dev/null` || CURL_RETURN_CODE=$?
|
||||
if [ ${CURL_RETURN_CODE} -ne 0 ]; then
|
||||
echo "Curl connection failed when downloading country-lite mmdb file with return code - ${CURL_RETURN_CODE}"
|
||||
exit 1
|
||||
else
|
||||
echo "Curl connection success"
|
||||
# Check http code for curl operation/response in CURL_OUTPUT
|
||||
httpCode=$(echo "${CURL_OUTPUT}" | sed -e 's/.*\httpcode=//')
|
||||
if [ ${httpCode} -ne 200 ]; then
|
||||
echo "Curl operation/command failed due to server return code - ${httpCode}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
rm -f asn.mmdb country.mmdb
|
||||
gunzip asn.mmdb.gz country.mmdb.gz
|
||||
- name: Commit and push changes
|
||||
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
|
||||
with:
|
||||
branch: dev
|
||||
commit_message: "Monthly mmdb update"
|
||||
commit_options: "--no-verify"
|
||||
commit_user_name: "BunkerBot"
|
||||
commit_user_email: "bunkerbot@bunkerity.com"
|
||||
214
.github/workflows/dev.yml
vendored
Normal file
214
.github/workflows/dev.yml
vendored
Normal file
|
|
@ -0,0 +1,214 @@
|
|||
name: Automatic tests (DEV)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [dev]
|
||||
|
||||
jobs:
|
||||
# Containers
|
||||
build-containers:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
include:
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: dev
|
||||
ARCH: linux/amd64
|
||||
CACHE: true
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
# Build Linux packages
|
||||
build-packages:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, rhel]
|
||||
include:
|
||||
- linux: ubuntu
|
||||
package: deb
|
||||
- linux: debian
|
||||
package: deb
|
||||
- linux: fedora
|
||||
package: rpm
|
||||
- linux: rhel
|
||||
package: rpm
|
||||
uses: ./.github/workflows/linux-build.yml
|
||||
with:
|
||||
RELEASE: dev
|
||||
LINUX: ${{ matrix.linux }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
TEST: true
|
||||
PLATFORMS: linux/amd64
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
codeql:
|
||||
uses: ./.github/workflows/codeql.yml
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
# UI tests
|
||||
tests-ui:
|
||||
needs: [build-containers]
|
||||
uses: ./.github/workflows/tests-ui.yml
|
||||
with:
|
||||
RELEASE: dev
|
||||
tests-ui-linux:
|
||||
needs: [build-packages]
|
||||
uses: ./.github/workflows/tests-ui-linux.yml
|
||||
with:
|
||||
RELEASE: dev
|
||||
|
||||
# Core tests
|
||||
prepare-tests-core:
|
||||
needs: [build-containers, build-packages]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- id: set-matrix
|
||||
run: |
|
||||
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
|
||||
echo "tests=$tests" >> $GITHUB_OUTPUT
|
||||
outputs:
|
||||
tests: ${{ steps.set-matrix.outputs.tests }}
|
||||
tests-core:
|
||||
needs: prepare-tests-core
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
|
||||
uses: ./.github/workflows/test-core.yml
|
||||
with:
|
||||
TEST: ${{ matrix.test }}
|
||||
RELEASE: dev
|
||||
tests-core-linux:
|
||||
needs: prepare-tests-core
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
|
||||
uses: ./.github/workflows/test-core-linux.yml
|
||||
with:
|
||||
TEST: ${{ matrix.test }}
|
||||
RELEASE: dev
|
||||
secrets: inherit
|
||||
|
||||
# Push with dev tag
|
||||
push-dev:
|
||||
needs: [tests-ui, tests-core]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Push BW image
|
||||
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
|
||||
env:
|
||||
FROM: "bunkerweb"
|
||||
TO: "bunkerweb"
|
||||
- name: Push scheduler image
|
||||
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
|
||||
env:
|
||||
FROM: "scheduler"
|
||||
TO: "bunkerweb-scheduler"
|
||||
- name: Push UI image
|
||||
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
|
||||
env:
|
||||
FROM: "ui"
|
||||
TO: "bunkerweb-ui"
|
||||
- name: Push autoconf image
|
||||
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
|
||||
env:
|
||||
FROM: "autoconf"
|
||||
TO: "bunkerweb-autoconf"
|
||||
|
||||
# Push Linux packages
|
||||
push-packages:
|
||||
needs: [tests-ui-linux, tests-core-linux]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, el]
|
||||
arch: [amd64]
|
||||
include:
|
||||
- release: dev
|
||||
repo: bunkerweb
|
||||
- linux: ubuntu
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: jammy
|
||||
package: deb
|
||||
- linux: debian
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: bookworm
|
||||
package: deb
|
||||
- linux: fedora
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 39
|
||||
package: rpm
|
||||
- linux: el
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 8
|
||||
package: rpm
|
||||
- linux: ubuntu
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: debian
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: fedora
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: el
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
uses: ./.github/workflows/push-packagecloud.yml
|
||||
with:
|
||||
SEPARATOR: ${{ matrix.separator }}
|
||||
SUFFIX: ${{ matrix.suffix }}
|
||||
REPO: ${{ matrix.repo }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
VERSION: ${{ matrix.version }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
BW_VERSION: ${{ matrix.release }}
|
||||
PACKAGE_ARCH: ${{ matrix.package_arch }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
secrets:
|
||||
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
38
.github/workflows/doc-to-pdf.yml
vendored
Normal file
38
.github/workflows/doc-to-pdf.yml
vendored
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
name: Generate documentation PDF (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
VERSION:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Install Python
|
||||
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
|
||||
with:
|
||||
python-version: "3.10"
|
||||
- name: Install doc requirements
|
||||
run: pip install --no-cache-dir --require-hashes -r docs/requirements.txt
|
||||
- name: Install chromium
|
||||
run: sudo apt install chromium-browser
|
||||
- name: Install node
|
||||
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
|
||||
with:
|
||||
node-version: 18
|
||||
- name: Install puppeteer
|
||||
run: cd docs && npm install
|
||||
- name: Run mkdocs serve in background
|
||||
run: mkdocs serve & sleep 10
|
||||
- name: Run pdf script
|
||||
run: node docs/misc/pdf.js http://localhost:8000/print_page/ BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf 'BunkerWeb documentation v${{ inputs.VERSION }}'
|
||||
- uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
|
||||
with:
|
||||
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
|
||||
path: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
|
||||
152
.github/workflows/linux-build.yml
vendored
Normal file
152
.github/workflows/linux-build.yml
vendored
Normal file
|
|
@ -0,0 +1,152 @@
|
|||
name: Build Linux package (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
LINUX:
|
||||
required: true
|
||||
type: string
|
||||
PACKAGE:
|
||||
required: true
|
||||
type: string
|
||||
PLATFORMS:
|
||||
required: true
|
||||
type: string
|
||||
TEST:
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
secrets:
|
||||
DOCKER_USERNAME:
|
||||
required: true
|
||||
DOCKER_TOKEN:
|
||||
required: true
|
||||
ARM_SSH_KEY:
|
||||
required: false
|
||||
ARM_SSH_IP:
|
||||
required: false
|
||||
ARM_SSH_CONFIG:
|
||||
required: false
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Replace VERSION
|
||||
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
|
||||
run: ./misc/update-version.sh ${{ inputs.RELEASE }}
|
||||
- name: Extract arch
|
||||
run: |
|
||||
echo "ARCH=${{ env.PLATFORMS }}" | sed 's/linux//g' | sed 's@/@@g' >> "$GITHUB_ENV"
|
||||
env:
|
||||
PLATFORMS: ${{ inputs.PLATFORMS }}
|
||||
- name: Extract linux arch
|
||||
if: inputs.PACKAGE == 'rpm'
|
||||
run: |
|
||||
echo "LARCH=${{ env.ARCH }}" | sed 's/amd64/x86_64/g' | sed 's/arm64/aarch64/g' >> "$GITHUB_ENV"
|
||||
env:
|
||||
ARCH: ${{ env.ARCH }}
|
||||
- name: Extract linux arch
|
||||
if: inputs.PACKAGE == 'deb'
|
||||
run: |
|
||||
echo "LARCH=${{ env.ARCH }}" >> "$GITHUB_ENV"
|
||||
env:
|
||||
ARCH: ${{ env.ARCH }}
|
||||
- name: Setup SSH for ARM node
|
||||
if: startsWith(env.ARCH, 'arm') == true
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_IP: ${{ secrets.ARM_SSH_IP }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Setup Buildx
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
if: startsWith(env.ARCH, 'arm') == false
|
||||
- name: Setup Buildx (ARM)
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
if: startsWith(env.ARCH, 'arm') == true
|
||||
with:
|
||||
endpoint: ssh://root@arm
|
||||
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
# Build testing package image
|
||||
- name: Build package image
|
||||
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: .
|
||||
load: true
|
||||
file: src/linux/Dockerfile-${{ inputs.LINUX }}
|
||||
platforms: ${{ inputs.PLATFORMS }}
|
||||
tags: local/bunkerweb-${{ inputs.LINUX }}:latest
|
||||
cache-from: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}
|
||||
cache-to: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }},mode=min
|
||||
# Build non-testing package image
|
||||
- name: Build package image
|
||||
if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev'
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: .
|
||||
load: true
|
||||
file: src/linux/Dockerfile-${{ inputs.LINUX }}
|
||||
platforms: ${{ inputs.PLATFORMS }}
|
||||
tags: local/bunkerweb-${{ inputs.LINUX }}:latest
|
||||
# Generate package
|
||||
- name: Generate package
|
||||
if: startsWith(env.ARCH, 'arm') == false
|
||||
run: ./src/linux/package.sh ${{ inputs.LINUX }} ${{ env.LARCH }}
|
||||
env:
|
||||
LARCH: ${{ env.LARCH }}
|
||||
- name: Generate package (ARM)
|
||||
if: startsWith(env.ARCH, 'arm') == true
|
||||
run: |
|
||||
docker save local/bunkerweb-${{ inputs.LINUX }}:latest | ssh -C root@arm docker load
|
||||
scp ./src/linux/package.sh root@arm:/opt
|
||||
ssh root@arm chmod +x /opt/package.sh
|
||||
ssh root@arm /opt/package.sh ${{ inputs.LINUX }} ${{ env.LARCH }} "$(cat src/VERSION | tr -d '\n')"
|
||||
scp -r root@arm:/root/package-${{ inputs.LINUX }} ./package-${{ inputs.LINUX }}
|
||||
env:
|
||||
LARCH: ${{ env.LARCH }}
|
||||
- uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
|
||||
with:
|
||||
name: package-${{ inputs.LINUX }}-${{ env.LARCH }}
|
||||
path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
|
||||
# Build test image
|
||||
- name: Extract metadata
|
||||
if: inputs.TEST == true
|
||||
id: meta
|
||||
uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0
|
||||
with:
|
||||
images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
|
||||
- name: Build test image
|
||||
if: inputs.TEST == true
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: .
|
||||
file: tests/linux/Dockerfile-${{ inputs.LINUX }}
|
||||
platforms: ${{ inputs.PLATFORMS }}
|
||||
push: true
|
||||
tags: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
cache-from: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}-tests
|
||||
cache-to: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}-tests,mode=min
|
||||
41
.github/workflows/push-doc.yml
vendored
Normal file
41
.github/workflows/push-doc.yml
vendored
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
name: Push documentation (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
VERSION:
|
||||
required: true
|
||||
type: string
|
||||
ALIAS:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
BUNKERBOT_TOKEN:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
token: ${{ secrets.BUNKERBOT_TOKEN }}
|
||||
- name: Replace VERSION
|
||||
if: inputs.VERSION == 'testing'
|
||||
run: ./misc/update-version.sh testing
|
||||
- name: Setup git user
|
||||
run: |
|
||||
git config --global user.name "BunkerBot"
|
||||
git config --global user.email "bunkerbot@bunkerity.com"
|
||||
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
|
||||
with:
|
||||
python-version: "3.10"
|
||||
- name: Install doc requirements
|
||||
run: pip install --no-cache-dir --require-hashes -r docs/requirements.txt
|
||||
- name: Push doc
|
||||
run: mike deploy --update-aliases --push --alias-type=copy ${{ inputs.VERSION }} ${{ inputs.ALIAS }}
|
||||
- name: Set default doc
|
||||
if: inputs.ALIAS == 'latest'
|
||||
run: mike set-default --push latest
|
||||
82
.github/workflows/push-docker.yml
vendored
Normal file
82
.github/workflows/push-docker.yml
vendored
Normal file
|
|
@ -0,0 +1,82 @@
|
|||
name: Push image (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
IMAGE:
|
||||
required: true
|
||||
type: string
|
||||
TAGS:
|
||||
required: true
|
||||
type: string
|
||||
CACHE_FROM:
|
||||
required: true
|
||||
type: string
|
||||
DOCKERFILE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
DOCKER_USERNAME:
|
||||
required: true
|
||||
DOCKER_TOKEN:
|
||||
required: true
|
||||
ARM_SSH_KEY:
|
||||
required: true
|
||||
ARM_SSH_CONFIG:
|
||||
required: true
|
||||
ARM_SSH_IP:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
push:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Setup SSH for ARM node
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_IP: ${{ secrets.ARM_SSH_IP }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Setup Buildx (ARM)
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
with:
|
||||
endpoint: ssh://root@arm
|
||||
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
|
||||
# Compute metadata
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0
|
||||
with:
|
||||
images: bunkerity/${{ inputs.IMAGE }}
|
||||
# Build and push
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: .
|
||||
file: ${{ inputs.DOCKERFILE }}
|
||||
platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
|
||||
push: true
|
||||
tags: ${{ inputs.TAGS }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
cache-from: |
|
||||
type=gha,scope=${{ inputs.CACHE_FROM }}-amd64
|
||||
type=gha,scope=${{ inputs.CACHE_FROM }}-386
|
||||
type=gha,scope=${{ inputs.CACHE_FROM }}-arm
|
||||
97
.github/workflows/push-github.yml
vendored
Normal file
97
.github/workflows/push-github.yml
vendored
Normal file
|
|
@ -0,0 +1,97 @@
|
|||
name: Push on GitHub (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
VERSION:
|
||||
required: true
|
||||
type: string
|
||||
PRERELEASE:
|
||||
required: true
|
||||
type: boolean
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checkout
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
# Get PDF doc
|
||||
- name: Get documentation
|
||||
if: inputs.VERSION != 'testing'
|
||||
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
|
||||
with:
|
||||
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
|
||||
# Create tag
|
||||
- uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2
|
||||
name: Create tag
|
||||
if: inputs.VERSION != 'testing'
|
||||
with:
|
||||
tag: "v${{ inputs.VERSION }}"
|
||||
message: "v${{ inputs.VERSION }}"
|
||||
force_push_tag: true
|
||||
# Create tag
|
||||
- uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2
|
||||
name: Create tag
|
||||
if: inputs.VERSION == 'testing'
|
||||
with:
|
||||
tag: "${{ inputs.VERSION }}"
|
||||
message: "${{ inputs.VERSION }}"
|
||||
force_push_tag: true
|
||||
# Extract changelog
|
||||
- name: Extract changelog
|
||||
if: inputs.VERSION != 'testing'
|
||||
id: getchangelog
|
||||
run: |
|
||||
content=$(awk -v n=2 '/##/{n--}; n > 0' CHANGELOG.md | grep -v '# Changelog' | grep -v '##' | sed '/^$/d')
|
||||
content="${content//'%'/'%25'}"
|
||||
content="${content//$'\n'/'%0A'}"
|
||||
content="${content//$'\r'/'%0D'}"
|
||||
echo "content=$content" >> $GITHUB_OUTPUT
|
||||
# Create release
|
||||
- name: Create release
|
||||
if: inputs.VERSION != 'testing'
|
||||
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
|
||||
with:
|
||||
body: |
|
||||
Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
|
||||
|
||||
Docker tags :
|
||||
- BunkerWeb : `bunkerity/bunkerweb:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb:${{ inputs.VERSION }}`
|
||||
- Scheduler : `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
|
||||
- Autoconf : `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
|
||||
- UI : `bunkerity/bunkerweb-ui:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-ui:${{ inputs.VERSION }}`
|
||||
|
||||
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=${{ inputs.VERSION }}&filter=all&dist=
|
||||
|
||||
Changelog :
|
||||
${{ steps.getchangelog.outputs.content }}
|
||||
draft: true
|
||||
prerelease: ${{ inputs.PRERELEASE }}
|
||||
name: v${{ inputs.VERSION }}
|
||||
tag_name: v${{ inputs.VERSION }}
|
||||
discussion_category_name: Announcements
|
||||
files: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
|
||||
# Create release
|
||||
- name: Create release
|
||||
if: inputs.VERSION == 'testing'
|
||||
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
|
||||
with:
|
||||
body: |
|
||||
**The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.**
|
||||
|
||||
Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
|
||||
|
||||
Docker tags :
|
||||
- BunkerWeb : `bunkerity/bunkerweb:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb:${{ inputs.VERSION }}`
|
||||
- Scheduler : `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
|
||||
- Autoconf : `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
|
||||
- UI : `bunkerity/bunkerweb-ui:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-ui:${{ inputs.VERSION }}`
|
||||
|
||||
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=${{ inputs.VERSION }}&filter=all&dist=
|
||||
|
||||
Please note that when using Linux Debian or Ubuntu integration, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing the testing version of BunkerWeb.
|
||||
draft: false
|
||||
prerelease: ${{ inputs.PRERELEASE }}
|
||||
name: Testing
|
||||
tag_name: ${{ inputs.VERSION }}
|
||||
79
.github/workflows/push-packagecloud.yml
vendored
Normal file
79
.github/workflows/push-packagecloud.yml
vendored
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
name: Push packagecloud (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
SEPARATOR:
|
||||
required: true
|
||||
type: string
|
||||
SUFFIX:
|
||||
required: true
|
||||
type: string
|
||||
REPO:
|
||||
required: true
|
||||
type: string
|
||||
LINUX:
|
||||
required: true
|
||||
type: string
|
||||
VERSION:
|
||||
required: true
|
||||
type: string
|
||||
PACKAGE:
|
||||
required: true
|
||||
type: string
|
||||
BW_VERSION:
|
||||
required: true
|
||||
type: string
|
||||
ARCH:
|
||||
required: true
|
||||
type: string
|
||||
PACKAGE_ARCH:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
PACKAGECLOUD_TOKEN:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
push:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Install ruby
|
||||
uses: ruby/setup-ruby@360dc864d5da99d54fcb8e9148c14a84b90d3e88 # v1.165.1
|
||||
with:
|
||||
ruby-version: "3.0"
|
||||
- name: Install packagecloud
|
||||
run: gem install package_cloud
|
||||
# Download packages
|
||||
- uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
|
||||
if: inputs.LINUX != 'el'
|
||||
with:
|
||||
name: package-${{ inputs.LINUX }}-${{ inputs.PACKAGE_ARCH }}
|
||||
path: /tmp/${{ inputs.LINUX }}
|
||||
- uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
|
||||
if: inputs.LINUX == 'el'
|
||||
with:
|
||||
name: package-rhel-${{ inputs.PACKAGE_ARCH }}
|
||||
path: /tmp/${{ inputs.LINUX }}
|
||||
# Remove existing packages
|
||||
- name: Remove existing package
|
||||
run: package_cloud yank bunkerity/${{ inputs.REPO }}/${{ inputs.LINUX }}/${{ inputs.VERSION }} bunkerweb${{ inputs.SEPARATOR }}${{ inputs.BW_VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}${{ inputs.PACKAGE_ARCH }}.${{ inputs.PACKAGE }}
|
||||
continue-on-error: true
|
||||
env:
|
||||
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
# Update name
|
||||
# - name: Rename package
|
||||
# if: inputs.BW_VERSION == 'testing'
|
||||
# run: sudo apt install -y rename && rename 's/[0-9]\.[0-9]\.[0-9]/testing/' /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
|
||||
# Push package
|
||||
- name: Push package to packagecloud
|
||||
uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
|
||||
with:
|
||||
PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
|
||||
PACKAGECLOUD-USERNAME: bunkerity
|
||||
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
|
||||
PACKAGECLOUD-DISTRIB: ${{ inputs.LINUX }}/${{ inputs.VERSION }}
|
||||
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
295
.github/workflows/release.yml
vendored
Normal file
295
.github/workflows/release.yml
vendored
Normal file
|
|
@ -0,0 +1,295 @@
|
|||
name: Automatic push (RELEASE)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [master]
|
||||
|
||||
jobs:
|
||||
scorecards-analysis:
|
||||
uses: ./.github/workflows/scorecards-analysis.yml
|
||||
|
||||
codeql:
|
||||
uses: ./.github/workflows/codeql.yml
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
# Build amd64 + 386 containers images
|
||||
build-containers:
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
arch: [linux/amd64, linux/386]
|
||||
include:
|
||||
- release: latest
|
||||
cache: false
|
||||
push: false
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
- arch: linux/amd64
|
||||
cache_suffix: amd64
|
||||
- arch: linux/386
|
||||
cache_suffix: "386"
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
CACHE: ${{ matrix.cache }}
|
||||
PUSH: ${{ matrix.push }}
|
||||
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
# Create ARM environment
|
||||
create-arm:
|
||||
uses: ./.github/workflows/create-arm.yml
|
||||
secrets:
|
||||
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
|
||||
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Build arm64 + arm/v7 images
|
||||
build-containers-arm:
|
||||
needs: [create-arm]
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
arch: ["linux/arm64,linux/arm/v7"]
|
||||
include:
|
||||
- release: latest
|
||||
cache: false
|
||||
push: false
|
||||
cache_suffix: arm
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
CACHE: ${{ matrix.cache }}
|
||||
PUSH: ${{ matrix.push }}
|
||||
CACHE_SUFFIX: ${{ matrix.cache_suffix }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Build Linux packages
|
||||
build-packages:
|
||||
needs: [create-arm]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, rhel]
|
||||
platforms: [linux/amd64, linux/arm64]
|
||||
include:
|
||||
- release: latest
|
||||
- linux: ubuntu
|
||||
package: deb
|
||||
- linux: debian
|
||||
package: deb
|
||||
- linux: fedora
|
||||
package: rpm
|
||||
- linux: rhel
|
||||
package: rpm
|
||||
uses: ./.github/workflows/linux-build.yml
|
||||
with:
|
||||
RELEASE: ${{ matrix.release }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
TEST: false
|
||||
PLATFORMS: ${{ matrix.platforms }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Wait for all builds and extract VERSION
|
||||
wait-builds:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [codeql, build-containers, build-containers-arm, build-packages]
|
||||
outputs:
|
||||
version: ${{ steps.getversion.outputs.version }}
|
||||
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
|
||||
steps:
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Get VERSION
|
||||
id: getversion
|
||||
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
|
||||
- name: Get VERSION (for RPM based)
|
||||
id: getversionrpm
|
||||
run: echo "versionrpm=$(cat src/VERSION | tr -d '\n' | sed 's/-/_/g')" >> "$GITHUB_OUTPUT"
|
||||
|
||||
# Push Docker images
|
||||
push-images:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
needs: [create-arm, wait-builds]
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
[bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
|
||||
include:
|
||||
- release: latest
|
||||
- image: bunkerweb
|
||||
cache_from: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: bunkerweb-scheduler
|
||||
cache_from: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: bunkerweb-autoconf
|
||||
cache_from: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: bunkerweb-ui
|
||||
cache_from: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/push-docker.yml
|
||||
with:
|
||||
IMAGE: ${{ matrix.image }}
|
||||
TAGS: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }},ghcr.io/bunkerity/${{ matrix.image }}:${{ matrix.release }},ghcr.io/bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }}
|
||||
CACHE_FROM: ${{ matrix.cache_from }}-${{ matrix.release }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
|
||||
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
|
||||
# Push Linux packages
|
||||
push-packages:
|
||||
needs: [wait-builds]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, el]
|
||||
arch: [amd64, arm64]
|
||||
include:
|
||||
- release: latest
|
||||
repo: bunkerweb
|
||||
- linux: ubuntu
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: jammy
|
||||
package: deb
|
||||
- linux: debian
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: bookworm
|
||||
package: deb
|
||||
- linux: fedora
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 39
|
||||
package: rpm
|
||||
- linux: el
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 8
|
||||
package: rpm
|
||||
- linux: ubuntu
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: debian
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: fedora
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: el
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: ubuntu
|
||||
arch: arm64
|
||||
package_arch: arm64
|
||||
- linux: debian
|
||||
arch: arm64
|
||||
package_arch: arm64
|
||||
- linux: fedora
|
||||
arch: arm64
|
||||
package_arch: aarch64
|
||||
- linux: el
|
||||
arch: arm64
|
||||
package_arch: aarch64
|
||||
uses: ./.github/workflows/push-packagecloud.yml
|
||||
with:
|
||||
SEPARATOR: ${{ matrix.separator }}
|
||||
SUFFIX: ${{ matrix.suffix }}
|
||||
REPO: ${{ matrix.repo }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
VERSION: ${{ matrix.version }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
BW_VERSION: ${{ matrix.package == 'rpm' && needs.wait-builds.outputs.versionrpm || needs.wait-builds.outputs.version }}
|
||||
PACKAGE_ARCH: ${{ matrix.package_arch }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
secrets:
|
||||
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
|
||||
# Create doc PDF
|
||||
doc-pdf:
|
||||
needs: [wait-builds, push-images, push-packages]
|
||||
uses: ./.github/workflows/doc-to-pdf.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
|
||||
# Push on GH
|
||||
push-gh:
|
||||
needs: [wait-builds, doc-pdf]
|
||||
permissions:
|
||||
contents: write
|
||||
discussions: write
|
||||
uses: ./.github/workflows/push-github.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
PRERELEASE: false
|
||||
|
||||
# Push doc
|
||||
push-doc:
|
||||
needs: [wait-builds, push-gh]
|
||||
permissions:
|
||||
contents: write
|
||||
uses: ./.github/workflows/push-doc.yml
|
||||
with:
|
||||
VERSION: ${{ needs.wait-builds.outputs.version }}
|
||||
ALIAS: latest
|
||||
secrets:
|
||||
BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
|
||||
|
||||
# Remove ARM VM
|
||||
rm-arm:
|
||||
if: ${{ always() }}
|
||||
needs: [create-arm, push-images, build-packages]
|
||||
uses: ./.github/workflows/rm-arm.yml
|
||||
secrets:
|
||||
ARM_ID: ${{ needs.create-arm.outputs.id }}
|
||||
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
|
||||
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
32
.github/workflows/rm-arm.yml
vendored
Normal file
32
.github/workflows/rm-arm.yml
vendored
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
name: Create ARM node (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
secrets:
|
||||
SCW_ACCESS_KEY:
|
||||
required: true
|
||||
SCW_SECRET_KEY:
|
||||
required: true
|
||||
SCW_DEFAULT_PROJECT_ID:
|
||||
required: true
|
||||
SCW_DEFAULT_ORGANIZATION_ID:
|
||||
required: true
|
||||
ARM_ID:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
rm:
|
||||
if: ${{ always() }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Delete ARM VM
|
||||
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
|
||||
with:
|
||||
args: instance server delete ${{ secrets.ARM_ID }} zone=fr-par-2 with-ip=true with-volumes=all force-shutdown=true
|
||||
access-key: ${{ secrets.SCW_ACCESS_KEY }}
|
||||
secret-key: ${{ secrets.SCW_SECRET_KEY }}
|
||||
default-project-id: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
|
||||
default-organization-id: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
|
||||
30
.github/workflows/scorecards-analysis.yml
vendored
Normal file
30
.github/workflows/scorecards-analysis.yml
vendored
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
name: Scorecard analysis workflow
|
||||
|
||||
on:
|
||||
branch_protection_rule:
|
||||
schedule:
|
||||
# Weekly on Saturdays.
|
||||
- cron: "30 1 * * 6"
|
||||
workflow_call:
|
||||
|
||||
permissions: read-all
|
||||
|
||||
jobs:
|
||||
analysis:
|
||||
name: Scorecard analysis
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
persist-credentials: false
|
||||
- name: "Run analysis"
|
||||
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
publish_results: true
|
||||
- name: "Upload SARIF results to code scanning"
|
||||
uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
62
.github/workflows/staging-create-infra.yml
vendored
Normal file
62
.github/workflows/staging-create-infra.yml
vendored
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
name: Create staging infra (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
TYPE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
CICD_SECRETS:
|
||||
required: true
|
||||
SECRET_KEY:
|
||||
required: true
|
||||
K8S_IP:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
create:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Generate SSH keypair
|
||||
run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config
|
||||
if: inputs.TYPE != 'k8s'
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Install terraform
|
||||
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
|
||||
- name: Install kubectl
|
||||
uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
|
||||
if: inputs.TYPE == 'k8s'
|
||||
with:
|
||||
version: "v1.28.2"
|
||||
- name: Set up Python 3.12
|
||||
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
|
||||
if: inputs.TYPE != 'k8s'
|
||||
with:
|
||||
python-version: "3.12"
|
||||
- name: Install ansible
|
||||
run: pip install --no-cache-dir --require-hashes -r misc/requirements-ansible.txt
|
||||
if: inputs.TYPE != 'k8s'
|
||||
- name: Install ansible libs
|
||||
run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner,1.18.1 && ansible-galaxy collection install --timeout 120 community.general && ansible-galaxy collection install --timeout 120 community.docker
|
||||
if: inputs.TYPE != 'k8s'
|
||||
# Create infra
|
||||
- run: ./tests/create.sh ${{ inputs.TYPE }}
|
||||
env:
|
||||
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
|
||||
K8S_IP: ${{ secrets.K8S_IP }}
|
||||
- run: |
|
||||
tar -cf terraform.tar /tmp/${{ inputs.TYPE }}
|
||||
echo "$SECRET_KEY" > /tmp/.secret_key
|
||||
openssl enc -in terraform.tar -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out terraform.tar.enc
|
||||
rm -f /tmp/.secret_key
|
||||
if: always()
|
||||
env:
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
- uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
|
||||
if: always()
|
||||
with:
|
||||
name: tf-${{ inputs.TYPE }}
|
||||
path: terraform.tar.enc
|
||||
49
.github/workflows/staging-delete-infra.yml
vendored
Normal file
49
.github/workflows/staging-delete-infra.yml
vendored
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
name: Delete staging infra (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
TYPE:
|
||||
required: true
|
||||
type: string
|
||||
secrets:
|
||||
CICD_SECRETS:
|
||||
required: true
|
||||
SECRET_KEY:
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
delete:
|
||||
if: ${{ always() }}
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Install terraform
|
||||
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
|
||||
- uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
|
||||
with:
|
||||
name: tf-${{ inputs.TYPE }}
|
||||
path: /tmp
|
||||
- run: |
|
||||
echo "$SECRET_KEY" > /tmp/.secret_key
|
||||
openssl enc -d -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
|
||||
rm -f /tmp/.secret_key
|
||||
tar xf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub
|
||||
env:
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
- uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
|
||||
if: inputs.TYPE == 'k8s'
|
||||
with:
|
||||
version: "v1.28.2"
|
||||
# Remove infra
|
||||
- run: kubectl delete daemonsets,replicasets,services,deployments,pods,rc,ingress,statefulsets --all --all-namespaces --timeout=60s ; kubectl delete pvc --all --timeout=60s ; kubectl delete pv --all --timeout=60s
|
||||
if: inputs.TYPE == 'k8s'
|
||||
continue-on-error: true
|
||||
env:
|
||||
KUBECONFIG: /tmp/k8s/kubeconfig
|
||||
- run: ./tests/rm.sh ${{ inputs.TYPE }}
|
||||
env:
|
||||
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
|
||||
138
.github/workflows/staging-tests.yml
vendored
Normal file
138
.github/workflows/staging-tests.yml
vendored
Normal file
|
|
@ -0,0 +1,138 @@
|
|||
name: Perform staging tests (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
TYPE:
|
||||
required: true
|
||||
type: string
|
||||
RUNS_ON:
|
||||
required: true
|
||||
type: string
|
||||
# secrets:
|
||||
# PRIVATE_REGISTRY:
|
||||
# required: true
|
||||
# PRIVATE_REGISTRY_TOKEN:
|
||||
# required: true
|
||||
# TEST_DOMAINS:
|
||||
# required: true
|
||||
# ROOT_DOMAIN:
|
||||
# required: true
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ${{ fromJSON(inputs.RUNS_ON) }}
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- run: docker pull ghcr.io/bunkerity/bunkerweb-tests:testing && docker tag ghcr.io/bunkerity/bunkerweb-tests:testing local/bunkerweb-tests:latest
|
||||
if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
|
||||
- run: docker pull ghcr.io/bunkerity/scheduler-tests:testing && docker tag ghcr.io/bunkerity/scheduler-tests:testing local/scheduler-tests:latest
|
||||
if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
|
||||
- run: docker pull ghcr.io/bunkerity/autoconf-tests:testing && docker tag ghcr.io/bunkerity/autoconf-tests:testing local/autoconf-tests:latest
|
||||
if: contains(fromJSON('["autoconf", "swarm"]'), inputs.TYPE)
|
||||
- name: Push images to local repo
|
||||
run: docker tag local/bunkerweb-tests:latest 192.168.42.100:5000/bunkerweb-tests:latest && docker push 192.168.42.100:5000/bunkerweb-tests:latest && docker tag local/scheduler-tests:latest 192.168.42.100:5000/scheduler-tests:latest && docker push 192.168.42.100:5000/scheduler-tests:latest && docker tag local/autoconf-tests:latest 192.168.42.100:5000/autoconf-tests:latest && docker push 192.168.42.100:5000/autoconf-tests:latest
|
||||
if: inputs.TYPE == 'swarm'
|
||||
- name: Install test dependencies
|
||||
run: pip3 install --no-cache-dir --require-hashes --no-deps -r tests/requirements.txt
|
||||
- uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
|
||||
with:
|
||||
name: tf-k8s
|
||||
path: /tmp
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- run: |
|
||||
echo "$SECRET_KEY" > /tmp/.secret_key
|
||||
openssl enc -d -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
|
||||
rm -f /tmp/.secret_key
|
||||
tar xf /tmp/terraform.tar -C /
|
||||
mkdir /tmp/reg
|
||||
cp tests/terraform/k8s-reg.tf /tmp/reg
|
||||
cp tests/terraform/providers.tf /tmp/reg
|
||||
cd /tmp/reg
|
||||
export TF_VAR_k8s_reg_user=${REG_USER}
|
||||
export TF_VAR_k8s_reg_token=${REG_TOKEN}
|
||||
terraform init
|
||||
terraform apply -auto-approve
|
||||
env:
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
REG_USER: ${{ github.actor }}
|
||||
REG_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
|
||||
if: inputs.TYPE == 'k8s'
|
||||
with:
|
||||
version: "v1.28.2"
|
||||
- uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- name: Pull BW linux ubuntu test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ghcr.io/bunkerity/ubuntu-tests:testing && docker tag ghcr.io/bunkerity/ubuntu-tests:testing local/ubuntu:latest
|
||||
- name: Pull BW linux debian test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ghcr.io/bunkerity/debian-tests:testing && docker tag ghcr.io/bunkerity/debian-tests:testing local/debian:latest
|
||||
- name: Pull BW linux fedora test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ghcr.io/bunkerity/fedora-tests:testing && docker tag ghcr.io/bunkerity/fedora-tests:testing local/fedora:latest
|
||||
- name: Pull BW linux rhel test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ghcr.io/bunkerity/rhel-tests:testing && docker tag ghcr.io/bunkerity/rhel-tests:testing local/rhel:latest
|
||||
# Do tests
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'docker'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_DOCKER }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'autoconf'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_AUTOCONF }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'swarm'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_SWARM }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'k8s'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "kubernetes"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_KUBERNETES }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
KUBECONFIG: "/tmp/k8s/kubeconfig"
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
IMAGE_TAG: "testing"
|
||||
- name: Run Linux ubuntu tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux debian tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "debian"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux fedora tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "fedora"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux rhel tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "rhel"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
273
.github/workflows/staging.yml
vendored
Normal file
273
.github/workflows/staging.yml
vendored
Normal file
|
|
@ -0,0 +1,273 @@
|
|||
name: Automatic tests (STAGING)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [staging]
|
||||
|
||||
jobs:
|
||||
# Build Docker images
|
||||
build-containers:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, autoconf, ui]
|
||||
include:
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: autoconf
|
||||
dockerfile: src/autoconf/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: testing
|
||||
ARCH: linux/amd64
|
||||
CACHE: true
|
||||
PUSH: true
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
# Build Linux packages
|
||||
build-packages:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, rhel]
|
||||
include:
|
||||
- linux: ubuntu
|
||||
package: deb
|
||||
- linux: debian
|
||||
package: deb
|
||||
- linux: fedora
|
||||
package: rpm
|
||||
- linux: rhel
|
||||
package: rpm
|
||||
uses: ./.github/workflows/linux-build.yml
|
||||
with:
|
||||
RELEASE: testing
|
||||
LINUX: ${{ matrix.linux }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
TEST: true
|
||||
PLATFORMS: linux/amd64
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
codeql:
|
||||
uses: ./.github/workflows/codeql.yml
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
# Create infrastructures and prepare tests
|
||||
create-infras:
|
||||
needs: [codeql, build-containers, build-packages]
|
||||
strategy:
|
||||
matrix:
|
||||
type: [docker, autoconf, swarm, k8s, linux]
|
||||
uses: ./.github/workflows/staging-create-infra.yml
|
||||
with:
|
||||
TYPE: ${{ matrix.type }}
|
||||
secrets:
|
||||
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
K8S_IP: ${{ secrets.K8S_IP }}
|
||||
prepare-tests-core:
|
||||
needs: [codeql, build-containers, build-packages]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- id: set-matrix
|
||||
run: |
|
||||
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
|
||||
echo "tests=$tests" >> $GITHUB_OUTPUT
|
||||
outputs:
|
||||
tests: ${{ steps.set-matrix.outputs.tests }}
|
||||
|
||||
# Perform tests
|
||||
tests-ui:
|
||||
needs: [codeql, build-containers]
|
||||
uses: ./.github/workflows/tests-ui.yml
|
||||
with:
|
||||
RELEASE: testing
|
||||
tests-ui-linux:
|
||||
needs: [codeql, build-packages]
|
||||
uses: ./.github/workflows/tests-ui-linux.yml
|
||||
with:
|
||||
RELEASE: testing
|
||||
staging-tests:
|
||||
needs: [create-infras]
|
||||
strategy:
|
||||
matrix:
|
||||
type: [docker, autoconf, swarm, k8s, linux]
|
||||
include:
|
||||
- type: docker
|
||||
runs_on: "['self-hosted', 'bw-docker']"
|
||||
- type: autoconf
|
||||
runs_on: "['self-hosted', 'bw-autoconf']"
|
||||
- type: swarm
|
||||
runs_on: "['self-hosted', 'bw-swarm']"
|
||||
- type: k8s
|
||||
runs_on: "['ubuntu-latest']"
|
||||
- type: linux
|
||||
runs_on: "['self-hosted', 'bw-linux']"
|
||||
uses: ./.github/workflows/staging-tests.yml
|
||||
with:
|
||||
TYPE: ${{ matrix.type }}
|
||||
RUNS_ON: ${{ matrix.runs_on }}
|
||||
secrets: inherit
|
||||
tests-core:
|
||||
needs: prepare-tests-core
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
|
||||
uses: ./.github/workflows/test-core.yml
|
||||
with:
|
||||
TEST: ${{ matrix.test }}
|
||||
RELEASE: testing
|
||||
tests-core-linux:
|
||||
needs: prepare-tests-core
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
|
||||
uses: ./.github/workflows/test-core-linux.yml
|
||||
with:
|
||||
TEST: ${{ matrix.test }}
|
||||
RELEASE: testing
|
||||
secrets: inherit
|
||||
|
||||
# Delete infrastructures
|
||||
delete-infras:
|
||||
if: ${{ always() }}
|
||||
needs: [staging-tests]
|
||||
strategy:
|
||||
matrix:
|
||||
type: [docker, autoconf, swarm, k8s, linux]
|
||||
uses: ./.github/workflows/staging-delete-infra.yml
|
||||
with:
|
||||
TYPE: ${{ matrix.type }}
|
||||
secrets:
|
||||
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
|
||||
SECRET_KEY: ${{ secrets.SECRET_KEY }}
|
||||
|
||||
# Push Docker images
|
||||
push-images:
|
||||
needs: [staging-tests, tests-ui, tests-core]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Push BW image
|
||||
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:testing && docker tag ghcr.io/bunkerity/bunkerweb-tests:testing bunkerity/bunkerweb:testing && docker push bunkerity/bunkerweb:testing && docker tag bunkerity/bunkerweb:testing ghcr.io/bunkerity/bunkerweb:testing && docker push ghcr.io/bunkerity/bunkerweb:testing
|
||||
- name: Push scheduler image
|
||||
run: docker pull ghcr.io/bunkerity/scheduler-tests:testing && docker tag ghcr.io/bunkerity/scheduler-tests:testing bunkerity/bunkerweb-scheduler:testing && docker push bunkerity/bunkerweb-scheduler:testing && docker tag bunkerity/bunkerweb-scheduler:testing ghcr.io/bunkerity/bunkerweb-scheduler:testing && docker push ghcr.io/bunkerity/bunkerweb-scheduler:testing
|
||||
- name: Push UI image
|
||||
run: docker pull ghcr.io/bunkerity/ui-tests:testing && docker tag ghcr.io/bunkerity/ui-tests:testing bunkerity/bunkerweb-ui:testing && docker push bunkerity/bunkerweb-ui:testing && docker tag bunkerity/bunkerweb-ui:testing ghcr.io/bunkerity/bunkerweb-ui:testing && docker push ghcr.io/bunkerity/bunkerweb-ui:testing
|
||||
- name: Push autoconf image
|
||||
run: docker pull ghcr.io/bunkerity/autoconf-tests:testing && docker tag ghcr.io/bunkerity/autoconf-tests:testing bunkerity/bunkerweb-autoconf:testing && docker push bunkerity/bunkerweb-autoconf:testing && docker tag bunkerity/bunkerweb-autoconf:testing ghcr.io/bunkerity/bunkerweb-autoconf:testing && docker push ghcr.io/bunkerity/bunkerweb-autoconf:testing
|
||||
|
||||
# Push Linux packages
|
||||
push-packages:
|
||||
needs: [staging-tests, tests-ui-linux, tests-core-linux]
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu, debian, fedora, el]
|
||||
arch: [amd64]
|
||||
include:
|
||||
- release: testing
|
||||
repo: bunkerweb
|
||||
- linux: ubuntu
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: jammy
|
||||
package: deb
|
||||
- linux: debian
|
||||
separator: _
|
||||
suffix: ""
|
||||
version: bookworm
|
||||
package: deb
|
||||
- linux: fedora
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 39
|
||||
package: rpm
|
||||
- linux: el
|
||||
separator: "-"
|
||||
suffix: "1."
|
||||
version: 8
|
||||
package: rpm
|
||||
- linux: ubuntu
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: debian
|
||||
arch: amd64
|
||||
package_arch: amd64
|
||||
- linux: fedora
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
- linux: el
|
||||
arch: amd64
|
||||
package_arch: x86_64
|
||||
uses: ./.github/workflows/push-packagecloud.yml
|
||||
with:
|
||||
SEPARATOR: ${{ matrix.separator }}
|
||||
SUFFIX: ${{ matrix.suffix }}
|
||||
REPO: ${{ matrix.repo }}
|
||||
LINUX: ${{ matrix.linux }}
|
||||
VERSION: ${{ matrix.version }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
BW_VERSION: ${{ matrix.release }}
|
||||
PACKAGE_ARCH: ${{ matrix.package_arch }}
|
||||
ARCH: ${{ matrix.arch }}
|
||||
secrets:
|
||||
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
|
||||
|
||||
# Push doc
|
||||
push-doc:
|
||||
needs: [push-images, push-packages]
|
||||
permissions:
|
||||
contents: write
|
||||
uses: ./.github/workflows/push-doc.yml
|
||||
with:
|
||||
VERSION: testing
|
||||
ALIAS: unstable
|
||||
secrets:
|
||||
BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
|
||||
|
||||
# Push on GH
|
||||
push-gh:
|
||||
needs: [push-doc]
|
||||
permissions:
|
||||
contents: write
|
||||
discussions: write
|
||||
uses: ./.github/workflows/push-github.yml
|
||||
with:
|
||||
VERSION: testing
|
||||
PRERELEASE: true
|
||||
103
.github/workflows/test-core-linux.yml
vendored
Normal file
103
.github/workflows/test-core-linux.yml
vendored
Normal file
|
|
@ -0,0 +1,103 @@
|
|||
name: Core test Linux (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
TEST:
|
||||
required: true
|
||||
type: string
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Set up Python 3.12
|
||||
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
|
||||
with:
|
||||
python-version: "3.12"
|
||||
- name: Install Firefox manually and dependencies
|
||||
run: |
|
||||
sudo add-apt-repository ppa:mozillateam/ppa -y
|
||||
sudo apt purge -y firefox
|
||||
echo '
|
||||
Package: *
|
||||
Pin: release o=LP-PPA-mozillateam
|
||||
Pin-Priority: 1001
|
||||
|
||||
Package: firefox
|
||||
Pin: version 1:1snap1-0ubuntu2
|
||||
Pin-Priority: -1
|
||||
' | sudo tee /etc/apt/preferences.d/mozilla-firefox
|
||||
sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
|
||||
- name: Download geckodriver
|
||||
uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
|
||||
with:
|
||||
max_attempts: 3
|
||||
timeout_minutes: 20
|
||||
command: |
|
||||
GECKODRIVER_VERSION=`curl -i https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+\.[0-9]+\.[0-9]+'` && \
|
||||
wget -O geckodriver.tar.gz -w 5 https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz
|
||||
sudo tar -xzf geckodriver.tar.gz -C /usr/local/bin
|
||||
sudo chmod +x /usr/local/bin/geckodriver
|
||||
rm -f geckodriver.tar.gz
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Pull BW linux ubuntu test image
|
||||
run: docker pull ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}
|
||||
- name: Copy deb file to host
|
||||
run: |
|
||||
container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
|
||||
docker cp "$container_id:/opt/bunkerweb_${{ inputs.RELEASE }}-1_amd64.deb" "/tmp/bunkerweb.deb"
|
||||
docker rm "$container_id"
|
||||
- name: Install NGINX
|
||||
run: |
|
||||
sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
|
||||
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
|
||||
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
|
||||
sudo apt update
|
||||
sudo apt install -y nginx=1.24.0-1~jammy
|
||||
- name: Fix version without a starting number
|
||||
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
|
||||
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
|
||||
- name: Edit configuration files
|
||||
run: |
|
||||
# Misc
|
||||
echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
|
||||
echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
|
||||
echo "127.0.0.1 bwadm.example.com" | sudo tee -a /etc/hosts
|
||||
sudo cp ./tests/www-deb.conf /etc/php/8.1/fpm/pool.d/www.conf
|
||||
sudo systemctl stop php8.1-fpm
|
||||
sudo systemctl start php8.1-fpm
|
||||
# BunkerWeb
|
||||
sudo mkdir -p /etc/bunkerweb
|
||||
echo "SERVER_NAME=www.example.com" | sudo tee /etc/bunkerweb/variables.env
|
||||
echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "HTTPS_PORT=443" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo 'API_LISTEN_IP=127.0.0.1' | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "SEND_ANONYMOUS_REPORT=no" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
sudo chown nginx:nginx /etc/bunkerweb/variables.env
|
||||
sudo chmod 777 /etc/bunkerweb/variables.env
|
||||
- name: Install BunkerWeb
|
||||
run: sudo apt install -fy /tmp/bunkerweb.deb
|
||||
- name: Run tests
|
||||
run: |
|
||||
export MAKEFLAGS="-j $(nproc)"
|
||||
pip install --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements-deps.txt
|
||||
MAKEFLAGS="-j $(nproc)" find tests/core -name "requirements.txt" -exec pip install --no-cache-dir --require-hashes --no-deps -r {} \;
|
||||
cd ./tests/core/${{ inputs.TEST }}
|
||||
sudo truncate -s 0 /var/log/bunkerweb/error.log
|
||||
./test.sh "linux"
|
||||
36
.github/workflows/test-core.yml
vendored
Normal file
36
.github/workflows/test-core.yml
vendored
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
name: Core test (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
TEST:
|
||||
required: true
|
||||
type: string
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Pull BW image
|
||||
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
|
||||
- name: Pull Scheduler image
|
||||
run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
|
||||
# Run test
|
||||
- name: Run test
|
||||
run: |
|
||||
cd ./tests/core/${{ inputs.TEST }}
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb:.*@bunkerweb-tests@" {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb-scheduler:.*@scheduler-tests@" {} \;
|
||||
./test.sh "docker"
|
||||
116
.github/workflows/tests-ui-linux.yml
vendored
Normal file
116
.github/workflows/tests-ui-linux.yml
vendored
Normal file
|
|
@ -0,0 +1,116 @@
|
|||
name: Core test Linux (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Set up Python 3.12
|
||||
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
|
||||
with:
|
||||
python-version: "3.12"
|
||||
- name: Install Firefox manually and dependencies
|
||||
run: |
|
||||
sudo add-apt-repository ppa:mozillateam/ppa -y
|
||||
sudo apt purge -y firefox
|
||||
echo '
|
||||
Package: *
|
||||
Pin: release o=LP-PPA-mozillateam
|
||||
Pin-Priority: 1001
|
||||
|
||||
Package: firefox
|
||||
Pin: version 1:1snap1-0ubuntu2
|
||||
Pin-Priority: -1
|
||||
' | sudo tee /etc/apt/preferences.d/mozilla-firefox
|
||||
sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
|
||||
- name: Download geckodriver
|
||||
uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
|
||||
with:
|
||||
max_attempts: 3
|
||||
timeout_minutes: 20
|
||||
command: |
|
||||
GECKODRIVER_VERSION=`curl -i https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+\.[0-9]+\.[0-9]+'` && \
|
||||
wget -O geckodriver.tar.gz -w 5 https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz
|
||||
sudo tar -xzf geckodriver.tar.gz -C /usr/local/bin
|
||||
sudo chmod +x /usr/local/bin/geckodriver
|
||||
rm -f geckodriver.tar.gz
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Pull BW linux ubuntu test image
|
||||
run: docker pull ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}
|
||||
- name: Copy deb file to host
|
||||
run: |
|
||||
container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
|
||||
docker cp "$container_id:/opt/bunkerweb_${{ inputs.RELEASE }}-1_amd64.deb" "/tmp/bunkerweb.deb"
|
||||
docker rm "$container_id"
|
||||
- name: Install NGINX
|
||||
run: |
|
||||
sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
|
||||
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
|
||||
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
|
||||
sudo apt update
|
||||
sudo apt install -y nginx=1.24.0-1~jammy
|
||||
- name: Fix version without a starting number
|
||||
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
|
||||
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
|
||||
- name: Install BunkerWeb
|
||||
run: sudo apt install -fy /tmp/bunkerweb.deb
|
||||
- name: Edit configuration files
|
||||
run: |
|
||||
# Misc
|
||||
echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
|
||||
echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
|
||||
# BunkerWeb
|
||||
echo "SERVER_NAME=" | sudo tee /etc/bunkerweb/variables.env
|
||||
echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo 'API_LISTEN_IP=127.0.0.1' | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "MULTISITE=yes" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "SEND_ANONYMOUS_REPORT=no" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "DISABLE_DEFAULT_SERVER=yes" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "USE_CLIENT_CACHE=yes" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "USE_GZIP=yes" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "DATASTORE_MEMORY_SIZE=384m" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
echo "UI_HOST=http://127.0.0.1:7000" | sudo tee -a /etc/bunkerweb/variables.env
|
||||
sudo touch /etc/bunkerweb/ui.env
|
||||
|
||||
sudo chown nginx:nginx /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
|
||||
sudo chmod 777 /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
|
||||
- name: Run tests
|
||||
run: |
|
||||
export MAKEFLAGS="-j $(nproc)"
|
||||
pip install --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements-deps.txt
|
||||
pip install --no-cache-dir --require-hashes -r tests/ui/requirements.txt
|
||||
cd ./tests/ui
|
||||
touch test.txt
|
||||
zip test.zip test.txt
|
||||
rm test.txt
|
||||
echo '{
|
||||
"id": "discord",
|
||||
"name": "Discord",
|
||||
"description": "Send alerts to a Discord channel (using webhooks).",
|
||||
"version": "0.1",
|
||||
"stream": "no",
|
||||
"settings": {}
|
||||
}' | tee plugin.json
|
||||
zip discord.zip plugin.json
|
||||
rm plugin.json
|
||||
./tests.sh "linux"
|
||||
env:
|
||||
MODE: ${{ inputs.RELEASE }}
|
||||
34
.github/workflows/tests-ui.yml
vendored
Normal file
34
.github/workflows/tests-ui.yml
vendored
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
name: Perform tests for UI (REUSABLE)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
RELEASE:
|
||||
required: true
|
||||
type: string
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: Login to ghcr
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Pull BW image
|
||||
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
|
||||
- name: Pull Scheduler image
|
||||
run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
|
||||
- name: Pull UI image
|
||||
run: docker pull ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} ui-tests
|
||||
# Do tests
|
||||
- name: Run tests
|
||||
run: |
|
||||
cd ./tests/ui
|
||||
./tests.sh "docker"
|
||||
env:
|
||||
MODE: ${{ inputs.RELEASE }}
|
||||
75
.github/workflows/ui.yml
vendored
Normal file
75
.github/workflows/ui.yml
vendored
Normal file
|
|
@ -0,0 +1,75 @@
|
|||
name: Automatic tests (UI)
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ui]
|
||||
|
||||
jobs:
|
||||
# Containers
|
||||
build-containers:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
strategy:
|
||||
matrix:
|
||||
image: [bunkerweb, scheduler, ui]
|
||||
include:
|
||||
- image: bunkerweb
|
||||
dockerfile: src/bw/Dockerfile
|
||||
- image: scheduler
|
||||
dockerfile: src/scheduler/Dockerfile
|
||||
- image: ui
|
||||
dockerfile: src/ui/Dockerfile
|
||||
uses: ./.github/workflows/container-build.yml
|
||||
with:
|
||||
RELEASE: ui
|
||||
CACHE: true
|
||||
ARCH: linux/amd64
|
||||
IMAGE: ${{ matrix.image }}
|
||||
DOCKERFILE: ${{ matrix.dockerfile }}
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
# Build Linux packages
|
||||
build-packages:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
strategy:
|
||||
matrix:
|
||||
linux: [ubuntu]
|
||||
include:
|
||||
- linux: ubuntu
|
||||
package: deb
|
||||
uses: ./.github/workflows/linux-build.yml
|
||||
with:
|
||||
RELEASE: ui
|
||||
LINUX: ${{ matrix.linux }}
|
||||
PACKAGE: ${{ matrix.package }}
|
||||
TEST: true
|
||||
PLATFORMS: linux/amd64
|
||||
secrets:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
codeql:
|
||||
uses: ./.github/workflows/codeql.yml
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
# UI tests
|
||||
tests-ui:
|
||||
needs: [codeql, build-containers]
|
||||
uses: ./.github/workflows/tests-ui.yml
|
||||
with:
|
||||
RELEASE: ui
|
||||
tests-ui-linux:
|
||||
needs: [codeql, build-packages]
|
||||
uses: ./.github/workflows/tests-ui-linux.yml
|
||||
with:
|
||||
RELEASE: ui
|
||||
54
.gitignore
vendored
54
.gitignore
vendored
|
|
@ -1,45 +1,9 @@
|
|||
*.a
|
||||
*.la
|
||||
*.lo
|
||||
*.o
|
||||
*.so
|
||||
*.swp
|
||||
*/.deps
|
||||
*/.libs
|
||||
*~
|
||||
.\#*
|
||||
.gh-pages
|
||||
/INSTALL
|
||||
/autom4te.cache
|
||||
/bin/country_lookup
|
||||
/bin/mmdbdump
|
||||
/bin/mmdblookup
|
||||
/compile
|
||||
/config.*
|
||||
/configure
|
||||
/depcomp
|
||||
/include/maxminddb_config.h
|
||||
/install-sh
|
||||
/libmaxminddb-*
|
||||
/libtool
|
||||
/ltmain.sh
|
||||
/man
|
||||
/missing
|
||||
/src/libmaxminddb.pc
|
||||
/src/test-data-pool
|
||||
/t/*.log
|
||||
/t/*.trs
|
||||
/t/*_t
|
||||
/t/*-t
|
||||
/test-driver
|
||||
\#*\#
|
||||
aclocal.m4
|
||||
stamp-h*
|
||||
CMakeCache.txt
|
||||
CMakeFiles/
|
||||
CTestTestfile.cmake
|
||||
cmake_install.cmake
|
||||
Makefile
|
||||
Makefile.in
|
||||
Testing/
|
||||
install_manifest.txt
|
||||
site/
|
||||
.idea/
|
||||
.vscode/
|
||||
__pycache__
|
||||
env
|
||||
node_modules
|
||||
/src/ui/*.txt
|
||||
.mypy_cache
|
||||
.cache/
|
||||
|
|
|
|||
1
.gitleaksignore
Normal file
1
.gitleaksignore
Normal file
|
|
@ -0,0 +1 @@
|
|||
src/ui/templates/profile.html:hashicorp-tf-password:343
|
||||
2
.luacheckrc
Normal file
2
.luacheckrc
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
globals = {"ngx", "delay", "unpack"}
|
||||
ignore = {"411"}
|
||||
77
.pre-commit-config.yaml
Normal file
77
.pre-commit-config.yaml
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
# See https://pre-commit.com for more information
|
||||
# See https://pre-commit.com/hooks.html for more hooks
|
||||
exclude: (^LICENSE.md$|^src/VERSION$|^env/|^src/(bw/misc/root-ca.pem$|deps/src/|common/core/modsecurity/files|ui/static/js/(editor/|utils/purify/|tsparticles\.bundle\.min\.js))|\.(svg|drawio|patch\d?|ascii|tf|tftpl|key)$)
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: c4a0b883114b00d8d76b479c820ce7950211c99b # frozen: v4.5.0
|
||||
hooks:
|
||||
- id: requirements-txt-fixer
|
||||
name: Fix requirements.txt and requirements.in files
|
||||
description: Sorts entries in requirements.txt and requirements.in files.
|
||||
files: (requirements|constraints).*\.(txt|in)$
|
||||
- id: trailing-whitespace
|
||||
- id: end-of-file-fixer
|
||||
- id: check-yaml
|
||||
exclude: ^(mkdocs.yml|examples/bigbluebutton/docker-compose.yml)$
|
||||
args: ["--allow-multiple-documents"]
|
||||
- id: check-case-conflict
|
||||
|
||||
- repo: https://github.com/psf/black
|
||||
rev: ec91a2be3c44d88e1a3960a4937ad6ed3b63464e # frozen: 23.12.1
|
||||
hooks:
|
||||
- id: black
|
||||
name: Black Python Formatter
|
||||
language_version: python3.9
|
||||
|
||||
- repo: https://github.com/pre-commit/mirrors-prettier
|
||||
rev: ffb6a759a979008c0e6dff86e39f4745a2d9eac4 # frozen: v3.1.0
|
||||
hooks:
|
||||
- id: prettier
|
||||
name: Prettier Code Formatter
|
||||
|
||||
- repo: https://github.com/JohnnyMorganz/StyLua
|
||||
rev: f9afc7f33bc19f7708fbc1d7eea0606e0d41080a # frozen: v0.19.1
|
||||
hooks:
|
||||
- id: stylua-github
|
||||
exclude: ^src/(bw/lua/middleclass.lua|common/core/antibot/captcha.lua)$
|
||||
|
||||
- repo: https://github.com/lunarmodules/luacheck
|
||||
rev: 418f48976c73be697fe64b0eba9ea9821ac9bca8 # frozen: v1.1.2
|
||||
hooks:
|
||||
- id: luacheck
|
||||
exclude: ^src/(bw/lua/middleclass.lua|common/core/antibot/captcha.lua)$
|
||||
args: ["--std", "min", "--codes", "--ranges", "--no-cache"]
|
||||
|
||||
- repo: https://github.com/pycqa/flake8
|
||||
rev: 7d37d9032d0d161634be4554273c30efd4dea0b3 # frozen: 7.0.0
|
||||
hooks:
|
||||
- id: flake8
|
||||
name: Flake8 Python Linter
|
||||
args: ["--max-line-length=250", "--ignore=E266,E402,E722,W503"]
|
||||
|
||||
- repo: https://github.com/dosisod/refurb
|
||||
rev: a7c461fcfaa2ca3248d489cdf7fed8e2d4fd8520 # frozen: v1.26.0
|
||||
hooks:
|
||||
- id: refurb
|
||||
name: Refurb Python Refactoring Tool
|
||||
exclude: ^tests/
|
||||
|
||||
- repo: https://github.com/codespell-project/codespell
|
||||
rev: 6e41aba91fb32e9feb741a6258eefeb9c6e4a482 # frozen: v2.2.6
|
||||
hooks:
|
||||
- id: codespell
|
||||
name: Codespell Spell Checker
|
||||
exclude: (^src/(ui/templates|common/core/.+/files|bw/loading)/.+.html|modsecurity-rules.conf.*)$
|
||||
entry: codespell --ignore-regex="(tabEl|Widgits)" --skip src/ui/static/js/utils/flatpickr.js,CHANGELOG.md
|
||||
language: python
|
||||
types: [text]
|
||||
|
||||
- repo: https://github.com/gitleaks/gitleaks
|
||||
rev: e815c559e3ac76227e8e7463cf3a6598b715687b # frozen: v8.18.1
|
||||
hooks:
|
||||
- id: gitleaks
|
||||
|
||||
- repo: https://github.com/koalaman/shellcheck-precommit
|
||||
rev: 3f77b826548d8dc2d26675f077361c92773b50a7 # frozen: v0.9.0
|
||||
hooks:
|
||||
- id: shellcheck
|
||||
20
.prettierignore
Normal file
20
.prettierignore
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
docs/
|
||||
env/
|
||||
*/env/
|
||||
*.min*
|
||||
src/common/core/modsecurity/
|
||||
src/deps/src/
|
||||
mkdocs.yml
|
||||
CHANGELOG.md
|
||||
CONTRIBUTING.md
|
||||
CODE_OF_CONDUCT.md
|
||||
LICENSE.md
|
||||
README.md
|
||||
SECURITY.md
|
||||
tsparticles.bundle.min.js
|
||||
flatpickr.*
|
||||
src/ui/static/js/editor/*
|
||||
src/ui/static/js/utils/purify/*
|
||||
src/ui/templates/*
|
||||
datepicker-foundation.css
|
||||
examples/*
|
||||
360
CHANGELOG.md
Normal file
360
CHANGELOG.md
Normal file
|
|
@ -0,0 +1,360 @@
|
|||
# Changelog
|
||||
|
||||
## v1.5.6 - YYYY/MM/DD
|
||||
|
||||
|
||||
|
||||
## v1.5.5 - 2024/01/12
|
||||
|
||||
- [BUGFIX] Fix issues with the database when upgrading from one version to a newer one
|
||||
- [BUGFIX] Fix ModSecurity-nginx to make it work with brotli
|
||||
- [BUGFIX] Remove certbot renew delay causing errors on k8s
|
||||
- [BUGFIX] Fix missing custom modsec files when BW instances change
|
||||
- [BUGFIX] Fix inconsistency on config changes when using Redis
|
||||
- [FEATURE] Add Anonymous reporting feature
|
||||
- [FEATURE] Add support for fallback Referrer-Policies
|
||||
- [FEATURE] Add profile page to web ui and the possibility to activate the 2FA
|
||||
- [FEATURE] Add setting REVERSE_PROXY_INCLUDES to manually add "include" directives in the reverse proxies
|
||||
- [FEATURE] Add support for Redis Sentinel
|
||||
- [FEATURE] Add support for tls in Ingress definition
|
||||
- [MISC] Fallback to default HTTPS certificate to prevent errors
|
||||
- [MISC] Various internal improvements in LUA code
|
||||
- [MISC] Check nginx configuration before reload
|
||||
- [MISC] Updated Python Docker image to 3.12.1-alpine3.18 in Dockerfiles
|
||||
- [DEPS] Updated ModSecurity to v3.0.11
|
||||
|
||||
## v1.5.4 - 2023/12/04
|
||||
|
||||
- [UI] Add an optional setup wizard for the web UI
|
||||
- [BUGFIX] Fix issues with the Linux integration and external databases
|
||||
- [BUGFIX] Fix scheduler trying to connect to Docker socket in k8s and swarm
|
||||
- [LINUX] Support Debian 12, Fedora 39 and RHEL 8.9
|
||||
- [DOCKER] Handle start and stop event of BunkerWeb with the scheduler
|
||||
- [MISC] Refactor database session handling to make it more stable with SQLite
|
||||
- [MISC] Add conditional block for open file cache in nginx config
|
||||
- [MISC] Updated core dependencies
|
||||
- [MISC] Updated python dependencies
|
||||
- [MISC] Updated Python Docker image to 3.12.0-alpine3.18 in Dockerfiles
|
||||
|
||||
## v1.5.3 - 2023/10/31
|
||||
|
||||
- [BUGFIX] Fix BunkerWeb not loading his own settings after a docker restart
|
||||
- [BUGFIX] Fix Custom configs not following the service name after an update on the UI
|
||||
- [BUGFIX] Fix UI clearing configs folder at startup
|
||||
- [BUGFIX] Fix Database not clearing old services when not using multisite
|
||||
- [BUGFIX] Fix UI using the wrong database when generating the new config when using an external database
|
||||
- [BUGFIX] Small fixes on linux paths creating unnecessary folders
|
||||
- [BUGFIX] Fix ACME renewal fails on redirection enabled Service
|
||||
- [BUGFIX] Fix errors when using a server name with multiple values in web UI
|
||||
- [BUGFIX] Fix error when deleting a service that have custom configs on web UI
|
||||
- [BUGFIX] Fix rare bug where database is locked
|
||||
- [MISC] Updated core dependencies
|
||||
- [MISC] Updated self-signed job to regenerate the cert if the subject or the expiration date has changed
|
||||
- [MISC] Jobs that download files from urls will now remove old cached files if urls are empty
|
||||
- [MISC] Replaced gevent with gthread in UI for security reasons
|
||||
- [MISC] Add HTML sanitization when injecting code in pages in the UI
|
||||
- [MISC] Optimize the way the UI handles services creation and edition
|
||||
- [MISC] Optimize certbot renew script to renew all domains in one command
|
||||
- [MISC] Use capability instead of sudo in Linux
|
||||
- [SECURITY] Init work on OpenSSF best practices
|
||||
|
||||
## v1.5.2 - 2023/09/10
|
||||
|
||||
- [BUGFIX] Fix UI fetching only default values from the database (fixes no trash button too)
|
||||
- [BUGFIX] Fix infinite loop when using autoconf
|
||||
- [BUGFIX] Fix BunkerWeb fails to start after reboot on Fedora and Rhel
|
||||
- [BUGFIX] Fix logs page not working in UI on Linux integrations
|
||||
- [BUGFIX] Fix settings regex that had issues in general and with the UI
|
||||
- [BUGFIX] Fix scheduler error with external plugins when reloading
|
||||
- [BUGFIX] Fix permissions with folders in linux integrations
|
||||
- [MISC] Push Docker images to GitHub packages (ghcr.io repository)
|
||||
- [MISC] Improved CI/CD
|
||||
- [MISC] Updated python dependencies
|
||||
- [MISC] Updated Python Docker image to 3.11.5-alpine in Dockerfiles
|
||||
- [MISC] Add support for ModSecurity JSON LogFormat
|
||||
- [MISC] Updated OWASP coreruleset to 3.3.5
|
||||
|
||||
## v1.5.1 - 2023/08/08
|
||||
|
||||
- [BUGFIX] New version checker in logs displays "404 not found"
|
||||
- [BUGFIX] New version checker in UI
|
||||
- [BUGFIX] Only get the right keys from plugin.json files when importing plugins
|
||||
- [BUGFIX] Remove external resources for Google fonts in UI
|
||||
- [BUGFIX] Support multiple plugin uploads in one zip when using the UI
|
||||
- [BUGFIX] Variable being ignored instead of saved in the database when value is empty
|
||||
- [BUGFIX] ALLOWED_METHODS regex working with LOCK/UNLOCK methods
|
||||
- [BUGFIX] Custom certificate bug after the refactoring
|
||||
- [BUGFIX] Wrong variables in header phase (fix CORS feature too)
|
||||
- [BUGFIX] UI not working in Ubuntu (python zope module)
|
||||
- [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
|
||||
- [BUGFIX] Custom configurations from env were not being deleted properly
|
||||
- [BUGFIX] Missing concepts image not displayed in the documentation
|
||||
- [BUGFIX] Scheduler not picking up new instances IPs in autoconf modes
|
||||
- [BUGFIX] Autoconf deadlock in k8s
|
||||
- [BUGFIX] Missing HTTP and HTTPS ports for temp nginx
|
||||
- [BUGFIX] Infinite loop when sessions is not valid
|
||||
- [BUGFIX] Missing valid LE certificates in edge cases
|
||||
- [BUGFIX] Wrong service namespace in k8s
|
||||
- [BUGFIX] DNS_RESOLVERS regex not accepting hostnames
|
||||
- [PERFORMANCE] Reduce CPU and RAM usage of scheduler
|
||||
- [PERFORMANCE] Cache ngx.ctx instead of loading it each time
|
||||
- [PERFORMANCE] Use per-worker LRU cache for common RO LUA values
|
||||
- [FEATURE] Add Turnstile antibot mode
|
||||
- [FEATURE] Add more CORS headers
|
||||
- [FEATURE] Add KEEP_UPSTREAM_HEADERS to preserve headers when using reverse proxy
|
||||
- [FEATURE] Add the possibility to download the different lists and plugins from a local file (like the blacklist)
|
||||
- [FEATURE] External plugins can now be downloaded from a tar.gz and tar.xz file as well as zip
|
||||
- [FEATURE] Add X-Forwarded-Prefix header when using reverse proxy
|
||||
- [FEATURE] Add REDIRECT_TO_STATUS_CODE to choose status code 301 or 302 when redirecting
|
||||
- [DOCUMENTATION] Add timezone information
|
||||
- [DOCUMENTATION] Add timezone informat
|
||||
- [MISC] Add LOG_LEVEL=warning for docker socket proxy in docs, examples and boilerplates
|
||||
- [MISC] Temp remove VMWare provider for Vagrant integration
|
||||
- [MISC] Remove X-Script-Name header and ABSOLUTE_URI variable when using UI
|
||||
- [MISC] Move logs to /var/log/bunkerweb folder
|
||||
- [MISC] Reduce "Got an error reading communication packets" warnings in mariadb/mysql
|
||||
|
||||
## v1.5.0 - 2023/05/23
|
||||
|
||||
- Refactoring of almost all the components of the project
|
||||
- Dedicated scheduler service to manage jobs and configuration
|
||||
- Store configuration in a database backend
|
||||
- Improved web UI and make it working with all integrations
|
||||
- Improved internal LUA code
|
||||
- Improved internal cache of BW
|
||||
- Add Redis support when using clustered integrations
|
||||
- Add RHEL integration
|
||||
- Add Vagrant integration
|
||||
- Init support of generic TCP/UDP (stream)
|
||||
- Init support of IPv6
|
||||
- Improved CI/CD : UI tests, core tests and release automation
|
||||
- Reduce Docker images size
|
||||
- Fix and improved core plugins : antibot, cors, dnsbl, ...
|
||||
- Use PCRE regex instead of LUA patterns
|
||||
- Connectivity tests at startup/reload with logging
|
||||
|
||||
## v1.5.0-beta - 2023/05/02
|
||||
|
||||
- Refactoring of almost all the components of the project
|
||||
- Dedicated scheduler service to manage jobs and configuration
|
||||
- Store configuration in a database backend
|
||||
- Improved web UI and make it working with all integrations
|
||||
- Improved internal LUA code
|
||||
- Improved internal cache of BW
|
||||
- Add Redis support when using clustered integrations
|
||||
- Add RHEL integration
|
||||
- Add Vagrant integration
|
||||
- Init support of generic TCP/UDP (stream)
|
||||
- Init support of IPv6
|
||||
- Improved CI/CD : UI tests, core tests and release automation
|
||||
- Reduce Docker images size
|
||||
- Fix and improved core plugins : antibot, cors, dnsbl, ...
|
||||
- Use PCRE regex instead of LUA patterns
|
||||
- Connectivity tests at startup/reload with logging
|
||||
|
||||
## v1.4.8 - 2023/04/05
|
||||
|
||||
- Fix UI bug related to multiple settings
|
||||
- Increase check reload interval in UI to avoid rate limit
|
||||
- Fix Let's Encrypt error when using auth basic
|
||||
- Fix wrong setting name in realip job (again)
|
||||
- Fix blog posts retrieval in the UI
|
||||
- Fix missing logs for UI
|
||||
- Fix error log if BunkerNet ip list is empty
|
||||
- Updated python dependencies
|
||||
- Gunicorn will now show the logs in the console for the UI
|
||||
- BunkerNet job will now create the ip list file at the beginning of the job to avoid errors
|
||||
|
||||
## v1.4.7 - 2023/02/27
|
||||
|
||||
- Fix DISABLE_DEFAULT_SERVER=yes not working with HTTPS (again)
|
||||
- Fix wrong setting name in realip job
|
||||
- Fix whitelisting not working with modsecurity
|
||||
|
||||
## v1.4.6 - 2023/02/14
|
||||
|
||||
- Fix error in the UI when a service have multiple domains
|
||||
- Fix bwcli bans command
|
||||
- Fix documentation about Linux Fedora install
|
||||
- Fix DISABLE_DEFAULT_SERVER=yes not working with HTTPS
|
||||
- Add INTERCEPTED_ERROR_CODES setting
|
||||
|
||||
## v1.4.5 - 2022/11/26
|
||||
|
||||
- Fix bwcli syntax error
|
||||
- Fix UI not working using Linux integration
|
||||
- Fix missing openssl dep in autoconf
|
||||
- Fix typo in selfsigned job
|
||||
|
||||
## v1.4.4 - 2022/11/10
|
||||
|
||||
- Fix k8s controller not watching the events when there is an exception
|
||||
- Fix python dependencies bug in CentOS and Fedora
|
||||
- Fix incorrect log when reloading nginx using Linux integration
|
||||
- Fix UI dev mode, production mode is now the default
|
||||
- Fix wrong exposed port in the UI container
|
||||
- Fix endless loading in the UI
|
||||
- Fix \*_CUSTOM_CONF_\* dissapear when jobs are executed
|
||||
- Fix various typos in documentation
|
||||
- Fix warning about StartLimitIntervalSec directive when using Linux
|
||||
- Fix incorrect log when issuing certbot renew
|
||||
- Fix certbot renew error when using Linux or Docker integration
|
||||
- Add greylist core feature
|
||||
- Add BLACKLIST_IGNORE_\* settings
|
||||
- Add automatic change of SecRequestBodyLimit modsec directive based on MAX_CLIENT_SIZE setting
|
||||
- Add MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS settings
|
||||
- Add manual ban and get bans to the API/CLI
|
||||
- Add Brawdunoir community example
|
||||
- Improve core plugins order and add documentation about it
|
||||
- Improve overall documentation
|
||||
- Improve CI/CD
|
||||
|
||||
## v1.4.3 - 2022/08/26
|
||||
|
||||
- Fix various documentation errors/typos and add various enhancements
|
||||
- Fix ui.env not read when using Linux integration
|
||||
- Fix wrong variables.env path when using Linux integration
|
||||
- Fix missing default server when TEMP_NGINX=yes
|
||||
- Fix check if BunkerNet is activated on default server
|
||||
- Fix request crash when mmdb lookup fails
|
||||
- Fix bad behavior trigger when request is whitelisted
|
||||
- Fix bad behavior not triggered when request is on default server
|
||||
- Fix BW overriding config when config is already present
|
||||
- Add Ansible integration in beta
|
||||
- Add \*_CUSTOM_CONF_\* setting to automatically add custom config files from setting value
|
||||
- Add DENY_HTTP_STATUS setting to choose standard 403 error page (default) or 444 to close connection when access is denied
|
||||
- Add CORS (Cross-Origin Resource Sharing) core plugin
|
||||
- Add documentation about Docker in rootless mode and podman
|
||||
- Improve automatic tests setup
|
||||
- Migrate CI/CD infrastructure to another provider
|
||||
|
||||
## v1.4.2 - 2022/06/28
|
||||
|
||||
- Fix "too old resource version" exceptions when using k8s integration
|
||||
- Fix missing bwcli command with Linux integration
|
||||
- Fix various bugs with jobs scheduler when using autoconf/swarm/k8s
|
||||
- Fix bwcli unban command when using Linux integration
|
||||
- Fix permissions check when filename has a space
|
||||
- Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
|
||||
- Fix config files overwrite when using Docker autoconf
|
||||
- Add EXTERNAL_PLUGIN_URLS setting to automatically download and install external plugins
|
||||
- Add log_default() plugin hook
|
||||
- Add various certbot-dns examples
|
||||
- Add mattermost example
|
||||
- Add radarr example
|
||||
- Add Discord and Slack to list of official plugins
|
||||
- Force NGINX version dependencies in Linux packages DEB/RPM
|
||||
|
||||
## v1.4.1 - 2022/06/16
|
||||
|
||||
- Fix sending local IPs to BunkerNet when DISABLE_DEFAULT_SERVER=yes
|
||||
- Fix certbot bug when AUTOCONF_MODE=yes
|
||||
- Fix certbot bug when MULTISITE=no
|
||||
- Add reverse proxy timeouts settings
|
||||
- Add auth_request settings
|
||||
- Add authentik and authelia examples
|
||||
- Prebuilt Docker images for arm64 and armv7
|
||||
- Improve documentation for Linux integration
|
||||
- Various fixes in the documentation
|
||||
|
||||
## v1.4.0 - 2022/06/06
|
||||
|
||||
- Project renamed to BunkerWeb
|
||||
- Internal architecture fully revised with a modular approach
|
||||
- Improved CI/CD with automatic tests for multiple integrations
|
||||
- Plugin improvement
|
||||
- Volume improvement for container-based integrations
|
||||
- Web UI improvement with various new features
|
||||
- Web tool to generate settings from a user-friendly UI
|
||||
- Linux packages
|
||||
- Various bug fixes
|
||||
|
||||
## v1.3.2 - 2021/10/24
|
||||
|
||||
- Use API instead of a shared folder for Swarm and Kubernetes integrations
|
||||
- Beta integration of distributed bad IPs database through a remote API
|
||||
- Improvement of the request limiting feature : hour/day rate and multiple URL support
|
||||
- Various bug fixes related to antibot feature
|
||||
- Init support of Arch Linux
|
||||
- Fix Moodle example
|
||||
- Fix ROOT_FOLDER bug in serve-files.conf when using the UI
|
||||
- Update default values for PERMISSIONS_POLICY and FEATURE_POLICY
|
||||
- Disable COUNTRY ban if IP is local
|
||||
|
||||
## v1.3.1 - 2021/09/02
|
||||
|
||||
- Use ModSecurity v3.0.4 instead of v3.0.5 to fix memory leak
|
||||
- Fix ignored variables to control jobs
|
||||
- Fix bug when LISTEN_HTTP=no and MULTISITE=yes
|
||||
- Add CUSTOM_HEADER variable
|
||||
- Add REVERSE_PROXY_BUFFERING variable
|
||||
- Add REVERSE_PROXY_KEEPALIVE variable
|
||||
- Fix documentation for modsec and modsec-crs special folders
|
||||
|
||||
## v1.3.0 - 2021/08/23
|
||||
|
||||
- Kubernetes integration in beta
|
||||
- Linux integration in beta
|
||||
- autoconf refactoring
|
||||
- jobs refactoring
|
||||
- UI refactoring
|
||||
- UI security : login/password authentication and CRSF protection
|
||||
- various dependencies updates
|
||||
- move CrowdSec as an external plugin
|
||||
- Authelia support
|
||||
- improve various regexes
|
||||
- add INJECT_BODY variable
|
||||
- add WORKER_PROCESSES variable
|
||||
- add USE_LETS_ENCRYPT_STAGING variable
|
||||
- add LOCAL_PHP and LOCAL_PHP_PATH variables
|
||||
- add REDIRECT_TO variable
|
||||
|
||||
## v1.2.8 - 2021/07/22
|
||||
|
||||
- Fix broken links in README
|
||||
- Fix regex for EMAIL_LETS_ENCRYPT
|
||||
- Fix regex for REMOTE_PHP and REMOTE_PHP_PATH
|
||||
- Fix regex for SELF_SIGNED_*
|
||||
- Fix various bugs related to web UI
|
||||
- Fix bug in autoconf (missing instances parameter to reload function)
|
||||
- Remove old .env files when generating a new configuration
|
||||
|
||||
## v1.2.7 - 2021/06/14
|
||||
|
||||
- Add custom robots.txt and sitemap to RTD
|
||||
- Fix missing GeoIP DB bug when using BLACKLIST/WHITELIST_COUNTRY
|
||||
- Add underscore "_" to allowed chars for CUSTOM_HTTPS_CERT/KEY
|
||||
- Fix bug when using automatic self-signed certificate
|
||||
- Build and push images from GitHub actions instead of Docker Hub autobuild
|
||||
- Display the reason when generator is ignoring a variable
|
||||
- Various bug fixes related to certbot and jobs
|
||||
- Split jobs into pre and post jobs
|
||||
- Add HEALTHCHECK to image
|
||||
- Fix race condition when using autoconf without Swarm by checking healthy state
|
||||
- Bump modsecurity-nginx to v1.0.2
|
||||
- Community chat with bridged platforms
|
||||
|
||||
## v1.2.6 - 2021/06/06
|
||||
|
||||
- Move from "ghetto-style" shell scripts to generic jinja2 templating
|
||||
- Init work on a basic plugins system
|
||||
- Move ClamAV to external plugin
|
||||
- Reduce image size by removing unnecessary dependencies
|
||||
- Fix CrowdSec example
|
||||
- Change some global variables to multisite
|
||||
- Add LOG_LEVEL environment variable
|
||||
- Read-only container support
|
||||
- Improved antibot javascript with a basic proof of work
|
||||
- Update nginx to 1.20.1
|
||||
- Support of docker-socket-proxy with web UI
|
||||
- Add certbot-cloudflare example
|
||||
- Disable DNSBL checks when IP is local
|
||||
|
||||
## v1.2.5 - 2021/05/14
|
||||
|
||||
- Performance improvement : move some nginx security checks to LUA and external blacklist parsing enhancement
|
||||
- Init work on official documentation on readthedocs
|
||||
- Fix default value for CONTENT_SECURITY_POLICY to allow file downloads
|
||||
- Add ROOT_SITE_SUBFOLDER environment variable
|
||||
|
||||
## TODO - retrospective changelog
|
||||
128
CODE_OF_CONDUCT.md
Normal file
128
CODE_OF_CONDUCT.md
Normal file
|
|
@ -0,0 +1,128 @@
|
|||
# Contributor Covenant Code of Conduct
|
||||
|
||||
## Our Pledge
|
||||
|
||||
We as members, contributors, and leaders pledge to make participation in our
|
||||
community a harassment-free experience for everyone, regardless of age, body
|
||||
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
||||
identity and expression, level of experience, education, socio-economic status,
|
||||
nationality, personal appearance, race, religion, or sexual identity
|
||||
and orientation.
|
||||
|
||||
We pledge to act and interact in ways that contribute to an open, welcoming,
|
||||
diverse, inclusive, and healthy community.
|
||||
|
||||
## Our Standards
|
||||
|
||||
Examples of behavior that contributes to a positive environment for our
|
||||
community include:
|
||||
|
||||
* Demonstrating empathy and kindness toward other people
|
||||
* Being respectful of differing opinions, viewpoints, and experiences
|
||||
* Giving and gracefully accepting constructive feedback
|
||||
* Accepting responsibility and apologizing to those affected by our mistakes,
|
||||
and learning from the experience
|
||||
* Focusing on what is best not just for us as individuals, but for the
|
||||
overall community
|
||||
|
||||
Examples of unacceptable behavior include:
|
||||
|
||||
* The use of sexualized language or imagery, and sexual attention or
|
||||
advances of any kind
|
||||
* Trolling, insulting or derogatory comments, and personal or political attacks
|
||||
* Public or private harassment
|
||||
* Publishing others' private information, such as a physical or email
|
||||
address, without their explicit permission
|
||||
* Other conduct which could reasonably be considered inappropriate in a
|
||||
professional setting
|
||||
|
||||
## Enforcement Responsibilities
|
||||
|
||||
Community leaders are responsible for clarifying and enforcing our standards of
|
||||
acceptable behavior and will take appropriate and fair corrective action in
|
||||
response to any behavior that they deem inappropriate, threatening, offensive,
|
||||
or harmful.
|
||||
|
||||
Community leaders have the right and responsibility to remove, edit, or reject
|
||||
comments, commits, code, wiki edits, issues, and other contributions that are
|
||||
not aligned to this Code of Conduct, and will communicate reasons for moderation
|
||||
decisions when appropriate.
|
||||
|
||||
## Scope
|
||||
|
||||
This Code of Conduct applies within all community spaces, and also applies when
|
||||
an individual is officially representing the community in public spaces.
|
||||
Examples of representing our community include using an official e-mail address,
|
||||
posting via an official social media account, or acting as an appointed
|
||||
representative at an online or offline event.
|
||||
|
||||
## Enforcement
|
||||
|
||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
||||
reported to the community leaders responsible for enforcement at
|
||||
contact@bunkerity.com.
|
||||
All complaints will be reviewed and investigated promptly and fairly.
|
||||
|
||||
All community leaders are obligated to respect the privacy and security of the
|
||||
reporter of any incident.
|
||||
|
||||
## Enforcement Guidelines
|
||||
|
||||
Community leaders will follow these Community Impact Guidelines in determining
|
||||
the consequences for any action they deem in violation of this Code of Conduct:
|
||||
|
||||
### 1. Correction
|
||||
|
||||
**Community Impact**: Use of inappropriate language or other behavior deemed
|
||||
unprofessional or unwelcome in the community.
|
||||
|
||||
**Consequence**: A private, written warning from community leaders, providing
|
||||
clarity around the nature of the violation and an explanation of why the
|
||||
behavior was inappropriate. A public apology may be requested.
|
||||
|
||||
### 2. Warning
|
||||
|
||||
**Community Impact**: A violation through a single incident or series
|
||||
of actions.
|
||||
|
||||
**Consequence**: A warning with consequences for continued behavior. No
|
||||
interaction with the people involved, including unsolicited interaction with
|
||||
those enforcing the Code of Conduct, for a specified period of time. This
|
||||
includes avoiding interactions in community spaces as well as external channels
|
||||
like social media. Violating these terms may lead to a temporary or
|
||||
permanent ban.
|
||||
|
||||
### 3. Temporary Ban
|
||||
|
||||
**Community Impact**: A serious violation of community standards, including
|
||||
sustained inappropriate behavior.
|
||||
|
||||
**Consequence**: A temporary ban from any sort of interaction or public
|
||||
communication with the community for a specified period of time. No public or
|
||||
private interaction with the people involved, including unsolicited interaction
|
||||
with those enforcing the Code of Conduct, is allowed during this period.
|
||||
Violating these terms may lead to a permanent ban.
|
||||
|
||||
### 4. Permanent Ban
|
||||
|
||||
**Community Impact**: Demonstrating a pattern of violation of community
|
||||
standards, including sustained inappropriate behavior, harassment of an
|
||||
individual, or aggression toward or disparagement of classes of individuals.
|
||||
|
||||
**Consequence**: A permanent ban from any sort of public interaction within
|
||||
the community.
|
||||
|
||||
## Attribution
|
||||
|
||||
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
||||
version 2.0, available at
|
||||
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
|
||||
|
||||
Community Impact Guidelines were inspired by [Mozilla's code of conduct
|
||||
enforcement ladder](https://github.com/mozilla/diversity).
|
||||
|
||||
[homepage]: https://www.contributor-covenant.org
|
||||
|
||||
For answers to common questions about this code of conduct, see the FAQ at
|
||||
https://www.contributor-covenant.org/faq. Translations are available at
|
||||
https://www.contributor-covenant.org/translations.
|
||||
21
CONTRIBUTING.md
Normal file
21
CONTRIBUTING.md
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# Contributing to bunkerweb
|
||||
|
||||
First off all, thanks for being here and showing your support to the project !
|
||||
|
||||
We accept many types of contributions whether they are technical or not. Every community feedback, work or help is, and will always be, appreciated.
|
||||
|
||||
## Talk about the project
|
||||
|
||||
The first thing you can do is to talk about the project. You can share it on social media (by the way, you can can also follow us on [LinkedIn](https://www.linkedin.com/company/bunkerity/), [Twitter](https://twitter.com/bunkerity) and [GitHub](https://github.com/bunkerity)), make a blog post about it or simply tell your friends/colleagues that's an awesome project..
|
||||
|
||||
## Join the community
|
||||
|
||||
You can join the [Discord server](https://discord.com/invite/fTf46FmtyD), the [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions) and the [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit to talk about the project and help others.
|
||||
|
||||
## Reporting bugs / ask for features
|
||||
|
||||
The preferred way to report bugs and asking for features is using [issues](https://github.com/bunkerity/bunkerweb/issues). Before opening a new one, please check if a related issue is already opened using the "filters" bar. When creating a new issue please select and fill the "Bug report" or "Feature request" template.
|
||||
|
||||
## Code contribution
|
||||
|
||||
The preferred way to contribute code is using [pull requests](https://github.com/bunkerity/bunkerweb/pulls). Before creating a pull request, please check if your code is related to an opened issue. If that's not the case, you should first create an issue so we can discuss about it. This procedure is here to avoid wasting your time in case the PR will be rejected. For minor changes (e.g. : typo, quick fix, ...), opening an issue might be facultative. **Don't forget to edit the documentations when needed !**
|
||||
660
LICENSE.md
Normal file
660
LICENSE.md
Normal file
|
|
@ -0,0 +1,660 @@
|
|||
### GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
|
||||
Version 3, 19 November 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc.
|
||||
<https://fsf.org/>
|
||||
|
||||
Everyone is permitted to copy and distribute verbatim copies of this
|
||||
license document, but changing it is not allowed.
|
||||
|
||||
### Preamble
|
||||
|
||||
The GNU Affero General Public License is a free, copyleft license for
|
||||
software and other kinds of works, specifically designed to ensure
|
||||
cooperation with the community in the case of network server software.
|
||||
|
||||
The licenses for most software and other practical works are designed
|
||||
to take away your freedom to share and change the works. By contrast,
|
||||
our General Public Licenses are intended to guarantee your freedom to
|
||||
share and change all versions of a program--to make sure it remains
|
||||
free software for all its users.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
them if you wish), that you receive source code or can get it if you
|
||||
want it, that you can change the software or use pieces of it in new
|
||||
free programs, and that you know you can do these things.
|
||||
|
||||
Developers that use our General Public Licenses protect your rights
|
||||
with two steps: (1) assert copyright on the software, and (2) offer
|
||||
you this License which gives you legal permission to copy, distribute
|
||||
and/or modify the software.
|
||||
|
||||
A secondary benefit of defending all users' freedom is that
|
||||
improvements made in alternate versions of the program, if they
|
||||
receive widespread use, become available for other developers to
|
||||
incorporate. Many developers of free software are heartened and
|
||||
encouraged by the resulting cooperation. However, in the case of
|
||||
software used on network servers, this result may fail to come about.
|
||||
The GNU General Public License permits making a modified version and
|
||||
letting the public access it on a server without ever releasing its
|
||||
source code to the public.
|
||||
|
||||
The GNU Affero General Public License is designed specifically to
|
||||
ensure that, in such cases, the modified source code becomes available
|
||||
to the community. It requires the operator of a network server to
|
||||
provide the source code of the modified version running there to the
|
||||
users of that server. Therefore, public use of a modified version, on
|
||||
a publicly accessible server, gives the public access to the source
|
||||
code of the modified version.
|
||||
|
||||
An older license, called the Affero General Public License and
|
||||
published by Affero, was designed to accomplish similar goals. This is
|
||||
a different license, not a version of the Affero GPL, but Affero has
|
||||
released a new version of the Affero GPL which permits relicensing
|
||||
under this license.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
### TERMS AND CONDITIONS
|
||||
|
||||
#### 0. Definitions.
|
||||
|
||||
"This License" refers to version 3 of the GNU Affero General Public
|
||||
License.
|
||||
|
||||
"Copyright" also means copyright-like laws that apply to other kinds
|
||||
of works, such as semiconductor masks.
|
||||
|
||||
"The Program" refers to any copyrightable work licensed under this
|
||||
License. Each licensee is addressed as "you". "Licensees" and
|
||||
"recipients" may be individuals or organizations.
|
||||
|
||||
To "modify" a work means to copy from or adapt all or part of the work
|
||||
in a fashion requiring copyright permission, other than the making of
|
||||
an exact copy. The resulting work is called a "modified version" of
|
||||
the earlier work or a work "based on" the earlier work.
|
||||
|
||||
A "covered work" means either the unmodified Program or a work based
|
||||
on the Program.
|
||||
|
||||
To "propagate" a work means to do anything with it that, without
|
||||
permission, would make you directly or secondarily liable for
|
||||
infringement under applicable copyright law, except executing it on a
|
||||
computer or modifying a private copy. Propagation includes copying,
|
||||
distribution (with or without modification), making available to the
|
||||
public, and in some countries other activities as well.
|
||||
|
||||
To "convey" a work means any kind of propagation that enables other
|
||||
parties to make or receive copies. Mere interaction with a user
|
||||
through a computer network, with no transfer of a copy, is not
|
||||
conveying.
|
||||
|
||||
An interactive user interface displays "Appropriate Legal Notices" to
|
||||
the extent that it includes a convenient and prominently visible
|
||||
feature that (1) displays an appropriate copyright notice, and (2)
|
||||
tells the user that there is no warranty for the work (except to the
|
||||
extent that warranties are provided), that licensees may convey the
|
||||
work under this License, and how to view a copy of this License. If
|
||||
the interface presents a list of user commands or options, such as a
|
||||
menu, a prominent item in the list meets this criterion.
|
||||
|
||||
#### 1. Source Code.
|
||||
|
||||
The "source code" for a work means the preferred form of the work for
|
||||
making modifications to it. "Object code" means any non-source form of
|
||||
a work.
|
||||
|
||||
A "Standard Interface" means an interface that either is an official
|
||||
standard defined by a recognized standards body, or, in the case of
|
||||
interfaces specified for a particular programming language, one that
|
||||
is widely used among developers working in that language.
|
||||
|
||||
The "System Libraries" of an executable work include anything, other
|
||||
than the work as a whole, that (a) is included in the normal form of
|
||||
packaging a Major Component, but which is not part of that Major
|
||||
Component, and (b) serves only to enable use of the work with that
|
||||
Major Component, or to implement a Standard Interface for which an
|
||||
implementation is available to the public in source code form. A
|
||||
"Major Component", in this context, means a major essential component
|
||||
(kernel, window system, and so on) of the specific operating system
|
||||
(if any) on which the executable work runs, or a compiler used to
|
||||
produce the work, or an object code interpreter used to run it.
|
||||
|
||||
The "Corresponding Source" for a work in object code form means all
|
||||
the source code needed to generate, install, and (for an executable
|
||||
work) run the object code and to modify the work, including scripts to
|
||||
control those activities. However, it does not include the work's
|
||||
System Libraries, or general-purpose tools or generally available free
|
||||
programs which are used unmodified in performing those activities but
|
||||
which are not part of the work. For example, Corresponding Source
|
||||
includes interface definition files associated with source files for
|
||||
the work, and the source code for shared libraries and dynamically
|
||||
linked subprograms that the work is specifically designed to require,
|
||||
such as by intimate data communication or control flow between those
|
||||
subprograms and other parts of the work.
|
||||
|
||||
The Corresponding Source need not include anything that users can
|
||||
regenerate automatically from other parts of the Corresponding Source.
|
||||
|
||||
The Corresponding Source for a work in source code form is that same
|
||||
work.
|
||||
|
||||
#### 2. Basic Permissions.
|
||||
|
||||
All rights granted under this License are granted for the term of
|
||||
copyright on the Program, and are irrevocable provided the stated
|
||||
conditions are met. This License explicitly affirms your unlimited
|
||||
permission to run the unmodified Program. The output from running a
|
||||
covered work is covered by this License only if the output, given its
|
||||
content, constitutes a covered work. This License acknowledges your
|
||||
rights of fair use or other equivalent, as provided by copyright law.
|
||||
|
||||
You may make, run and propagate covered works that you do not convey,
|
||||
without conditions so long as your license otherwise remains in force.
|
||||
You may convey covered works to others for the sole purpose of having
|
||||
them make modifications exclusively for you, or provide you with
|
||||
facilities for running those works, provided that you comply with the
|
||||
terms of this License in conveying all material for which you do not
|
||||
control copyright. Those thus making or running the covered works for
|
||||
you must do so exclusively on your behalf, under your direction and
|
||||
control, on terms that prohibit them from making any copies of your
|
||||
copyrighted material outside their relationship with you.
|
||||
|
||||
Conveying under any other circumstances is permitted solely under the
|
||||
conditions stated below. Sublicensing is not allowed; section 10 makes
|
||||
it unnecessary.
|
||||
|
||||
#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||
|
||||
No covered work shall be deemed part of an effective technological
|
||||
measure under any applicable law fulfilling obligations under article
|
||||
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||
similar laws prohibiting or restricting circumvention of such
|
||||
measures.
|
||||
|
||||
When you convey a covered work, you waive any legal power to forbid
|
||||
circumvention of technological measures to the extent such
|
||||
circumvention is effected by exercising rights under this License with
|
||||
respect to the covered work, and you disclaim any intention to limit
|
||||
operation or modification of the work as a means of enforcing, against
|
||||
the work's users, your or third parties' legal rights to forbid
|
||||
circumvention of technological measures.
|
||||
|
||||
#### 4. Conveying Verbatim Copies.
|
||||
|
||||
You may convey verbatim copies of the Program's source code as you
|
||||
receive it, in any medium, provided that you conspicuously and
|
||||
appropriately publish on each copy an appropriate copyright notice;
|
||||
keep intact all notices stating that this License and any
|
||||
non-permissive terms added in accord with section 7 apply to the code;
|
||||
keep intact all notices of the absence of any warranty; and give all
|
||||
recipients a copy of this License along with the Program.
|
||||
|
||||
You may charge any price or no price for each copy that you convey,
|
||||
and you may offer support or warranty protection for a fee.
|
||||
|
||||
#### 5. Conveying Modified Source Versions.
|
||||
|
||||
You may convey a work based on the Program, or the modifications to
|
||||
produce it from the Program, in the form of source code under the
|
||||
terms of section 4, provided that you also meet all of these
|
||||
conditions:
|
||||
|
||||
- a) The work must carry prominent notices stating that you modified
|
||||
it, and giving a relevant date.
|
||||
- b) The work must carry prominent notices stating that it is
|
||||
released under this License and any conditions added under
|
||||
section 7. This requirement modifies the requirement in section 4
|
||||
to "keep intact all notices".
|
||||
- c) You must license the entire work, as a whole, under this
|
||||
License to anyone who comes into possession of a copy. This
|
||||
License will therefore apply, along with any applicable section 7
|
||||
additional terms, to the whole of the work, and all its parts,
|
||||
regardless of how they are packaged. This License gives no
|
||||
permission to license the work in any other way, but it does not
|
||||
invalidate such permission if you have separately received it.
|
||||
- d) If the work has interactive user interfaces, each must display
|
||||
Appropriate Legal Notices; however, if the Program has interactive
|
||||
interfaces that do not display Appropriate Legal Notices, your
|
||||
work need not make them do so.
|
||||
|
||||
A compilation of a covered work with other separate and independent
|
||||
works, which are not by their nature extensions of the covered work,
|
||||
and which are not combined with it such as to form a larger program,
|
||||
in or on a volume of a storage or distribution medium, is called an
|
||||
"aggregate" if the compilation and its resulting copyright are not
|
||||
used to limit the access or legal rights of the compilation's users
|
||||
beyond what the individual works permit. Inclusion of a covered work
|
||||
in an aggregate does not cause this License to apply to the other
|
||||
parts of the aggregate.
|
||||
|
||||
#### 6. Conveying Non-Source Forms.
|
||||
|
||||
You may convey a covered work in object code form under the terms of
|
||||
sections 4 and 5, provided that you also convey the machine-readable
|
||||
Corresponding Source under the terms of this License, in one of these
|
||||
ways:
|
||||
|
||||
- a) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by the
|
||||
Corresponding Source fixed on a durable physical medium
|
||||
customarily used for software interchange.
|
||||
- b) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by a
|
||||
written offer, valid for at least three years and valid for as
|
||||
long as you offer spare parts or customer support for that product
|
||||
model, to give anyone who possesses the object code either (1) a
|
||||
copy of the Corresponding Source for all the software in the
|
||||
product that is covered by this License, on a durable physical
|
||||
medium customarily used for software interchange, for a price no
|
||||
more than your reasonable cost of physically performing this
|
||||
conveying of source, or (2) access to copy the Corresponding
|
||||
Source from a network server at no charge.
|
||||
- c) Convey individual copies of the object code with a copy of the
|
||||
written offer to provide the Corresponding Source. This
|
||||
alternative is allowed only occasionally and noncommercially, and
|
||||
only if you received the object code with such an offer, in accord
|
||||
with subsection 6b.
|
||||
- d) Convey the object code by offering access from a designated
|
||||
place (gratis or for a charge), and offer equivalent access to the
|
||||
Corresponding Source in the same way through the same place at no
|
||||
further charge. You need not require recipients to copy the
|
||||
Corresponding Source along with the object code. If the place to
|
||||
copy the object code is a network server, the Corresponding Source
|
||||
may be on a different server (operated by you or a third party)
|
||||
that supports equivalent copying facilities, provided you maintain
|
||||
clear directions next to the object code saying where to find the
|
||||
Corresponding Source. Regardless of what server hosts the
|
||||
Corresponding Source, you remain obligated to ensure that it is
|
||||
available for as long as needed to satisfy these requirements.
|
||||
- e) Convey the object code using peer-to-peer transmission,
|
||||
provided you inform other peers where the object code and
|
||||
Corresponding Source of the work are being offered to the general
|
||||
public at no charge under subsection 6d.
|
||||
|
||||
A separable portion of the object code, whose source code is excluded
|
||||
from the Corresponding Source as a System Library, need not be
|
||||
included in conveying the object code work.
|
||||
|
||||
A "User Product" is either (1) a "consumer product", which means any
|
||||
tangible personal property which is normally used for personal,
|
||||
family, or household purposes, or (2) anything designed or sold for
|
||||
incorporation into a dwelling. In determining whether a product is a
|
||||
consumer product, doubtful cases shall be resolved in favor of
|
||||
coverage. For a particular product received by a particular user,
|
||||
"normally used" refers to a typical or common use of that class of
|
||||
product, regardless of the status of the particular user or of the way
|
||||
in which the particular user actually uses, or expects or is expected
|
||||
to use, the product. A product is a consumer product regardless of
|
||||
whether the product has substantial commercial, industrial or
|
||||
non-consumer uses, unless such uses represent the only significant
|
||||
mode of use of the product.
|
||||
|
||||
"Installation Information" for a User Product means any methods,
|
||||
procedures, authorization keys, or other information required to
|
||||
install and execute modified versions of a covered work in that User
|
||||
Product from a modified version of its Corresponding Source. The
|
||||
information must suffice to ensure that the continued functioning of
|
||||
the modified object code is in no case prevented or interfered with
|
||||
solely because modification has been made.
|
||||
|
||||
If you convey an object code work under this section in, or with, or
|
||||
specifically for use in, a User Product, and the conveying occurs as
|
||||
part of a transaction in which the right of possession and use of the
|
||||
User Product is transferred to the recipient in perpetuity or for a
|
||||
fixed term (regardless of how the transaction is characterized), the
|
||||
Corresponding Source conveyed under this section must be accompanied
|
||||
by the Installation Information. But this requirement does not apply
|
||||
if neither you nor any third party retains the ability to install
|
||||
modified object code on the User Product (for example, the work has
|
||||
been installed in ROM).
|
||||
|
||||
The requirement to provide Installation Information does not include a
|
||||
requirement to continue to provide support service, warranty, or
|
||||
updates for a work that has been modified or installed by the
|
||||
recipient, or for the User Product in which it has been modified or
|
||||
installed. Access to a network may be denied when the modification
|
||||
itself materially and adversely affects the operation of the network
|
||||
or violates the rules and protocols for communication across the
|
||||
network.
|
||||
|
||||
Corresponding Source conveyed, and Installation Information provided,
|
||||
in accord with this section must be in a format that is publicly
|
||||
documented (and with an implementation available to the public in
|
||||
source code form), and must require no special password or key for
|
||||
unpacking, reading or copying.
|
||||
|
||||
#### 7. Additional Terms.
|
||||
|
||||
"Additional permissions" are terms that supplement the terms of this
|
||||
License by making exceptions from one or more of its conditions.
|
||||
Additional permissions that are applicable to the entire Program shall
|
||||
be treated as though they were included in this License, to the extent
|
||||
that they are valid under applicable law. If additional permissions
|
||||
apply only to part of the Program, that part may be used separately
|
||||
under those permissions, but the entire Program remains governed by
|
||||
this License without regard to the additional permissions.
|
||||
|
||||
When you convey a copy of a covered work, you may at your option
|
||||
remove any additional permissions from that copy, or from any part of
|
||||
it. (Additional permissions may be written to require their own
|
||||
removal in certain cases when you modify the work.) You may place
|
||||
additional permissions on material, added by you to a covered work,
|
||||
for which you have or can give appropriate copyright permission.
|
||||
|
||||
Notwithstanding any other provision of this License, for material you
|
||||
add to a covered work, you may (if authorized by the copyright holders
|
||||
of that material) supplement the terms of this License with terms:
|
||||
|
||||
- a) Disclaiming warranty or limiting liability differently from the
|
||||
terms of sections 15 and 16 of this License; or
|
||||
- b) Requiring preservation of specified reasonable legal notices or
|
||||
author attributions in that material or in the Appropriate Legal
|
||||
Notices displayed by works containing it; or
|
||||
- c) Prohibiting misrepresentation of the origin of that material,
|
||||
or requiring that modified versions of such material be marked in
|
||||
reasonable ways as different from the original version; or
|
||||
- d) Limiting the use for publicity purposes of names of licensors
|
||||
or authors of the material; or
|
||||
- e) Declining to grant rights under trademark law for use of some
|
||||
trade names, trademarks, or service marks; or
|
||||
- f) Requiring indemnification of licensors and authors of that
|
||||
material by anyone who conveys the material (or modified versions
|
||||
of it) with contractual assumptions of liability to the recipient,
|
||||
for any liability that these contractual assumptions directly
|
||||
impose on those licensors and authors.
|
||||
|
||||
All other non-permissive additional terms are considered "further
|
||||
restrictions" within the meaning of section 10. If the Program as you
|
||||
received it, or any part of it, contains a notice stating that it is
|
||||
governed by this License along with a term that is a further
|
||||
restriction, you may remove that term. If a license document contains
|
||||
a further restriction but permits relicensing or conveying under this
|
||||
License, you may add to a covered work material governed by the terms
|
||||
of that license document, provided that the further restriction does
|
||||
not survive such relicensing or conveying.
|
||||
|
||||
If you add terms to a covered work in accord with this section, you
|
||||
must place, in the relevant source files, a statement of the
|
||||
additional terms that apply to those files, or a notice indicating
|
||||
where to find the applicable terms.
|
||||
|
||||
Additional terms, permissive or non-permissive, may be stated in the
|
||||
form of a separately written license, or stated as exceptions; the
|
||||
above requirements apply either way.
|
||||
|
||||
#### 8. Termination.
|
||||
|
||||
You may not propagate or modify a covered work except as expressly
|
||||
provided under this License. Any attempt otherwise to propagate or
|
||||
modify it is void, and will automatically terminate your rights under
|
||||
this License (including any patent licenses granted under the third
|
||||
paragraph of section 11).
|
||||
|
||||
However, if you cease all violation of this License, then your license
|
||||
from a particular copyright holder is reinstated (a) provisionally,
|
||||
unless and until the copyright holder explicitly and finally
|
||||
terminates your license, and (b) permanently, if the copyright holder
|
||||
fails to notify you of the violation by some reasonable means prior to
|
||||
60 days after the cessation.
|
||||
|
||||
Moreover, your license from a particular copyright holder is
|
||||
reinstated permanently if the copyright holder notifies you of the
|
||||
violation by some reasonable means, this is the first time you have
|
||||
received notice of violation of this License (for any work) from that
|
||||
copyright holder, and you cure the violation prior to 30 days after
|
||||
your receipt of the notice.
|
||||
|
||||
Termination of your rights under this section does not terminate the
|
||||
licenses of parties who have received copies or rights from you under
|
||||
this License. If your rights have been terminated and not permanently
|
||||
reinstated, you do not qualify to receive new licenses for the same
|
||||
material under section 10.
|
||||
|
||||
#### 9. Acceptance Not Required for Having Copies.
|
||||
|
||||
You are not required to accept this License in order to receive or run
|
||||
a copy of the Program. Ancillary propagation of a covered work
|
||||
occurring solely as a consequence of using peer-to-peer transmission
|
||||
to receive a copy likewise does not require acceptance. However,
|
||||
nothing other than this License grants you permission to propagate or
|
||||
modify any covered work. These actions infringe copyright if you do
|
||||
not accept this License. Therefore, by modifying or propagating a
|
||||
covered work, you indicate your acceptance of this License to do so.
|
||||
|
||||
#### 10. Automatic Licensing of Downstream Recipients.
|
||||
|
||||
Each time you convey a covered work, the recipient automatically
|
||||
receives a license from the original licensors, to run, modify and
|
||||
propagate that work, subject to this License. You are not responsible
|
||||
for enforcing compliance by third parties with this License.
|
||||
|
||||
An "entity transaction" is a transaction transferring control of an
|
||||
organization, or substantially all assets of one, or subdividing an
|
||||
organization, or merging organizations. If propagation of a covered
|
||||
work results from an entity transaction, each party to that
|
||||
transaction who receives a copy of the work also receives whatever
|
||||
licenses to the work the party's predecessor in interest had or could
|
||||
give under the previous paragraph, plus a right to possession of the
|
||||
Corresponding Source of the work from the predecessor in interest, if
|
||||
the predecessor has it or can get it with reasonable efforts.
|
||||
|
||||
You may not impose any further restrictions on the exercise of the
|
||||
rights granted or affirmed under this License. For example, you may
|
||||
not impose a license fee, royalty, or other charge for exercise of
|
||||
rights granted under this License, and you may not initiate litigation
|
||||
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||
any patent claim is infringed by making, using, selling, offering for
|
||||
sale, or importing the Program or any portion of it.
|
||||
|
||||
#### 11. Patents.
|
||||
|
||||
A "contributor" is a copyright holder who authorizes use under this
|
||||
License of the Program or a work on which the Program is based. The
|
||||
work thus licensed is called the contributor's "contributor version".
|
||||
|
||||
A contributor's "essential patent claims" are all patent claims owned
|
||||
or controlled by the contributor, whether already acquired or
|
||||
hereafter acquired, that would be infringed by some manner, permitted
|
||||
by this License, of making, using, or selling its contributor version,
|
||||
but do not include claims that would be infringed only as a
|
||||
consequence of further modification of the contributor version. For
|
||||
purposes of this definition, "control" includes the right to grant
|
||||
patent sublicenses in a manner consistent with the requirements of
|
||||
this License.
|
||||
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||
patent license under the contributor's essential patent claims, to
|
||||
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||
propagate the contents of its contributor version.
|
||||
|
||||
In the following three paragraphs, a "patent license" is any express
|
||||
agreement or commitment, however denominated, not to enforce a patent
|
||||
(such as an express permission to practice a patent or covenant not to
|
||||
sue for patent infringement). To "grant" such a patent license to a
|
||||
party means to make such an agreement or commitment not to enforce a
|
||||
patent against the party.
|
||||
|
||||
If you convey a covered work, knowingly relying on a patent license,
|
||||
and the Corresponding Source of the work is not available for anyone
|
||||
to copy, free of charge and under the terms of this License, through a
|
||||
publicly available network server or other readily accessible means,
|
||||
then you must either (1) cause the Corresponding Source to be so
|
||||
available, or (2) arrange to deprive yourself of the benefit of the
|
||||
patent license for this particular work, or (3) arrange, in a manner
|
||||
consistent with the requirements of this License, to extend the patent
|
||||
license to downstream recipients. "Knowingly relying" means you have
|
||||
actual knowledge that, but for the patent license, your conveying the
|
||||
covered work in a country, or your recipient's use of the covered work
|
||||
in a country, would infringe one or more identifiable patents in that
|
||||
country that you have reason to believe are valid.
|
||||
|
||||
If, pursuant to or in connection with a single transaction or
|
||||
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||
covered work, and grant a patent license to some of the parties
|
||||
receiving the covered work authorizing them to use, propagate, modify
|
||||
or convey a specific copy of the covered work, then the patent license
|
||||
you grant is automatically extended to all recipients of the covered
|
||||
work and works based on it.
|
||||
|
||||
A patent license is "discriminatory" if it does not include within the
|
||||
scope of its coverage, prohibits the exercise of, or is conditioned on
|
||||
the non-exercise of one or more of the rights that are specifically
|
||||
granted under this License. You may not convey a covered work if you
|
||||
are a party to an arrangement with a third party that is in the
|
||||
business of distributing software, under which you make payment to the
|
||||
third party based on the extent of your activity of conveying the
|
||||
work, and under which the third party grants, to any of the parties
|
||||
who would receive the covered work from you, a discriminatory patent
|
||||
license (a) in connection with copies of the covered work conveyed by
|
||||
you (or copies made from those copies), or (b) primarily for and in
|
||||
connection with specific products or compilations that contain the
|
||||
covered work, unless you entered into that arrangement, or that patent
|
||||
license was granted, prior to 28 March 2007.
|
||||
|
||||
Nothing in this License shall be construed as excluding or limiting
|
||||
any implied license or other defenses to infringement that may
|
||||
otherwise be available to you under applicable patent law.
|
||||
|
||||
#### 12. No Surrender of Others' Freedom.
|
||||
|
||||
If conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot convey a
|
||||
covered work so as to satisfy simultaneously your obligations under
|
||||
this License and any other pertinent obligations, then as a
|
||||
consequence you may not convey it at all. For example, if you agree to
|
||||
terms that obligate you to collect a royalty for further conveying
|
||||
from those to whom you convey the Program, the only way you could
|
||||
satisfy both those terms and this License would be to refrain entirely
|
||||
from conveying the Program.
|
||||
|
||||
#### 13. Remote Network Interaction; Use with the GNU General Public License.
|
||||
|
||||
Notwithstanding any other provision of this License, if you modify the
|
||||
Program, your modified version must prominently offer all users
|
||||
interacting with it remotely through a computer network (if your
|
||||
version supports such interaction) an opportunity to receive the
|
||||
Corresponding Source of your version by providing access to the
|
||||
Corresponding Source from a network server at no charge, through some
|
||||
standard or customary means of facilitating copying of software. This
|
||||
Corresponding Source shall include the Corresponding Source for any
|
||||
work covered by version 3 of the GNU General Public License that is
|
||||
incorporated pursuant to the following paragraph.
|
||||
|
||||
Notwithstanding any other provision of this License, you have
|
||||
permission to link or combine any covered work with a work licensed
|
||||
under version 3 of the GNU General Public License into a single
|
||||
combined work, and to convey the resulting work. The terms of this
|
||||
License will continue to apply to the part which is the covered work,
|
||||
but the work with which it is combined will remain governed by version
|
||||
3 of the GNU General Public License.
|
||||
|
||||
#### 14. Revised Versions of this License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Affero General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies that a certain numbered version of the GNU Affero General
|
||||
Public License "or any later version" applies to it, you have the
|
||||
option of following the terms and conditions either of that numbered
|
||||
version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of the
|
||||
GNU Affero General Public License, you may choose any version ever
|
||||
published by the Free Software Foundation.
|
||||
|
||||
If the Program specifies that a proxy can decide which future versions
|
||||
of the GNU Affero General Public License can be used, that proxy's
|
||||
public statement of acceptance of a version permanently authorizes you
|
||||
to choose that version for the Program.
|
||||
|
||||
Later license versions may give you additional or different
|
||||
permissions. However, no additional obligations are imposed on any
|
||||
author or copyright holder as a result of your choosing to follow a
|
||||
later version.
|
||||
|
||||
#### 15. Disclaimer of Warranty.
|
||||
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
|
||||
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
|
||||
PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
|
||||
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
|
||||
CORRECTION.
|
||||
|
||||
#### 16. Limitation of Liability.
|
||||
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
|
||||
CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
|
||||
ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
|
||||
NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
|
||||
LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
|
||||
TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
|
||||
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
#### 17. Interpretation of Sections 15 and 16.
|
||||
|
||||
If the disclaimer of warranty and limitation of liability provided
|
||||
above cannot be given local legal effect according to their terms,
|
||||
reviewing courts shall apply local law that most closely approximates
|
||||
an absolute waiver of all civil liability in connection with the
|
||||
Program, unless a warranty or assumption of liability accompanies a
|
||||
copy of the Program in return for a fee.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
### How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these
|
||||
terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest to
|
||||
attach them to the start of each source file to most effectively state
|
||||
the exclusion of warranty; and each file should have at least the
|
||||
"copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper
|
||||
mail.
|
||||
|
||||
If your software can interact with users remotely through a computer
|
||||
network, you should also make sure that it provides a way for users to
|
||||
get its source. For example, if your program is a web application, its
|
||||
interface could display a "Source" link that leads users to an archive
|
||||
of the code. There are many ways you could offer source, and different
|
||||
solutions will be better for different programs; see section 13 for
|
||||
the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. For more information on this, and how to apply and follow
|
||||
the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
506
README.md
506
README.md
|
|
@ -1,141 +1,389 @@
|
|||
# About
|
||||
<p align="center">
|
||||
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/misc/logo.png" />
|
||||
</p>
|
||||
|
||||
The libmaxminddb library provides a C library for reading MaxMind DB files,
|
||||
including the GeoIP2 databases from MaxMind. This is a custom binary format
|
||||
designed to facilitate fast lookups of IP addresses while allowing for great
|
||||
flexibility in the type of data associated with an address.
|
||||
<p align="center">
|
||||
<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?label=stable" />
|
||||
<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?include_prereleases&label=latest" />
|
||||
<br />
|
||||
<img src="https://img.shields.io/github/last-commit/bunkerity/bunkerweb" />
|
||||
<img src="https://img.shields.io/github/issues/bunkerity/bunkerweb">
|
||||
<img src="https://img.shields.io/github/issues-pr/bunkerity/bunkerweb">
|
||||
<br />
|
||||
<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/dev.yml?branch=dev&label=CI%2FCD%20dev" />
|
||||
<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/staging.yml?branch=staging&label=CI%2FCD%20staging" />
|
||||
<a href="https://www.bestpractices.dev/projects/8001">
|
||||
<img src="https://www.bestpractices.dev/projects/8001/badge">
|
||||
</a>
|
||||
</p>
|
||||
|
||||
The MaxMind DB format is an open format. The spec is available at
|
||||
https://maxmind.github.io/MaxMind-DB/. This spec is licensed under the
|
||||
Creative Commons Attribution-ShareAlike 3.0 Unported License.
|
||||
<p align="center">
|
||||
🌐 <a href="https://www.bunkerweb.io/?utm_campaign=self&utm_source=github">Website</a>
|
||||
|
|
||||
🤝 <a href="https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github">Panel</a>
|
||||
|
|
||||
📓 <a href="https://docs.bunkerweb.io/?utm_campaign=self&utm_source=github">Documentation</a>
|
||||
|
|
||||
👨💻 <a href="https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github">Demo</a>
|
||||
|
|
||||
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/examples">Examples</a>
|
||||
|
|
||||
💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
|
||||
|
|
||||
📝 <a href="https://github.com/bunkerity/bunkerweb/discussions">Forum</a>
|
||||
<br/>
|
||||
⚙️ <a href="https://config.bunkerweb.io/?utm_campaign=self&utm_source=github">Configurator</a>
|
||||
|
|
||||
🗺️ <a href="https://threatmap.bunkerweb.io/?utm_campaign=self&utm_source=github">Threatmap</a>
|
||||
</p>
|
||||
|
||||
See https://dev.maxmind.com/ for more details about MaxMind's GeoIP2 products.
|
||||
> 🛡️ Make security by default great again !
|
||||
|
||||
# BunkerWeb
|
||||
|
||||
<p align="center">
|
||||
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/intro-overview.svg" />
|
||||
</p>
|
||||
|
||||
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
|
||||
|
||||
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
|
||||
|
||||
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github).
|
||||
|
||||
## Why BunkerWeb ?
|
||||
|
||||
- **Easy integration into existing environments** : Seamlessly integrate BunkerWeb into various environments such as Linux, Docker, Swarm, Kubernetes and more. Enjoy a smooth transition and hassle-free implementation.
|
||||
- **Highly customizable** : Tailor BunkerWeb to your specific requirements with ease. Enable, disable, and configure features effortlessly, allowing you to customize the security settings according to your unique use case.
|
||||
- **Secure by default** : BunkerWeb provides out-of-the-box, hassle-free minimal security for your web services. Experience peace of mind and enhanced protection right from the start.
|
||||
- **Awesome web UI** : Take control of BunkerWeb more efficiently with the exceptional web user interface (UI). Navigate settings and configurations effortlessly through a user-friendly graphical interface, eliminating the need for the command-line interface (CLI).
|
||||
- **Plugin system** : Extend the capabilities of BunkerWeb to meet your own use cases. Seamlessly integrate additional security measures and customize the functionality of BunkerWeb according to your specific requirements.
|
||||
- **Free as in "freedom"** : BunkerWeb is licensed under the free [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html), embracing the principles of freedom and openness. Enjoy the freedom to use, modify, and distribute the software, backed by a supportive community.
|
||||
- **Professional services** : Get technical support, tailored consulting and custom development directly from the maintainers of BunkerWeb. Visit the [Bunker Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github) for more information.
|
||||
|
||||
## Security features
|
||||
|
||||
A non-exhaustive list of security features :
|
||||
|
||||
- **HTTPS** support with transparent **Let's Encrypt** automation
|
||||
- **State-of-the-art web security** : HTTP security headers, prevent leaks, TLS hardening, ...
|
||||
- Integrated **ModSecurity WAF** with the **OWASP Core Rule Set**
|
||||
- **Automatic ban** of strange behaviors based on HTTP status code
|
||||
- Apply **connections and requests limit** for clients
|
||||
- **Block bots** by asking them to solve a **challenge** (e.g. : cookie, javascript, captcha, hCaptcha or reCAPTCHA)
|
||||
- **Block known bad IPs** with external blacklists and DNSBL
|
||||
- And much more ...
|
||||
|
||||
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation.
|
||||
|
||||
## Demo
|
||||
|
||||
<p align="center">
|
||||
<a href="https://www.youtube.com/watch?v=ZhYV-QELzA4" target="_blank"><img alt="BunkerWeb demo" src="https://img.youtube.com/vi/ZhYV-QELzA4/0.jpg" /></a>
|
||||
</p>
|
||||
|
||||
A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github). Feel free to visit it and perform some security tests.
|
||||
|
||||
## Professional services
|
||||
|
||||
Maximize your BunkerWeb experience by getting professional services directly from the maintainers of the project. Whether you require technical support, personalized consulting, or development services, we stand ready to assist you in fortifying the security of your web services.
|
||||
|
||||
You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github), our dedicated platform for professional services.
|
||||
|
||||
Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=github) if you have any question, we will be more than happy to respond to your needs.
|
||||
|
||||
## Ecosystem, community and resources
|
||||
|
||||
Official websites, tools and resources about BunkerWeb :
|
||||
|
||||
- [**Website**](https://www.bunkerweb.io/?utm_campaign=self&utm_source=github) : get more information, news and articles about BunkerWeb
|
||||
- [**Panel**](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github) : dedicated platform to order and manage professional services (e.g. technical support) around BunkerWeb
|
||||
- [**Documentation**](https://docs.bunkerweb.io/?utm_campaign=self&utm_source=github) : technical documentation of the BunkerWeb solution
|
||||
- [**Demo**](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github) : demonstration website of BunkerWeb, don't hesitate to attempt attacks to test the robustness of the solution
|
||||
- [**Configurator**](https://config.bunkerweb.io/?utm_campaign=self&utm_source=github) : user-friendly tool to help you configure BunkerWeb
|
||||
- [**Threatmap**](https://threatmap.bunkerweb.io/?utm_campaign=self&utm_source=github) : live cyber attack blocked by BunkerWeb instances all around the world
|
||||
|
||||
Community and social networks :
|
||||
|
||||
- [**Discord**](https://discord.com/invite/fTf46FmtyD)
|
||||
- [**LinkedIn**](https://www.linkedin.com/company/bunkerity/)
|
||||
- [**Twitter**](https://twitter.com/bunkerity)
|
||||
- [**Reddit**](https://www.reddit.com/r/BunkerWeb/)
|
||||
|
||||
# Concepts
|
||||
|
||||
<p align="center">
|
||||
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/concepts.svg" />
|
||||
</p>
|
||||
|
||||
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.5/concepts/?utm_campaign=self&utm_source=github).
|
||||
|
||||
## Integrations
|
||||
|
||||
The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word "integration" instead of "installation" because one of the goals of BunkerWeb is to integrate seamlessly into existing environments.
|
||||
|
||||
The following integrations are officially supported :
|
||||
|
||||
- [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker)
|
||||
- [Docker autoconf](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
|
||||
- [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm)
|
||||
- [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes)
|
||||
- [Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux)
|
||||
- [Ansible](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible)
|
||||
- [Vagrant](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant)
|
||||
|
||||
## Settings
|
||||
|
||||
Once BunkerWeb is integrated into your environment, you will need to configure it to serve and protect your web applications.
|
||||
|
||||
The configuration of BunkerWeb is done by using what we call the "settings" or "variables". Each setting is identified by a name such as `AUTO_LETS_ENCRYPT` or `USE_ANTIBOT`. You can assign values to the settings to configure BunkerWeb.
|
||||
|
||||
Here is a dummy example of a BunkerWeb configuration :
|
||||
|
||||
```conf
|
||||
SERVER_NAME=www.example.com
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
USE_ANTIBOT=captcha
|
||||
REFERRER_POLICY=no-referrer
|
||||
USE_MODSECURITY=no
|
||||
USE_GZIP=yes
|
||||
USE_BROTLI=no
|
||||
```
|
||||
|
||||
You will find an easy to use settings generator at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=github).
|
||||
|
||||
## Multisite mode
|
||||
|
||||
The multisite mode is a crucial concept to understand when using BunkerWeb. Because the goal is to protect web applications, we intrinsically inherit the concept of "virtual host" or "vhost" (more info [here](https://en.wikipedia.org/wiki/Virtual_hosting)) which makes it possible to serve multiple web applications from a single (or a cluster of) instance.
|
||||
|
||||
By default, the multisite mode of BunkerWeb is disabled which means that only one web application will be served and all the settings will be applied to it. The typical use case is when you have a single application to protect : you don't have to worry about the multisite and the default behavior should be the right one for you.
|
||||
|
||||
When multisite mode is enabled, BunkerWeb will serve and protect multiple web applications. Each web application is identified by a unique server name and have its own set of settings. The typical use case is when you have multiple applications to protect and you want to use a single (or a cluster depending of the integration) instance of BunkerWeb.
|
||||
|
||||
## Custom configurations
|
||||
|
||||
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.
|
||||
|
||||
Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block).
|
||||
|
||||
Another core component of BunkerWeb is the ModSecurity Web Application Firewall : you can also use custom configurations to fix some false positives or add custom rules for example.
|
||||
|
||||
## Database
|
||||
|
||||
State of the current configuration of BunkerWeb is stored in a backend database which contains the following data :
|
||||
|
||||
- Settings defined for all the services
|
||||
- Custom configurations
|
||||
- BunkerWeb instances
|
||||
- Metadata about jobs execution
|
||||
- Cached files
|
||||
|
||||
The following backend database are supported : SQLite, MariaDB, MySQL and PostgreSQL
|
||||
|
||||
## Scheduler
|
||||
|
||||
To make things automagically work together, a dedicated service called the scheduler is in charge of :
|
||||
|
||||
- Storing the settings and custom configurations inside the database
|
||||
- Executing various tasks (called jobs)
|
||||
- Generating a configuration which is understood by BunkerWeb
|
||||
- Being the intermediary for other services (like web UI or autoconf)
|
||||
|
||||
In other words, the scheduler is the brain of BunkerWeb.
|
||||
|
||||
# Setup
|
||||
|
||||
## Docker
|
||||
|
||||
<p align="center">
|
||||
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-docker.svg" />
|
||||
</p>
|
||||
|
||||
We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity).
|
||||
|
||||
Docker integration key concepts are :
|
||||
|
||||
- **Environment variables** to configure BunkerWeb
|
||||
- **Scheduler** container to store configuration and execute jobs
|
||||
- **Networks** to expose ports for clients and connect to upstream web services
|
||||
|
||||
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.
|
||||
|
||||
## Docker autoconf
|
||||
|
||||
<p align="center">
|
||||
<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-autoconf.svg" />
|
||||
</p>
|
||||
|
||||
The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container.
|
||||
|
||||
Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest.
|
||||
|
||||
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
|
||||
|
||||
## Swarm
|
||||
|
||||
<p align="center">
|
||||
<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-swarm.svg" />
|
||||
</p>
|
||||
|
||||
To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime.
|
||||
|
||||
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
|
||||
|
||||
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
|
||||
|
||||
## Kubernetes
|
||||
|
||||
<p align="center">
|
||||
<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-kubernetes.svg" />
|
||||
</p>
|
||||
|
||||
The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations.
|
||||
|
||||
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
|
||||
|
||||
## Linux
|
||||
|
||||
<p align="center">
|
||||
<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-linux.svg" />
|
||||
</p>
|
||||
|
||||
List of supported Linux distros :
|
||||
|
||||
- Debian 12 "Bookworm"
|
||||
- Ubuntu 22.04 "Jammy"
|
||||
- Fedora 39
|
||||
- RHEL 8.9
|
||||
|
||||
Repositories of Linux packages for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb), they provide a bash script to automatically add and trust the repository (but you can also follow the [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer).
|
||||
|
||||
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
|
||||
|
||||
## Ansible
|
||||
|
||||
<p align="center">
|
||||
<img alt="Ansible banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-ansible.svg" />
|
||||
</p>
|
||||
|
||||
List of supported Linux distros :
|
||||
|
||||
- Debian 12 "Bookworm"
|
||||
- Ubuntu 22.04 "Jammy"
|
||||
- Fedora 39
|
||||
- RHEL 8.9
|
||||
|
||||
[Ansible](https://www.ansible.com/) is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
|
||||
|
||||
A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/bunkerity/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
|
||||
|
||||
You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible) of the documentation.
|
||||
|
||||
## Vagrant
|
||||
|
||||
We maintain ready to use Vagrant boxes hosted on Vagrant cloud for the following providers :
|
||||
|
||||
- virtualbox
|
||||
- libvirt
|
||||
|
||||
You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant) of the documentation.
|
||||
|
||||
# Quickstart guide
|
||||
|
||||
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.5/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases :
|
||||
|
||||
- Protecting a single HTTP application
|
||||
- Protecting multiple HTTP application
|
||||
- Retrieving the real IP of clients when operating behind a load balancer
|
||||
- Adding custom configurations
|
||||
- Protecting generic TCP/UDP applications
|
||||
- In combination with PHP
|
||||
|
||||
# Security tuning
|
||||
|
||||
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
|
||||
|
||||
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) of the documentation.
|
||||
|
||||
# Settings
|
||||
|
||||
To help you tuning BunkerWeb we have made an easy to use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=github).
|
||||
|
||||
As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server you will need to add the primary (first) server name as a prefix like `www.example.com_USE_ANTIBOT=captcha` or `myapp.example.com_USE_GZIP=yes` for example.
|
||||
|
||||
When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
|
||||
|
||||
Check the [settings section](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
|
||||
|
||||
# Web UI
|
||||
|
||||
<p align="center">
|
||||
<a href="https://www.youtube.com/watch?v=Ao20SfvQyr4">
|
||||
<img src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/user_interface_demo.png" height="300" />
|
||||
</a>
|
||||
</p>
|
||||
|
||||
The "Web UI" is a web application that helps you manage your BunkerWeb instance using a user-friendly interface instead of the command-line one.
|
||||
|
||||
- Start, stop, restart and reload your BunkerWeb instance
|
||||
- Add, edit and delete settings for your web applications
|
||||
- Add, edit and delete custom configurations for NGINX and ModSecurity
|
||||
- Install and uninstall external plugins
|
||||
- Explore the cached files
|
||||
- Monitor jobs execution
|
||||
- View the logs and search pattern
|
||||
|
||||
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
|
||||
|
||||
# Plugins
|
||||
|
||||
BunkerWeb comes with a plugin system to make it possible to easily add new features. Once a plugin is installed, you can manage it using additional settings defined by the plugin.
|
||||
|
||||
Here is the list of "official" plugins that we maintain (see the [bunkerweb-plugins](https://github.com/bunkerity/bunkerweb-plugins/?utm_campaign=self&utm_source=github) repository for more information) :
|
||||
|
||||
| Name | Version | Description | Link |
|
||||
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------: |
|
||||
| **ClamAV** | 1.3 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
|
||||
| **Coraza** | 1.3 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
|
||||
| **CrowdSec** | 1.3 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
|
||||
| **Discord** | 1.3 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
|
||||
| **Slack** | 1.3 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
|
||||
| **VirusTotal** | 1.3 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
|
||||
| **WebHook** | 1.3 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
|
||||
|
||||
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github) of the documentation.
|
||||
|
||||
# Support
|
||||
|
||||
## Professional
|
||||
|
||||
Get technical support directly from the BunkerWeb maintainers. You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github), our dedicated platform for professional services.
|
||||
|
||||
Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=github) if you have any question, we will be more than happy to respond to your needs.
|
||||
|
||||
## Community
|
||||
|
||||
To get free community support you can use the following media :
|
||||
|
||||
- The #help channel of BunkerWeb in the [Discord server](https://discord.com/invite/fTf46FmtyD)
|
||||
- The help category of [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions)
|
||||
- The [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit
|
||||
- The [Server Fault](https://serverfault.com/) and [Super User](https://superuser.com/) forums
|
||||
|
||||
Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues) to ask for help, use it only for bug reports and feature requests.
|
||||
|
||||
# License
|
||||
|
||||
This library is licensed under the Apache License, Version 2.
|
||||
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/LICENSE.md).
|
||||
|
||||
# Installation
|
||||
# Contribute
|
||||
|
||||
## From a Named Release Tarball
|
||||
If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/CONTRIBUTING.md) to get started.
|
||||
|
||||
**NOTE:** These instructions are for installation from the _named_ `.tar.gz`
|
||||
tarballs on the [Releases](https://github.com/maxmind/libmaxminddb/releases)
|
||||
page (e.g. `libmaxminddb-*.tar.gz`).
|
||||
# Security policy
|
||||
|
||||
This code is known to work with GCC 4.4+ and clang 3.2+. It should also work
|
||||
on other compilers that supports C99, POSIX.1-2001, and the `-fms-extensions
|
||||
flag` (or equivalent). The latter is needed to allow an anonymous union in a
|
||||
structure.
|
||||
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/SECURITY.md) for more information.
|
||||
|
||||
To install this code, run the following commands:
|
||||
# Stargazers over time
|
||||
|
||||
$ ./configure
|
||||
$ make
|
||||
$ make check
|
||||
$ sudo make install
|
||||
$ sudo ldconfig
|
||||
|
||||
You can skip the `make check` step but it's always good to know that tests are
|
||||
passing on your platform.
|
||||
|
||||
The `configure` script takes the standard options to set where files are
|
||||
installed such as `--prefix`, etc. See `./configure --help` for details.
|
||||
|
||||
If after installing, you receive an error that `libmaxminddb.so.0` is missing
|
||||
you may need to add the `lib` directory in your `prefix` to your library path.
|
||||
On most Linux distributions when using the default prefix (`/usr/local`), you
|
||||
can do this by running the following commands:
|
||||
|
||||
$ sudo sh -c "echo /usr/local/lib >> /etc/ld.so.conf.d/local.conf"
|
||||
$ ldconfig
|
||||
|
||||
## From a GitHub "Source Code" Archive / Git Repo Clone (Achtung!)
|
||||
|
||||
**NOTE:** These instructions are for installation from the GitHub "Source
|
||||
Code" archives also available on the
|
||||
[Releases](https://github.com/maxmind/libmaxminddb/releases) page (e.g.
|
||||
`X.Y.Z.zip` or `X.Y.Z.tar.gz`), as well as installation directly from a clone
|
||||
of the [Git repo](https://github.com/maxmind/libmaxminddb). Installation from
|
||||
these sources are possible but will present challenges to users not
|
||||
comfortable with manual dependency resolution.
|
||||
|
||||
You will need `automake`, `autoconf`, and `libtool` installed
|
||||
in addition to `make` and a compiler.
|
||||
|
||||
You can clone this repository and build it by running:
|
||||
|
||||
$ git clone --recursive https://github.com/maxmind/libmaxminddb
|
||||
|
||||
After cloning, run `./bootstrap` from the `libmaxminddb` directory and then
|
||||
follow the instructions for installing from a named release tarball as
|
||||
described above.
|
||||
|
||||
## Using CMake
|
||||
|
||||
We provide a CMake build script. This is primarily targeted at Windows users,
|
||||
but it can be used in other circumstances where the Autotools script does not
|
||||
work.
|
||||
|
||||
$ mkdir build && cd build
|
||||
$ cmake ..
|
||||
$ cmake --build .
|
||||
$ ctest -V .
|
||||
$ cmake --build . --target install
|
||||
|
||||
When building with Visual Studio, you may build a multithreaded (MT/MTd)
|
||||
runtime library, using the `MSVC_STATIC_RUNTIME` setting:
|
||||
|
||||
$ cmake -DMSVC_STATIC_RUNTIME=ON -DBUILD_SHARED_LIBS=OFF ..
|
||||
|
||||
## On Ubuntu via PPA
|
||||
|
||||
MaxMind provides a PPA for recent version of Ubuntu. To add the PPA to your
|
||||
APT sources, run:
|
||||
|
||||
$ sudo add-apt-repository ppa:maxmind/ppa
|
||||
|
||||
Then install the packages by running:
|
||||
|
||||
$ sudo apt update
|
||||
$ sudo apt install libmaxminddb0 libmaxminddb-dev mmdb-bin
|
||||
|
||||
## On macOS via Homebrew or MacPorts
|
||||
|
||||
You can install libmaxminddb on macOS using [Homebrew](https://brew.sh):
|
||||
|
||||
$ brew install libmaxminddb
|
||||
|
||||
Or with [MacPorts](https://ports.macports.org/port/libmaxminddb):
|
||||
|
||||
$ sudo port install libmaxminddb
|
||||
|
||||
# Requirements
|
||||
|
||||
libmaxminddb requires a minimum of POSIX.1-2001 support. If not specified
|
||||
at compilation time, it defaults to requesting POSIX.1-2008 support.
|
||||
|
||||
# Bug Reports
|
||||
|
||||
Please report bugs by filing an issue with our GitHub issue tracker at
|
||||
https://github.com/maxmind/libmaxminddb/issues
|
||||
|
||||
# Creating a Release Tarball
|
||||
|
||||
Use `make safedist` to check the resulting tarball.
|
||||
|
||||
# Copyright and License
|
||||
|
||||
Copyright 2013-2023 MaxMind, Inc.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
[](https://starchart.cc/bunkerity/bunkerweb)
|
||||
|
|
|
|||
17
SECURITY.md
Normal file
17
SECURITY.md
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
# Security policy
|
||||
|
||||
Even though this project is focused on security, it is still prone to possible vulnerabilities. We consider every security bug as a serious issue and will try our best to address it.
|
||||
|
||||
## Responsible disclosure
|
||||
|
||||
If you have found a security bug, please send us an email at security \[@\] bunkerity.com (using a ProtonMail if possible) with technical details so we can resolve it as soon as possible.
|
||||
|
||||
Here is a non-exhaustive list of issues we consider as high risk :
|
||||
- Vulnerability in the code
|
||||
- Bypass of a security feature
|
||||
- Vulnerability in a third-party dependency
|
||||
- Risk in the supply chain
|
||||
|
||||
## Bounty
|
||||
|
||||
To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.
|
||||
5
TODO
Normal file
5
TODO
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
- Ansible
|
||||
- Vagrant
|
||||
- Plugins
|
||||
- Find a way to do rdns in background
|
||||
- fix db warnings (Got an error reading communication packets)
|
||||
4
docs/Dockerfile
Normal file
4
docs/Dockerfile
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
FROM squidfunk/mkdocs-material@sha256:e5f28aa0c3ac8206f93e44a0c52ea85616b0d6c674319cd1d87a241594788355
|
||||
|
||||
COPY mkdocs.yml /docs
|
||||
COPY docs /docs/docs
|
||||
99
docs/about.md
Normal file
99
docs/about.md
Normal file
|
|
@ -0,0 +1,99 @@
|
|||
# About
|
||||
|
||||
## Who maintains BunkerWeb ?
|
||||
|
||||
BunkerWeb is maintained by [Bunkerity](https://www.bunkerity.com/?utm_campaign=self&utm_source=doc), a French 🇫🇷 company specialized in Cybersecurity 🛡️.
|
||||
|
||||
## Do you offer professional services ?
|
||||
|
||||
Yes, we offer professional services related to BunkerWeb such as :
|
||||
|
||||
- Consulting
|
||||
- Support
|
||||
- Custom development
|
||||
- Partnership
|
||||
|
||||
**We have a [dedicated panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) to centralize all professional requests.**
|
||||
|
||||
You can also contact use at [contact@bunkerity.com](mailto:contact@bunkerity.com) if you are interested.
|
||||
|
||||
## Where to get community support ?
|
||||
|
||||
To get free community support, you can use the following media :
|
||||
|
||||
- The #help channel of BunkerWeb in the [Discord server](https://discord.com/invite/fTf46FmtyD)
|
||||
- The help category of [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions)
|
||||
- The [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit
|
||||
- The [Server Fault](https://serverfault.com/) and [Super User](https://superuser.com/) forums
|
||||
|
||||
Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues) to ask for help, use it only for bug reports and feature requests.
|
||||
|
||||
## How can I contribute ?
|
||||
|
||||
Here is a non-exhaustive list of what you can do :
|
||||
|
||||
- Join the [Discord server](https://discord.com/invite/fTf46FmtyD), [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit and [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions) to talk about the project and help others
|
||||
- Follow us on [LinkedIn](https://www.linkedin.com/company/bunkerity/), [Twitter](https://twitter.com/bunkerity) and [GitHub](https://github.com/bunkerity)
|
||||
- Report bugs and propose new features using [issues](https://github.com/bunkerity/bunkerweb/issues)
|
||||
- Contribute to the code using [pull requests](https://github.com/bunkerity/bunkerweb/pulls)
|
||||
- Write an awesome [plugin](plugins.md)
|
||||
- Talk about BunkerWeb to your friends/colleagues, on social media, on your blog, ...
|
||||
|
||||
## How to report security issue ?
|
||||
|
||||
Please contact us at [security@bunkerity.com](mailto:security@bunkerity.com) using the following PGP key :
|
||||
|
||||
```conf
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGCEMiMBEACtXJBDbF86qjC/Q1cfmJfYcYrbk6eE5czknG294XObC97wAgDf
|
||||
/MbX6bnti4kDRpflGDqQtwOXudcEzledTD4bdDUKvZwqPoYQGa24uCuUxSINTLXr
|
||||
RuoMaKfpvs7trsFXp5iYUqf4Org2aaJE7Tk/9sOvxgdqsT22jEgCZXTRU1qG494U
|
||||
u6XRQN8hKlw6aa6njjX9vUk6Jpl46/kwwO9mpXBZX6iFKYnBlUWs2k8d6D6cO5aZ
|
||||
KLoYyz5v3Gw2hHSqj4qbVQPTIT7qrrcfd8nblYK7Dh3IM+vQq7a7lB0AudIyBNPd
|
||||
rsypi9ZYgwI3lv/rmQnDc32Ua5cLvTvgg/XoaNK9ogc3kei1+hXODEgRA/zvSKqq
|
||||
20i/1Y0OnIGv89LOI6urWpOgDAhQUV5xvANll2lm3Bkmy29UOzNadUc/yImxrM06
|
||||
HwX82ju6PFAqOaxMW6SEE71ylGOSlikAGNcmmc5Ihd1J/VRZA4PBiQ31gQxFRpUC
|
||||
3NTw2QNAD1kjni5PuQD10Q1Ognvb6uJh/MtqsoX6r1t+Oly9MblFSuyqFkqNO3F0
|
||||
QAJqprhJlQ3YOcJdJ1EZR7qs0xJm5h+lw0Z/UINqkwiZUW3PCO8BKxfq6sfdwM8L
|
||||
5hPhyUzy2gIJ0J/4NGYEBH1ojoYODGU8OCSmyjSTY9SoVMeWDfqYP4ZTvQARAQAB
|
||||
tCVidW5rZXJpdHktcGdwIDxjb250YWN0QGJ1bmtlcml0eS5jb20+iQJUBBMBCAA+
|
||||
FiEEw78SjkcVxXCq7hStPYCAbxJgKnwFAmCEMiMCGwMFCQPCIP0FCwkIBwIGFQoJ
|
||||
CAsCBBYCAwECHgECF4AACgkQPYCAbxJgKnzvYhAAnNqGB6ce2eZzwk1EiNlNaXaA
|
||||
hFWLq/s/J1IOAP+0V5jKJxA6zTX01HyIfIIHQy6nrxxEXzYsIUHdJ+HBPCNswCqn
|
||||
2d/aDkkfoEUc1bUD0c2bXfoSCsAeIoK+eOf6iSr4IENVoIUYFQTUKFNu+Y7eDL0I
|
||||
J8Xadg53G+fkK9LE6TeYpBs3hDT4w7vlDfIwWa1NC9HoLzSmZ2fqZ7SnihLGsLmp
|
||||
98VqDrDjhRPzrz5/tVYgvPCQQU5ED/TayCCYvrGpw9gP8qmEOabIUz0ppGwEfQVs
|
||||
Wycilm1/Js/qjdbxUFMipBIzDu7bI3kMLmENhI+16Xtub9dUrvkW2SdDngYhtWj8
|
||||
IzVOe6N/XDuiRGpaYFpEuXbrnDFexe1ygZwnVHt3fukPfa7W8mhMs2kY1ishIA0O
|
||||
WElKO1Q6N0ZWEad0PwM8NCDjaDUNWQC36ZF/MS+ipHWx9joPUjImY2AXDjN+L+Si
|
||||
ABQIe4Fo6Jx6S6Bi8YvPq8idYZvaWFJjBvmaPjxdUMPbIsMRiEjvlrhvqhLuVBpE
|
||||
lGA+M4UJGw5yBl+yiiLDuws/Fppv9HwNqw6Uq1m1XaW859Om1GGBKYfphyn+fHjR
|
||||
7ftOuT7Ss4zioXT4mscOZgkfzDAqgpZiHjYhe7tLUu7iD6UEsZmey/gRV0hCxng3
|
||||
N7yaRrBu0+3sIQV4jYC5Ag0EYIQyIwEQALSurJGOx7At5mRFjvhXd4/JHuBZZOSI
|
||||
M45LSJ+mKYnAGmwsL0AneZMIf6Yc0Vcn32oqlIXN5aB8jIt91pChLre8tl/lFZZP
|
||||
xY3WIEBJhZF0FIUqSQLjg4HD0S70REii7Om1kgtZueid8V6T5F1JDcO2mDoh8oc9
|
||||
h9nRQ1Ld6dblEuwBzbFkI1K6OUk1+ec7+mQc7orHdBVgelmqwG7fGZnPiN3XfklF
|
||||
dnwSkFIX/qkAsKQmmx1VSzaGFoPLajf4wrkzZdA3iEafsHyvdEFlezZCZ7TsoHBh
|
||||
tNg1Psg6MbBVgiMfHyRHSEBJZ7r5Awj2MpFUFMOd1IPcor1I254mx0VYfCvof4Km
|
||||
Ri1F/86kHc23A77pd4HFYZWiZjaWhh12L+wz5fDL5/sSFXVGSCtSWIKx6FjysZ+v
|
||||
szk3lItHoomZhA7M+FjU/cOjq9hae9uwZeU39DQk0/npln2RcHitoqgUIzII5woO
|
||||
S3SlMSc910tHf40D2cBr1iFKC0jQICjkDexB9CtNx/N25SJmLfiimYtk6/NHlPq4
|
||||
HXdq6ZfLZ7xQmuGcyWv4f0pwA2CK3twISpsIxIKe456WYTDtQu9d1s987dvmw6F/
|
||||
qURC6m2WPGroHb8COQTKzbshjpGUmLpyR3FXki4wNXeI1KaQLL7NpZmK6yJlWviO
|
||||
1sCjh4m7VS+zABEBAAGJAjwEGAEIACYWIQTDvxKORxXFcKruFK09gIBvEmAqfAUC
|
||||
YIQyIwIbDAUJA8Ig/QAKCRA9gIBvEmAqfP2WEACqmXEhu4ARl2yT9bay0+W3F1q1
|
||||
MrLQkcVOau2ihXx3PhYsXRUoEFj72VDAar41WIlHsPJfB14WtSlYcX2XdjHLHMpC
|
||||
dL2eGhqIcHzFChR0vGjtvm2wae/rJTChWf8WXiHrRnRcfFFfhpCvkNi43fQeH4yp
|
||||
cel2a35WV+IRbnkCkaly2NG3XO0t83Siok8Ku+OJGPatUMxJmaEVQeeXVPDzVRva
|
||||
rtvyd9Sclkd9QDPBLZyWHC1vsPKGRJpi5uDZjGxhaFRkimw/SYtFHj7AUrMKAIHB
|
||||
GfEcwC3Eq4rF0FeCOPfBd2vwGGrRflx76jK9rj288ta9Oq6u6ev8PCVzt0E7jrSf
|
||||
AX88vfVRcxihNfj/9i5xmY596jpgbvNA2aJX2hAO3Q8pD6AunVXPUyc3RlFHt7jC
|
||||
tL+9Xv7Qwjz7OToWqj+9cM6T+6oZLxYNVPT72Z/KOFW+mzGb87qjcsDMb/hu2fNq
|
||||
tSWyZk2AAgHQyG1y8vCQQzsDnUDM6NIPwYG5XMP+11WAsPk5fP1ksixpUqIWgjhY
|
||||
M22YUsjLeaRtgSmhAGIkbBgecs1EHSZZ6sf2lB8gSom1wW0UCBPSifP0DwYFizS5
|
||||
SOk62kZ0lqEctwgKDe3MNQnPxt9+tU9L1pIkyXgXihcOLiCMl434K0djJXxIbiX0
|
||||
JvbFAfI3qteepvnjBQ==
|
||||
=g1tf
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
```
|
||||
55
docs/assets/extra.css
Normal file
55
docs/assets/extra.css
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
/* avoid font to pop on family change */
|
||||
* {
|
||||
font-display: swap;
|
||||
}
|
||||
|
||||
:root {
|
||||
--md-primary-fg-color: #125678;
|
||||
--md-text-font: "Roboto";
|
||||
}
|
||||
|
||||
.md-footer {
|
||||
background-color: #125678;
|
||||
}
|
||||
|
||||
/* better link contrast */
|
||||
article a {
|
||||
color: #2388bb;
|
||||
}
|
||||
|
||||
/* highlight content links */
|
||||
article a,
|
||||
article p > a {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
/* header list links and config tabs stay default */
|
||||
article li > a,
|
||||
article label > a {
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
/* lighter base tab color */
|
||||
nav.md-tabs ul li a {
|
||||
opacity: 0.9;
|
||||
}
|
||||
|
||||
/* active desktop tabs nav */
|
||||
nav.md-tabs ul li.md-tabs__item--active a {
|
||||
color: #36ce7a;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
nav.md-tabs ul li.md-tabs__item--active a:hover {
|
||||
filter: brightness(0.9);
|
||||
}
|
||||
/*
|
||||
@font-face {
|
||||
font-family: Consolas, monaco, monospace;
|
||||
}
|
||||
|
||||
@font-face {
|
||||
font-family: "TitleFont";
|
||||
src: "assets/font-title.woff";
|
||||
}
|
||||
*/
|
||||
BIN
docs/assets/favicon.png
Normal file
BIN
docs/assets/favicon.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.4 KiB |
1
docs/assets/img/bunkerweb_db.svg
Normal file
1
docs/assets/img/bunkerweb_db.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 38 KiB |
1
docs/assets/img/concepts.svg
Normal file
1
docs/assets/img/concepts.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 76 KiB |
86
docs/assets/img/core-order.svg
Normal file
86
docs/assets/img/core-order.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 138 KiB |
BIN
docs/assets/img/demo.gif
Normal file
BIN
docs/assets/img/demo.gif
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 48 MiB |
1
docs/assets/img/integration-ansible.svg
Normal file
1
docs/assets/img/integration-ansible.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 91 KiB |
1
docs/assets/img/integration-autoconf.svg
Normal file
1
docs/assets/img/integration-autoconf.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 104 KiB |
1
docs/assets/img/integration-docker.svg
Normal file
1
docs/assets/img/integration-docker.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 70 KiB |
1
docs/assets/img/integration-kubernetes.svg
Normal file
1
docs/assets/img/integration-kubernetes.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 170 KiB |
1
docs/assets/img/integration-linux.svg
Normal file
1
docs/assets/img/integration-linux.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 98 KiB |
1
docs/assets/img/integration-swarm.svg
Normal file
1
docs/assets/img/integration-swarm.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 138 KiB |
1
docs/assets/img/intro-overview.svg
Normal file
1
docs/assets/img/intro-overview.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 111 KiB |
BIN
docs/assets/img/manage-account.webp
Normal file
BIN
docs/assets/img/manage-account.webp
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 32 KiB |
BIN
docs/assets/img/profile-2fa.webp
Normal file
BIN
docs/assets/img/profile-2fa.webp
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 12 KiB |
BIN
docs/assets/img/profile-totp.webp
Normal file
BIN
docs/assets/img/profile-totp.webp
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 28 KiB |
BIN
docs/assets/img/profile-username-password.webp
Normal file
BIN
docs/assets/img/profile-username-password.webp
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 48 KiB |
BIN
docs/assets/img/todo.jpg
Normal file
BIN
docs/assets/img/todo.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 3.6 KiB |
BIN
docs/assets/img/ui-wizard-account.webp
Normal file
BIN
docs/assets/img/ui-wizard-account.webp
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 15 KiB |
BIN
docs/assets/img/ui-wizard-settings.webp
Normal file
BIN
docs/assets/img/ui-wizard-settings.webp
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 22 KiB |
BIN
docs/assets/img/user_interface_demo.webp
Normal file
BIN
docs/assets/img/user_interface_demo.webp
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 14 KiB |
BIN
docs/assets/logo.png
Normal file
BIN
docs/assets/logo.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 4.5 KiB |
146
docs/concepts.md
Normal file
146
docs/concepts.md
Normal file
|
|
@ -0,0 +1,146 @@
|
|||
# Concepts
|
||||
|
||||
<figure markdown>
|
||||
{ align=center, width="600" }
|
||||
</figure>
|
||||
|
||||
## Integrations
|
||||
|
||||
The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word "integration" instead of "installation" because one of the goals of BunkerWeb is to integrate seamlessly into existing environments.
|
||||
|
||||
The following integrations are officially supported :
|
||||
|
||||
- [Docker](integrations.md#docker)
|
||||
- [Docker autoconf](integrations.md#docker-autoconf)
|
||||
- [Swarm](integrations.md#swarm)
|
||||
- [Kubernetes](integrations.md#kubernetes)
|
||||
- [Linux](integrations.md#linux)
|
||||
- [Ansible](integrations.md#ansible)
|
||||
- [Vagrant](integrations.md#vagrant)
|
||||
|
||||
If you think that a new integration should be supported, do not hesitate to open a [new issue](https://github.com/bunkerity/bunkerweb/issues) on the GitHub repository.
|
||||
|
||||
!!! info "Going further"
|
||||
|
||||
The technical details of all BunkerWeb integrations are available in the [integrations section](integrations.md) of the documentation.
|
||||
|
||||
## Settings
|
||||
|
||||
Once BunkerWeb is integrated into your environment, you will need to configure it to serve and protect your web applications.
|
||||
|
||||
The configuration of BunkerWeb is done by using what we call the "settings" or "variables". Each setting is identified by a name such as `AUTO_LETS_ENCRYPT` or `USE_ANTIBOT`. You can assign values to the settings to configure BunkerWeb.
|
||||
|
||||
Here is a dummy example of a BunkerWeb configuration :
|
||||
|
||||
```conf
|
||||
SERVER_NAME=www.example.com
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
USE_ANTIBOT=captcha
|
||||
REFERRER_POLICY=no-referrer
|
||||
USE_MODSECURITY=no
|
||||
USE_GZIP=yes
|
||||
USE_BROTLI=no
|
||||
```
|
||||
|
||||
!!! info "Going further"
|
||||
|
||||
The complete list of available settings with descriptions and possible values is available in the [settings section](settings.md) of the documentation.
|
||||
|
||||
!!! info "Settings generator tool"
|
||||
|
||||
To help you tune BunkerWeb, we offer an easy-to-use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=doc).
|
||||
|
||||
## Multisite mode
|
||||
|
||||
Understanding the multisite mode is essential when utilizing BunkerWeb. As our primary focus is safeguarding web applications, our solution is intricately linked to the concept of "virtual hosts" or "vhosts" (more info [here](https://en.wikipedia.org/wiki/Virtual_hosting)). These virtual hosts enable the serving of multiple web applications from a single instance or cluster.
|
||||
|
||||
By default, BunkerWeb has the multisite mode disabled. This means that only one web application will be served, and all settings will be applied to it. This setup is ideal when you have a single application to protect, as you don't need to concern yourself with multisite configurations.
|
||||
|
||||
However, when the multisite mode is enabled, BunkerWeb becomes capable of serving and protecting multiple web applications. Each web application is identified by a unique server name and has its own set of settings. This mode proves beneficial when you have multiple applications to secure, and you prefer to utilize a single instance (or a cluster) of BunkerWeb.
|
||||
|
||||
The activation of the multisite mode is controlled by the `MULTISITE` setting, which can be set to `yes` to enable it or `no` to keep it disabled (which is the default value).
|
||||
|
||||
Each setting within BunkerWeb has a specific context that determines where it can be applied. If the context is set to "global," the setting can't be applied per server or site but is instead applied to the entire configuration as a whole. On the other hand, if the context is "multisite," the setting can be applied globally and per server. To define a multisite setting for a specific server, simply add the server name as a prefix to the setting name. For example, `app1.example.com_AUTO_LETS_ENCRYPT` or `app2.example.com_USE_ANTIBOT` are examples of setting names with server name prefixes. When a multisite setting is defined globally without a server prefix, all servers inherit that setting. However, individual servers can still override the setting if the same setting is defined with a server name prefix.
|
||||
|
||||
Understanding the intricacies of multisite mode and its associated settings allows you to tailor BunkerWeb's behavior to suit your specific requirements, ensuring optimal protection for your web applications.
|
||||
|
||||
Here's a dummy example of a multisite BunkerWeb configuration :
|
||||
|
||||
```conf
|
||||
MULTISITE=yes
|
||||
SERVER_NAME=app1.example.com app2.example.com app3.example.com
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
USE_GZIP=yes
|
||||
USE_BROTLI=yes
|
||||
app1.example.com_USE_ANTIBOT=javascript
|
||||
app1.example.com_USE_MODSECURITY=no
|
||||
app2.example.com_USE_ANTIBOT=cookie
|
||||
app2.example.com_WHITELIST_COUNTRY=FR
|
||||
app3.example.com_USE_BAD_BEHAVIOR=no
|
||||
```
|
||||
|
||||
!!! info "Going further"
|
||||
|
||||
You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/examples) directory of the repository.
|
||||
|
||||
## Custom configurations
|
||||
|
||||
To address unique challenges and cater to specific use cases, BunkerWeb offers the flexibility of custom configurations. While the provided settings and [external plugins](plugins.md) cover a wide range of scenarios, there may be situations that require additional customization.
|
||||
|
||||
BunkerWeb is built on the renowned NGINX web server, which provides a powerful configuration system. This means you can leverage NGINX's configuration capabilities to meet your specific needs. Custom NGINX configurations can be included in various [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) such as HTTP or server, allowing you to fine-tune the behavior of BunkerWeb according to your requirements. Whether you need to customize global settings or apply configurations to specific server blocks, BunkerWeb empowers you to optimize its behavior to align perfectly with your use case.
|
||||
|
||||
Another integral component of BunkerWeb is the ModSecurity Web Application Firewall. With custom configurations, you have the flexibility to address false positives or add custom rules to further enhance the protection provided by ModSecurity. These custom configurations allow you to fine-tune the behavior of the firewall and ensure that it aligns with the specific requirements of your web applications.
|
||||
|
||||
By leveraging custom configurations, you unlock a world of possibilities to tailor BunkerWeb's behavior and security measures precisely to your needs. Whether it's adjusting NGINX configurations or fine-tuning ModSecurity, BunkerWeb provides the flexibility to meet your unique challenges effectively.
|
||||
|
||||
!!! info "Going further"
|
||||
|
||||
You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/examples) directory of the repository.
|
||||
|
||||
## Database
|
||||
|
||||
BunkerWeb securely stores its current configuration in a backend database, which contains essential data for smooth operation. The following information is stored in the database:
|
||||
|
||||
- **Settings for all services**: The database holds the defined settings for all the services provided by BunkerWeb. This ensures that your configurations and preferences are preserved and readily accessible.
|
||||
|
||||
- **Custom configurations**: Any custom configurations you create are also stored in the backend database. This includes personalized settings and modifications tailored to your specific requirements.
|
||||
|
||||
- **BunkerWeb instances**: Information about BunkerWeb instances, including their setup and relevant details, is stored in the database. This allows for easy management and monitoring of multiple instances if applicable.
|
||||
|
||||
- **Metadata about job execution**: The database stores metadata related to the execution of various jobs within BunkerWeb. This includes information about scheduled tasks, maintenance processes, and other automated activities.
|
||||
|
||||
- **Cached files**: BunkerWeb utilizes caching mechanisms for improved performance. The database holds cached files, ensuring efficient retrieval and delivery of frequently accessed resources.
|
||||
|
||||
Under the hood, whenever you edit a setting or add a new configuration, BunkerWeb automatically stores the changes in the database, ensuring data persistence and consistency. BunkerWeb supports multiple backend database options, including SQLite, MariaDB, MySQL, and PostgreSQL.
|
||||
|
||||
Configuring the database is straightforward using the `DATABASE_URI` setting, which follows the specified formats for each supported database:
|
||||
|
||||
- **SQLite**: `sqlite:///var/lib/bunkerweb/db.sqlite3`
|
||||
- **MariaDB**: `mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db`
|
||||
- **MySQL**: `mysql+pymysql://bunkerweb:changeme@bw-db:3306/db`
|
||||
- **PostgreSQL**: `postgresql://bunkerweb:changeme@bw-db:5432/db`
|
||||
|
||||
By specifying the appropriate database URI in the configuration, you can seamlessly integrate BunkerWeb with your preferred database backend, ensuring efficient and reliable storage of your configuration data.
|
||||
|
||||
<figure markdown>
|
||||
{ align=center, width="800" }
|
||||
<figcaption>Database Schema</figcaption>
|
||||
</figure>
|
||||
|
||||
## Scheduler
|
||||
|
||||
For seamless coordination and automation, BunkerWeb employs a specialized service known as the scheduler. The scheduler plays a vital role in ensuring smooth operation by performing the following tasks:
|
||||
|
||||
- **Storing settings and custom configurations**: The scheduler is responsible for storing all the settings and custom configurations within the backend database. This centralizes the configuration data, making it easily accessible and manageable.
|
||||
|
||||
- **Executing various tasks (jobs)**: The scheduler handles the execution of various tasks, referred to as jobs. These jobs encompass a range of activities, such as periodic maintenance, scheduled updates, or any other automated tasks required by BunkerWeb.
|
||||
|
||||
- **Generating BunkerWeb configuration**: The scheduler generates a configuration that is readily understood by BunkerWeb. This configuration is derived from the stored settings and custom configurations, ensuring that the entire system operates cohesively.
|
||||
|
||||
- **Acting as an intermediary for other services**: The scheduler acts as an intermediary, facilitating communication and coordination between different components of BunkerWeb. It interfaces with services such as the web UI or autoconf, ensuring a seamless flow of information and data exchange.
|
||||
|
||||
In essence, the scheduler serves as the brain of BunkerWeb, orchestrating various operations and ensuring the smooth functioning of the system.
|
||||
|
||||
Depending on the integration approach, the execution environment of the scheduler may differ. In container-based integrations, the scheduler is executed within its dedicated container, providing isolation and flexibility. On the other hand, for Linux-based integrations, the scheduler is self-contained within the bunkerweb service, simplifying the deployment and management process.
|
||||
|
||||
By employing the scheduler, BunkerWeb streamlines the automation and coordination of essential tasks, enabling efficient and reliable operation of the entire system.
|
||||
1
docs/diagrams/concepts.drawio
Normal file
1
docs/diagrams/concepts.drawio
Normal file
File diff suppressed because one or more lines are too long
1
docs/diagrams/core-order.drawio
Executable file
1
docs/diagrams/core-order.drawio
Executable file
|
|
@ -0,0 +1 @@
|
|||
<mxfile host="app.diagrams.net" modified="2022-10-13T12:11:36.746Z" agent="5.0 (Windows)" etag="qIM9S_K3KBWfpHSqmD4a" version="20.4.0"><diagram id="C5RBs43oDa-KdzZeNtuy" name="Page-1">7Z1df6I4FIc/jZfdHxDevFSkrVuHzqjdrntHlVF20HQR2zqffkMhAglqtEJoYW4Gjrz/z3OScxJoCxjLtxvffl58gzPHa0nC7K0Fei1JkkRdR/+Flm1sAWo7ssx9dxbZxMQwcn87sVGIrRt35qwzGwYQeoH7nDVO4WrlTIOMzfZ9+Jrd7Cf0smd9tucOZRhNbY+2PrqzYBFZdUlL7LeOO1/gM4v4/pY23ji+k/XCnsHXlAmYLWD4EAbR0vLNcLzw6eHn8tjfPnqDX+rNnz/W/9kP3bux9ddVdLDrU3bZ3YLvrIKzD73a2Lf9lfFyfbUdXc2DjvjPuH8lg+jYL7a3iR9YfLPBFj9BZ4YeaLwK/WAB53Ble2Zi7fpws5o54XkEtJZsM4DwGRlFZPzXCYJt7B32JoDItAiWXvxrdM7wRIRoR+443m4NN/7UOXCbsYKB7c+d4NDjkHa6IiIcuHQCf4t29B3PDtyX7NXZsWfOd9slTx8txAKcIIaQo4XqoevtztwXtDgPFzuGYY5G+Ad0ntRvOZt3zZu+he1PPrkluT8pvechTkOJXxdu4Iye7ffH/IpiRZ6AL44fOG9nSEg/cRyA2nJ0nDj8KNHaa0KyiPFcpCjWhYIkwnh8cV5kRl6kPeqVw4tMafF42x+bg/5obKI19GyvKXH8BVw+bdbHPfqn63kG9KD/vh8QRUXVtNAOV0HKfv3+r0ACVFXIEHCF/T3NgJLDgAgKg4B+8F8Rgl135SgFgCcF+MBHmo3B0Oz0JiEVzI0B3Zh0LCsh68w2hZ3APaTtI7MoAvV29QhU60EgYCVQ4Uog3YnuDjrG3YUaoopgIO56WhXiQK8HBworBxpXDhRKjZuhOfliGAClehhoLF0A4/7BGg8nTWt/WF9Fr5y+oB5Zp9RmDHOAa9qJL/Mwbbuol5RfjhLXs0bdQe2BE9v8gatHhgtYM1zANcMFTBnuOcB1H6w7c2iZ49pBR/ZiqgBdXi+mfOjQY/W3f6dXJuHB/lDwau8tPni0to3XCoeVNRkG+gdhjXf9Dl104YnLCHLWZSRFyR4jurJ4N8IZdtfxAf/IG6uikB52xiYz/4P+t/64hn1cMpWvAv108niQfsd7gq9p8N8N6IfwcblT23sHdNYJh5CRderZ67U7zeqRjRXngu+8ucFuN7Sc2gutJTuFK2UFC5wRHq8YtPM9JeUIeX6AbR+NKaqWdUSF9K/oTqmYQh9JI1xaJscA90Qn5CD2NrXZc7jB+sAla8SAjKhmxt3RQnTIi8Y+WWmaQrKFYxnP55oogrzqJD0yY4373fuwB2rcmsYdc9tlmWavfk2X1q5cy4W7RRedt2Fava8zawMpQotU6rwNWW3iJxkWWeKnkK9zSfM7mPL+UQqVo1gZt53BwLRu9qYIZHzcuYDIECOzsRB1BAxVPxA7i8JPJgpqzNOm1MLwk7niJ1QMP4kVP670SSz0fR/en9SuDc0fD+ZofH6H5SsAydocFscj04Bhz7TYRwsbYdMq8lP2xBkRBZZRUoF2komzh8soeLkKZRSZtYyyr6NUThll97JF7IaA7EezVlEkorYByKTpQkUUmaw/KmXUUPLGbT9VhTHBYdJK6o2cKozMOcSeOUnloLErKOKyIBl5WdEgR6llsRg0qAJHGWgoeSWMBo2ip63yRUMjau9y+0w0dLL0LheDRlvggUZeEaJBo+iZrJxbDeFSrYZSTqshCjx6VEpeiaBho+gxW85skEO2pEuzsqGSzQYJ2aXYEAEPNk58s7rqbAh82WCdGsyZDfVIT4iZDTKjJ/tmn5uNE6fXNmwcYoN5Fi/ndIPwtLOn+mhkJl7UTB8+fapPPw+uUmx8jlScDPfntxtkAbegdqMt8kCDbT7VYHD/2Axb5XrznmErgN2N27CV0tTmecyPVPa8KlBSb5kojijnDlupwpGuxYWiHjlbGWglRD3MXAXQIEZ0RVY00t0BziO6CvPUYa4juoB412ZXkDwVDUAMJ8lKMWjIZMJaBhpasXnkCq6cg1yc0eFFh792w7ssZ/4CTx/WyfB+bqFQJI+EneviGR8gP7ZVxrsdGkvGV0pf5oPuWPHuxnE3Yq5AENGZtXJ9MY+hEyHrnvIZlDQEWS9ZBz785eBMIw5v6aQkNtmeO1+FroZkd5C9i+NjJ/5h6c5m7wE0L+HJ+mKroByGHHSmp1SqOa5U2EsgGp3A1E4SUSAjPl9NdLrnXD9NJL1amtDTKSbmqG6iKGK1RJEaUChN8mbpl6sKPYJcP1U08jslgLcqdM5ZP1XIRoU/K3QOVT9VBKFqqtCfqa1fY08WjfmrQr/8VTtWdLJcib+ozE0UOqWvISrkpzfxRCFeqrTpDLJ+qlBj/XidmypNDhmqIFdNliaLROmJVjVV6CyyhrAoxBdp+MtCp5GNLLtvqfGThc4jaygLFcS4y9IkknktfnGyoNXkDxtGw5bJ34cE5v8=</diagram></mxfile>
|
||||
1
docs/diagrams/integration-ansible.drawio
Normal file
1
docs/diagrams/integration-ansible.drawio
Normal file
File diff suppressed because one or more lines are too long
1
docs/diagrams/integration-autoconf.drawio
Normal file
1
docs/diagrams/integration-autoconf.drawio
Normal file
File diff suppressed because one or more lines are too long
1
docs/diagrams/integration-docker.drawio
Normal file
1
docs/diagrams/integration-docker.drawio
Normal file
File diff suppressed because one or more lines are too long
1
docs/diagrams/integration-kubernetes.drawio
Normal file
1
docs/diagrams/integration-kubernetes.drawio
Normal file
|
|
@ -0,0 +1 @@
|
|||
<mxfile host="app.diagrams.net" modified="2022-04-18T18:09:08.815Z" agent="5.0 (Windows)" etag="uCmxwbMvDXNNCQliGYIF" version="17.4.5"><diagram id="To2Da4PRRWEcok_Ws3eM" name="Page-1">7Vxtd6I4FP41fqyHFwP40aLOetrRbtvZmf2IEJEtEhdia/fXb4IBIYnjS8XiDJ6eCjchyM3zPCT3Blq6vVh/iZ3l/CvyYNjSFG/d0vstTVMV3SJf1PK+sQDT2Bj8OPBYpa3hKfgPZkcy6yrwYFKqiBEKcbAsG10URdDFJZsTx+itXG2GwvJZl44PBcOT64Si9Xvg4TmzqoqyLfgDBv6cndoCrGDhZJWZIZk7HnormPRBS7djhPBma7G2YUidl/llc9xwR2n+w2IY4UMOGGkTy5v/dzddjpcunPQj95+7G9YZr064Yhfc0oyQtHc7JRs+3bAn4+fHyT2p9XDfGw+ycnKivAq7QPyeeS1Gq8iD9MQqKX6bBxg+LR2Xlr4RnBDbHC9CVjwLwtBGIYrJfoQiUuk2wTF6gZmxpemqBgzTopVRhIfOIggpnmwUJSh0EmZ/Qqs4PcccYwIPDeg98o84hP6jFZK2j5AfQmcZJG0XLdICN0mrDmebVskm367sd7zCGAcEJr0w8CNShtEyd0SxT1g30epwXTCxPvoC0QLimJxWYaUdk+Hlndt/28IvZ8e8gDzVYEaHQd7P296igmwwYBwBEnU/SMaTPkGGQj3UAKRagKigDJBcYPYCpFMVQDrHAERrAHJZBakBQMAxABk3AKkWIGa3dgAxJQDhOpyMn5Z0cxbCdY+O7IgzYOSxzb5LnJkEbrnftyBROBQQRw+HBvkIUGD4uDQK5L0dOlMYPqAkwAGiVpf0OowL1e+5ClOEMTmffuuwdvIjyHf8/oO6og2y3b+ZZ9Kd/rq09872dgIOO7EP8f5xA/RKQ2wRlgXYAQnqMlsMQwcHr+WBuQyJ7AwPKCC/OEe9BkAJ9cJ4KUl7lR1VHEjzDell+phcOxu/CO2kvMiv+nSqWAJVRmN78nU0/kKsz4+94XBkC+QhyoDL1JCDXtRJAUc8UBeB59HTSDWYI+AOpbs0186goUAFbbVbwkFXVFFV7bYNTYS0DirS0e6HdZR1eyOiO0TUGwa0S34ujbWRvLJSqcA4TfK6yp6GKta8bDDSjA9+pfFBp1ZkASY3PtBPHB8A0GmrWrmtC48RVFnIpuHLlfMF1IovVvdM42lL3zEdvRRZtE8giweg5XV+G7IkpA9x5q1piNwX6sB1gH8wZ9HtlD1tDbDdLX/oTkafLe1KpGOHncK7JHPoToBc5f1MN8r81Exu0nEoPzvmnoaq5qcu8HM0fh48jnv3zYz3cjNe3VDaSvFjlFGR7X/m9FeVZSIaKW+knJPoKxtqGRY3QrK67RPFXIj9i01VLediMqiR88vLOcFUSc7VGqq5LCu0SQ1Sv21Tg0Wb4jnYuaHbN0nspkcZ/67QBjy0A6j7ifN3uD51fO72gtPzVrLT3n4b3w0evw9uC+lK2c8SzByyT05kFgH482xmaZJOP9cJWY2LQubyWgKpRIYrS1uqYjLm4mhUZg675WW23ZhN0ao8DR7/GtmDmgO0AsDo6qcDRpagqYGkHQOiKxe+M+AKaHUTIk1MkOTddNP79jyxJ+NhXXrgCm89fI9/vpJoshB/oyRXpiRWp3ZKIouG1xhDv9mQhgdMDYRIDM8K/t4Tc8uiSIdG3HZ0wa8acTs107grWlGK4DGnlRe2pDUOWeiyN5DGwgg1CaQBs9PmlgHqp6YtJW11ANdWxaE0bfdswgteM/W7W01hHEEMCYiV3sMoX3odS+6zheMEFjcxuOoXEQLTkuj5hQNvujibeISOR3n8Sq6WeMWmTUR+DKmLFCeiZS6KZoG/IF12fuCEcIYb2GSw4WL4epaQLWJGpqLneEJsqdg3nRvjTw9ptjdA7y8+nEufEDtuCHDkstPfbARwRM7NPC3nZu7LuclWvnJ39Qusrvi8xRQc5bSTM3D841mSps43bJCyVZzh9d8jAmwCSYptxYcRjB0Mc01fkT0K0WZAsF/ZBRmXsOLUNRZ6RzbZq25wIEXPx6d7jdafrPWZnh+n9WpdtB5chdbzAs1T6WClt/Y0VLHOi4uhGp2vh84bplY/YZc9pM0L+wvE7pz1RwEOnpPM835KezIp9yQn6ZplgoEmi6HO0g8pWVJWpJcIbskfvS+SH2grbUOnXy3Qp7NQWqCmZo2zdqXWtAm+ZndHw2Z6NCmXNKJyNs3i6pI/cnnsRrhY+/T1OO2XPBTTDlx6H7hdxqN0o08AeJ1YBlxEGkgi0qZsMmpVhOPd77RhCQw3h9s2mZDJiZBfGGVRjsMyCw1DKmNIEPm/4njvDBS0uOc8gXIYBa2q4kHisig7HWB8lQQHG8ZUxhh38QmEOe51JvUikqYCjkhiZNWSEIl/vPNsRPr48/xNbvWnoNkVD903RT53bvWQ6fVhydZPmzZziy0Bnww9OLFqcVlV/jZV8bT5DC8baEh3GOnUhnQffAibn3ydSjo+VgX4XGHVpBNTiH04CyIanIpXYbp2YUY6njgWTikXYfwauNTcxKqqnd+bahkZnQu/50gOF0kOK4OLu0qo7jRBzUsnrzSlnb3u+TJYIbvb9ydvlGj7Fmp98D8=</diagram></mxfile>
|
||||
1
docs/diagrams/integration-linux.drawio
Normal file
1
docs/diagrams/integration-linux.drawio
Normal file
File diff suppressed because one or more lines are too long
1
docs/diagrams/integration-swarm.drawio
Normal file
1
docs/diagrams/integration-swarm.drawio
Normal file
File diff suppressed because one or more lines are too long
1
docs/diagrams/intro-overview.drawio
Normal file
1
docs/diagrams/intro-overview.drawio
Normal file
File diff suppressed because one or more lines are too long
86
docs/index.md
Normal file
86
docs/index.md
Normal file
|
|
@ -0,0 +1,86 @@
|
|||
# Introduction
|
||||
|
||||
## Overview
|
||||
|
||||
<figure markdown>
|
||||
{ align=center, width="800" }
|
||||
<figcaption>Make your web services secure by default !</figcaption>
|
||||
</figure>
|
||||
|
||||
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
|
||||
|
||||
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](integrations.md#linux), [Docker](integrations.md#docker), [Swarm](integrations.md#swarm), [Kubernetes](integrations.md#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](web-ui.md) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
|
||||
|
||||
BunkerWeb contains primary [security features](security-tuning.md) as part of the core but can be easily extended with additional ones thanks to a [plugin system](plugins.md).
|
||||
|
||||
## Why BunkerWeb ?
|
||||
|
||||
- **Easy integration into existing environments** : Seamlessly integrate BunkerWeb into various environments such as Linux, Docker, Swarm, Kubernetes and more. Enjoy a smooth transition and hassle-free implementation.
|
||||
|
||||
- **Highly customizable** : Tailor BunkerWeb to your specific requirements with ease. Enable, disable, and configure features effortlessly, allowing you to customize the security settings according to your unique use case.
|
||||
|
||||
- **Secure by default** : BunkerWeb provides out-of-the-box, hassle-free minimal security for your web services. Experience peace of mind and enhanced protection right from the start.
|
||||
|
||||
- **Awesome web UI** : Take control of BunkerWeb more efficiently with the exceptional web user interface (UI). Navigate settings and configurations effortlessly through a user-friendly graphical interface, eliminating the need for the command-line interface (CLI).
|
||||
|
||||
- **Plugin system** : Extend the capabilities of BunkerWeb to meet your own use cases. Seamlessly integrate additional security measures and customize the functionality of BunkerWeb according to your specific requirements.
|
||||
|
||||
- **Free as in "freedom"** : BunkerWeb is licensed under the free [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html), embracing the principles of freedom and openness. Enjoy the freedom to use, modify, and distribute the software, backed by a supportive community.
|
||||
|
||||
- **Professional services** : Get technical support, tailored consulting and custom development directly from the maintainers of BunkerWeb. Visit the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) for more information.
|
||||
|
||||
## Security features
|
||||
|
||||
Explore the impressive array of security features offered by BunkerWeb. While not exhaustive, here are some notable highlights:
|
||||
|
||||
- **HTTPS** support with transparent **Let's Encrypt** automation : Easily secure your web services with automated Let's Encrypt integration, ensuring encrypted communication between clients and your server.
|
||||
|
||||
- **State-of-the-art web security** : Benefit from cutting-edge web security measures, including comprehensive HTTP security headers, prevention of data leaks, and TLS hardening techniques.
|
||||
|
||||
- Integrated **ModSecurity WAF** with the **OWASP Core Rule Set** : Enjoy enhanced protection against web application attacks with the integration of ModSecurity, fortified by the renowned OWASP Core Rule Set.
|
||||
|
||||
- **Automatic ban** of strange behaviors based on HTTP status code : BunkerWeb intelligently identifies and blocks suspicious activities by automatically banning behaviors that trigger abnormal HTTP status codes.
|
||||
|
||||
- Apply **connections and requests limit** for clients : Set limits on the number of connections and requests from clients, preventing resource exhaustion and ensuring fair usage of server resources.
|
||||
|
||||
- **Block bots** with **challenge-based verification** : Keep malicious bots at bay by challenging them to solve puzzles such as cookies, JavaScript tests, captcha, hCaptcha, reCAPTCHA or Turnstile, effectively blocking unauthorized access.
|
||||
|
||||
- **Block known bad IPs** with external blacklists and DNSBL : Utilize external blacklists and DNS-based blackhole lists (DNSBL) to proactively block known malicious IP addresses, bolstering your defense against potential threats.
|
||||
|
||||
- **And much more...** : BunkerWeb is packed with a plethora of additional security features that go beyond this list, providing you with comprehensive protection and peace of mind.
|
||||
|
||||
To delve deeper into the core security features, we invite you to explore the [security tuning](security-tuning.md) section of the documentation. Discover how BunkerWeb empowers you to fine-tune and optimize security measures according to your specific needs.
|
||||
|
||||
## Demo
|
||||
|
||||
<p align="center">
|
||||
<iframe style="display: block;" width="560" height="315" data-src="https://www.youtube-nocookie.com/embed/ZhYV-QELzA4" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
</p>
|
||||
|
||||
A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=doc). Feel free to visit it and perform some security tests.
|
||||
|
||||
## Professional services
|
||||
|
||||
Get the most of BunkerWeb by getting professional services directly from the maintainers of the project. From technical support to tailored consulting and development, we are here to assist you in the security of your web services.
|
||||
|
||||
You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc), our dedicated platform for professional services.
|
||||
|
||||
Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question, we will be more than happy to respond to your needs.
|
||||
|
||||
## Ecosystem, community and resources
|
||||
|
||||
Official websites, tools and resources about BunkerWeb :
|
||||
|
||||
- [**Website**](https://www.bunkerweb.io/?utm_campaign=self&utm_source=doc) : get more information, news and articles about BunkerWeb
|
||||
- [**Panel**](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) : dedicated platform to order and manage professional services (e.g. technical support) around BunkerWeb
|
||||
- [**Documentation**](https://docs.bunkerweb.io) : technical documentation of the BunkerWeb solution
|
||||
- [**Demo**](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=doc) : demonstration website of BunkerWeb, don't hesitate to attempt attacks to test the robustness of the solution
|
||||
- [**Configurator**](https://config.bunkerweb.io/?utm_campaign=self&utm_source=doc) : user-friendly tool to help you configure BunkerWeb
|
||||
- [**Threatmap**](https://threatmap.bunkerweb.io/?utm_campaign=self&utm_source=doc) : live cyber attack blocked by BunkerWeb instances all around the world
|
||||
|
||||
Community and social networks :
|
||||
|
||||
- [**Discord**](https://discord.com/invite/fTf46FmtyD)
|
||||
- [**LinkedIn**](https://www.linkedin.com/company/bunkerity/)
|
||||
- [**Twitter**](https://twitter.com/bunkerity)
|
||||
- [**Reddit**](https://www.reddit.com/r/BunkerWeb/)
|
||||
1256
docs/integrations.md
Normal file
1256
docs/integrations.md
Normal file
File diff suppressed because it is too large
Load diff
89
docs/json2md.py
Executable file
89
docs/json2md.py
Executable file
|
|
@ -0,0 +1,89 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from io import StringIO
|
||||
from json import loads
|
||||
from glob import glob
|
||||
from pathlib import Path
|
||||
from pytablewriter import MarkdownTableWriter
|
||||
|
||||
|
||||
def print_md_table(settings) -> MarkdownTableWriter:
|
||||
writer = MarkdownTableWriter(
|
||||
headers=["Setting", "Default", "Context", "Multiple", "Description"],
|
||||
value_matrix=[
|
||||
[
|
||||
f"`{setting}`",
|
||||
"" if data["default"] == "" else f"`{data['default']}`",
|
||||
data["context"],
|
||||
"no" if "multiple" not in data else "yes",
|
||||
data["help"],
|
||||
]
|
||||
for setting, data in settings.items()
|
||||
],
|
||||
)
|
||||
return writer
|
||||
|
||||
|
||||
def stream_support(support) -> str:
|
||||
md = "STREAM support "
|
||||
if support == "no":
|
||||
md += ":x:"
|
||||
elif support == "yes":
|
||||
md += ":white_check_mark:"
|
||||
else:
|
||||
md += ":warning:"
|
||||
return md
|
||||
|
||||
|
||||
doc = StringIO()
|
||||
|
||||
print("# Settings\n", file=doc)
|
||||
print(
|
||||
'!!! info "Settings generator tool"\n\n To help you tune BunkerWeb, we have made an easy-to-use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=doc).\n',
|
||||
file=doc,
|
||||
)
|
||||
print(
|
||||
"This section contains the full list of settings supported by BunkerWeb."
|
||||
+ " If you are not yet familiar with BunkerWeb, you should first read the [concepts](concepts.md) section of the documentation."
|
||||
+ " Please follow the instructions for your own [integration](integrations.md) on how to apply the settings.\n",
|
||||
file=doc,
|
||||
)
|
||||
print(
|
||||
"As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server, you will need to add the primary"
|
||||
+ " (first) server name as a prefix like `www.example.com_USE_ANTIBOT=captcha` or `myapp.example.com_USE_GZIP=yes` for example.\n",
|
||||
file=doc,
|
||||
)
|
||||
print(
|
||||
'When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`,'
|
||||
+ " `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.\n",
|
||||
file=doc,
|
||||
)
|
||||
|
||||
# Print global settings
|
||||
print("## Global settings\n", file=doc)
|
||||
print(f"\n{stream_support('partial')}\n", file=doc)
|
||||
with open("src/common/settings.json", "r") as f:
|
||||
print(print_md_table(loads(f.read())), file=doc)
|
||||
print(file=doc)
|
||||
|
||||
# Print core settings
|
||||
print("## Core settings\n", file=doc)
|
||||
core_settings = {}
|
||||
for core in glob("src/common/core/*/plugin.json"):
|
||||
with open(core, "r") as f:
|
||||
core_plugin = loads(f.read())
|
||||
if len(core_plugin["settings"]) > 0:
|
||||
core_settings[core_plugin["name"]] = core_plugin
|
||||
|
||||
for name, data in dict(sorted(core_settings.items())).items():
|
||||
print(f"### {data['name']}\n", file=doc)
|
||||
print(f"{stream_support(data['stream'])}\n", file=doc)
|
||||
print(f"{data['description']}\n", file=doc)
|
||||
print(print_md_table(data["settings"]), file=doc)
|
||||
|
||||
doc.seek(0)
|
||||
content = doc.read()
|
||||
doc = StringIO(content.replace("\\|", "|"))
|
||||
doc.seek(0)
|
||||
|
||||
Path("docs", "settings.md").write_text(doc.read(), encoding="utf-8")
|
||||
41
docs/migrating.md
Normal file
41
docs/migrating.md
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
# Migrating from 1.4.X
|
||||
|
||||
!!! warning "Read this if you were a 1.4.X user"
|
||||
|
||||
A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) folder of the repository.
|
||||
|
||||
## Scheduler
|
||||
|
||||
Back to the 1.4.X releases, jobs (like Let's Encrypt certificate generation/renewal or blacklists download) **were executed in the same container as BunkerWeb**. For the purpose of [separation of concerns](https://en.wikipedia.org/wiki/Separation_of_concerns), we decided to create a **separate service** which is now responsible for managing jobs.
|
||||
|
||||
Called **Scheduler**, this service also generates the final configuration used by BunkerWeb and acts as an intermediary between autoconf and BunkerWeb. In other words, the scheduler is the **brain of the BunkerWeb 1.5.X stack**.
|
||||
|
||||
You will find more information about the scheduler [here](concepts.md#scheduler).
|
||||
|
||||
## Database
|
||||
|
||||
BunkerWeb configuration is **no more stored in a plain file** (located at `/etc/nginx/variables.env` if you didn't know it). That's it, we now support a **fully-featured database as a backend** to store settings, cache, custom configs, ... 🥳
|
||||
|
||||
Using a real database offers many advantages :
|
||||
|
||||
- Backup of the current configuration
|
||||
- Usage with multiple services (scheduler, web UI, ...)
|
||||
- Upgrade to a new BunkerWeb version
|
||||
|
||||
Please note that we actually support, **SQLite**, **MySQL**, **MariaDB** and **PostgreSQL** as backends.
|
||||
|
||||
You will find more information about the database [here](concepts.md#database).
|
||||
|
||||
## Redis
|
||||
|
||||
When BunkerWeb 1.4.X was used in cluster mode (Swarm or Kubernetes integrations), **data were not shared among the nodes**. For example, if an attacker was banned via the "bad behavior" feature on a specific node, **he could still connect to the other nodes**.
|
||||
|
||||
Security is not the only reason to have a shared data store for clustered integrations, **caching** is also another one. We can now **store results** of time-consuming operations like (reverse) dns lookups so they are **available for other nodes**.
|
||||
|
||||
We actually support **Redis** as a backend for the shared data store.
|
||||
|
||||
See the list of [redis settings](settings.md#redis) and the corresponding documentation of your integration for more information.
|
||||
|
||||
## Default values and new settings
|
||||
|
||||
The default value of some settings have changed and we have added many other settings, we recommend you read the [security tuning](security-tuning.md) and [settings](settings.md) sections of the documentation.
|
||||
49
docs/misc/pdf.js
Normal file
49
docs/misc/pdf.js
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
const puppeteer = require('puppeteer');
|
||||
var args = process.argv.slice(2);
|
||||
var url = args[0];
|
||||
var pdfPath = args[1];
|
||||
var title = args[2];
|
||||
|
||||
console.log('Saving', url, 'to', pdfPath);
|
||||
|
||||
// date – formatted print date
|
||||
// title – document title
|
||||
// url – document location
|
||||
// pageNumber – current page number
|
||||
// totalPages – total pages in the document
|
||||
headerHtml = `
|
||||
<div style="font-size: 10px; text-align: center; width: 100%;">
|
||||
<span>${title}</span>
|
||||
</div>`;
|
||||
|
||||
footerHtml = `<div style="font-size: 10px; text-align: center; width: 100%;"><span class="pageNumber"></span> / <span class="totalPages"></span></div>`;
|
||||
|
||||
|
||||
(async() => {
|
||||
const browser = await puppeteer.launch({
|
||||
headless: true,
|
||||
executablePath: process.env.CHROME_BIN || null,
|
||||
args: ['--no-sandbox', '--headless', '--disable-gpu', '--disable-dev-shm-usage']
|
||||
});
|
||||
|
||||
const page = await browser.newPage();
|
||||
await page.goto(url, { waitUntil: 'networkidle2' });
|
||||
await page.pdf({
|
||||
path: pdfPath, // path to save pdf file
|
||||
format: 'A4', // page format
|
||||
displayHeaderFooter: true, // display header and footer (in this example, required!)
|
||||
printBackground: true, // print background
|
||||
landscape: false, // use horizontal page layout
|
||||
headerTemplate: headerHtml, // indicate html template for header
|
||||
footerTemplate: footerHtml,
|
||||
scale: 1, //Scale amount must be between 0.1 and 2
|
||||
margin: { // increase margins (in this example, required!)
|
||||
top: 80,
|
||||
bottom: 80,
|
||||
left: 30,
|
||||
right: 30
|
||||
}
|
||||
});
|
||||
|
||||
await browser.close();
|
||||
})();
|
||||
34
docs/overrides/main.html
Normal file
34
docs/overrides/main.html
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
{% extends "base.html" %} {% block outdated %} You're not viewing the
|
||||
documentation of the latest version.
|
||||
<a href="{{ '../' ~ base_url }}">
|
||||
<strong>Click here to view latest.</strong>
|
||||
</a>
|
||||
{% endblock %} {% block announce %} 📢 Looking for technical support, tailored
|
||||
consulting or custom development for BunkerWeb ? Visit the
|
||||
<a
|
||||
href="https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc"
|
||||
style="color: #3f6ec6; text-decoration: underline"
|
||||
>BunkerWeb Panel</a
|
||||
>
|
||||
for more information on our enterprise offers. {% endblock %} {% block libs %}
|
||||
<script
|
||||
async
|
||||
defer
|
||||
data-domain="docs.bunkerweb.io"
|
||||
src="https://data.bunkerity.com/js/script.js"
|
||||
></script>
|
||||
<script defer>
|
||||
// Lazy load images and embed youtube videos
|
||||
window.addEventListener("load", () => {
|
||||
document.querySelectorAll("[data-src]").forEach((el) => {
|
||||
el.setAttribute("src", el.getAttribute("data-src"));
|
||||
});
|
||||
});
|
||||
// Add missing label
|
||||
try {
|
||||
document
|
||||
.querySelector('div.md-search[data-md-component="search"][role="dialog"]')
|
||||
.setAttribute("aria-label", "Search in documentation");
|
||||
} catch (err) {}
|
||||
</script>
|
||||
{% endblock %}
|
||||
557
docs/plugins.md
Normal file
557
docs/plugins.md
Normal file
|
|
@ -0,0 +1,557 @@
|
|||
# Plugins
|
||||
|
||||
BunkerWeb comes with a plugin system making it possible to easily add new features. Once a plugin is installed, you can manage it using additional settings defined by the plugin.
|
||||
|
||||
## Official plugins
|
||||
|
||||
Here is the list of "official" plugins that we maintain (see the [bunkerweb-plugins](https://github.com/bunkerity/bunkerweb-plugins) repository for more information) :
|
||||
|
||||
| Name | Version | Description | Link |
|
||||
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
|
||||
| **ClamAV** | 1.3 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
|
||||
| **Coraza** | 1.3 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
|
||||
| **CrowdSec** | 1.3 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
|
||||
| **Discord** | 1.3 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
|
||||
| **Slack** | 1.3 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
|
||||
| **VirusTotal** | 1.3 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
|
||||
| **WebHook** | 1.3 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/webhook](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
|
||||
|
||||
## How to use a plugin
|
||||
|
||||
### Automatic
|
||||
|
||||
If you want to quickly install external plugins, you can use the `EXTERNAL_PLUGIN_URLS` setting. It takes a list of URLs, separated with space, pointing to compressed (zip format) archive containing one or more plugin(s).
|
||||
|
||||
You can use the following value if you want to automatically install the official plugins : `EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v1.3.zip`
|
||||
|
||||
### Manual
|
||||
|
||||
The first step is to install the plugin by putting the plugin files inside the corresponding `plugins` data folder, the procedure depends on your integration :
|
||||
|
||||
=== "Docker"
|
||||
|
||||
When using the [Docker integration](integrations.md#docker), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
|
||||
|
||||
The first thing to do is to create the plugins folder :
|
||||
|
||||
```shell
|
||||
mkdir -p ./bw-data/plugins
|
||||
```
|
||||
|
||||
Then, you can drop the plugins of your choice into that folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* ./bw-data/plugins
|
||||
```
|
||||
|
||||
Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
|
||||
|
||||
```shell
|
||||
chown -R 101:101 ./bw-data
|
||||
```
|
||||
|
||||
Then you can mount the volume when starting your Docker stack :
|
||||
|
||||
```yaml
|
||||
version: '3.5'
|
||||
services:
|
||||
...
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.5
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
```
|
||||
|
||||
=== "Docker autoconf"
|
||||
|
||||
When using the [Docker autoconf integration](integrations.md#docker-autoconf), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
|
||||
|
||||
|
||||
The first thing to do is to create the plugins folder :
|
||||
|
||||
```shell
|
||||
mkdir -p ./bw-data/plugins
|
||||
```
|
||||
|
||||
Then, you can drop the plugins of your choice into that folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* ./bw-data/plugins
|
||||
```
|
||||
|
||||
Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
|
||||
|
||||
```shell
|
||||
chown -R 101:101 ./bw-data
|
||||
```
|
||||
|
||||
Then you can mount the volume when starting your Docker stack :
|
||||
|
||||
```yaml
|
||||
version: '3.5'
|
||||
services:
|
||||
...
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.5
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
```
|
||||
|
||||
=== "Swarm"
|
||||
|
||||
When using the [Swarm integration](integrations.md#swarm), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
|
||||
|
||||
!!! info "Swarm volume"
|
||||
Configuring a Swarm volume that will persist when the scheduler service is running on different nodes is not covered is in this documentation. We will assume that you have a shared folder mounted on `/shared` across all nodes.
|
||||
|
||||
The first thing to do is to create the plugins folder :
|
||||
|
||||
```shell
|
||||
mkdir -p /shared/bw-plugins
|
||||
```
|
||||
|
||||
Then, you can drop the plugins of your choice into that folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* /shared/bw-plugins
|
||||
```
|
||||
|
||||
Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
|
||||
|
||||
```shell
|
||||
chown -R 101:101 /shared/bw-plugins
|
||||
```
|
||||
|
||||
Then you can mount the volume when starting your Swarm stack :
|
||||
|
||||
```yaml
|
||||
version: '3.5'
|
||||
services:
|
||||
...
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.5
|
||||
volumes:
|
||||
- /shared/bw-plugins:/data/plugins
|
||||
...
|
||||
```
|
||||
|
||||
=== "Kubernetes"
|
||||
|
||||
When using the [Kubernetes integration](integrations.md#kubernetes), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
|
||||
|
||||
The fist thing to do is to declare a [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that will contain our plugins data :
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb-plugins
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
```
|
||||
|
||||
You can now add the volume mount and an init containers to automatically provision the volume :
|
||||
|
||||
```yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-scheduler
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-scheduler
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-scheduler
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.5
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
volumeMounts:
|
||||
- mountPath: "/data/plugins"
|
||||
name: vol-plugins
|
||||
initContainers:
|
||||
- name: bunkerweb-scheduler-init
|
||||
image: alpine/git
|
||||
command: ["/bin/sh", "-c"]
|
||||
args: ["git clone https://github.com/bunkerity/bunkerweb-plugins /data/plugins && chown -R 101:101 /data/plugins"]
|
||||
volumeMounts:
|
||||
- mountPath: "/data/plugins"
|
||||
name: vol-plugins
|
||||
volumes:
|
||||
- name: vol-plugins
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb-plugins
|
||||
```
|
||||
|
||||
=== "Linux"
|
||||
|
||||
When using the [Linux integration](integrations.md#linux), plugins must be written to the `/etc/bunkerweb/plugins` folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* /etc/bunkerweb/plugins && \
|
||||
chown -R nginx:nginx /etc/bunkerweb/plugins
|
||||
```
|
||||
|
||||
=== "Ansible"
|
||||
|
||||
When using the [Ansible integration](integrations.md#ansible), you can use the `plugins` variable to set a local folder containing your plugins that will be copied to your BunkerWeb instances.
|
||||
|
||||
Let's assume that you have plugins inside the `bunkerweb-plugins` folder :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins
|
||||
```
|
||||
|
||||
In your Ansible inventory, you can use the `plugins` variable to set the path of plugins folder :
|
||||
|
||||
```ini
|
||||
[mybunkers]
|
||||
192.168.0.42 ... custom_plugins="{{ playbook_dir }}/bunkerweb-plugins"
|
||||
```
|
||||
|
||||
Or alternatively, in your playbook file :
|
||||
|
||||
```yaml
|
||||
- hosts: all
|
||||
become: true
|
||||
vars:
|
||||
- custom_plugins: "{{ playbook_dir }}/bunkerweb-plugins"
|
||||
roles:
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
Run the playbook :
|
||||
|
||||
```shell
|
||||
ansible-playbook -i inventory.yml playbook.yml
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
When using the [Vagrant integration](integrations.md#vagrant), plugins must be written to the `/etc/bunkerweb/plugins` folder (you will need to do a `vagrant ssh` first) :
|
||||
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* /etc/bunkerweb/plugins
|
||||
```
|
||||
|
||||
## Writing a plugin
|
||||
|
||||
!!! tip "Existing plugins"
|
||||
|
||||
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
|
||||
|
||||
The first step is to create a folder that will contain the plugin :
|
||||
|
||||
```shell
|
||||
mkdir myplugin && \
|
||||
cd myplugin
|
||||
```
|
||||
|
||||
### Metadata
|
||||
|
||||
A file named **plugin.json** and written at the root of the plugin folder must contain metadata about the plugin. Here is an example :
|
||||
|
||||
```json
|
||||
{
|
||||
"id": "myplugin",
|
||||
"name": "My Plugin",
|
||||
"description": "Just an example plugin.",
|
||||
"version": "1.0",
|
||||
"stream": "partial",
|
||||
"settings": {
|
||||
"DUMMY_SETTING": {
|
||||
"context": "multisite",
|
||||
"default": "1234",
|
||||
"help": "Here is the help of the setting.",
|
||||
"id": "dummy-id",
|
||||
"label": "Dummy setting",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
}
|
||||
},
|
||||
"jobs": [
|
||||
{
|
||||
"name": "my-job",
|
||||
"file": "my-job.py",
|
||||
"every": "hour"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Here are the details of the fields :
|
||||
|
||||
| Field | Mandatory | Type | Description |
|
||||
| :-----------: | :-------: | :----: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `id` | yes | string | Internal ID for the plugin : must be unique among other plugins (including "core" ones) and contain only lowercase chars. |
|
||||
| `name` | yes | string | Name of your plugin. |
|
||||
| `description` | yes | string | Description of your plugin. |
|
||||
| `version` | yes | string | Version of your plugin. |
|
||||
| `stream` | yes | string | Information about stream support : `no`, `yes` or `partial`.
|
||||
| `settings` | yes | dict | List of the settings of your plugin. |
|
||||
| `jobs` | no | list | List of the jobs of your plugin. |
|
||||
|
||||
Each setting has the following fields (the key is the ID of the settings used in a configuration) :
|
||||
|
||||
| Field | Mandatory | Type | Description |
|
||||
| :--------: | :-------: | :----: | :----------------------------------------------------------- |
|
||||
| `context` | yes | string | Context of the setting : `multisite` or `global`. |
|
||||
| `default` | yes | string | The default value of the setting. |
|
||||
| `help` | yes | string | Help text about the plugin (shown in web UI). |
|
||||
| `id` | yes | string | Internal ID used by the web UI for HTML elements. |
|
||||
| `label` | yes | string | Label shown by the web UI. |
|
||||
| `regex` | yes | string | The regex used to validate the value provided by the user. |
|
||||
| `type` | yes | string | The type of the field : `text`, `check`, `select` or `password`. |
|
||||
| `multiple` | no | string | Unique ID to group multiple settings with numbers as suffix. |
|
||||
| `select` | no | list | List of possible string values when `type` is `select`. |
|
||||
|
||||
Each job has the following fields :
|
||||
|
||||
| Field | Mandatory | Type | Description |
|
||||
| :-----: | :-------: | :----: | :-------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `name` | yes | string | Name of the job. |
|
||||
| `file` | yes | string | Name of the file inside the jobs folder. |
|
||||
| `every` | yes | string | Job scheduling frequency : `minute`, `hour`, `day`, `week` or `once` (no frequency, only once before (re)generating the configuration). |
|
||||
|
||||
### Configurations
|
||||
|
||||
You can add custom NGINX configurations by adding a folder named **confs** with content similar to the [custom configurations](quickstart-guide.md#custom-configurations). Each subfolder inside the **confs** will contain [jinja2](https://jinja.palletsprojects.com) templates that will be generated and loaded at the corresponding context (`http`, `server-http`, `default-server-http`, `stream` and `server-stream`).
|
||||
|
||||
Here is an example for a configuration template file inside the **confs/server-http** folder named **example.conf** :
|
||||
|
||||
```conf
|
||||
location /setting {
|
||||
default_type 'text/plain';
|
||||
content_by_lua_block {
|
||||
ngx.say('{{ DUMMY_SETTING }}')
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
`{{ DUMMY_SETTING }}` will be replaced by the value of the `DUMMY_SETTING` chosen by the user of the plugin.
|
||||
|
||||
### LUA
|
||||
|
||||
#### Main script
|
||||
|
||||
Under the hood, BunkerWeb is using the [NGINX LUA module](https://github.com/openresty/lua-nginx-module) to execute code within NGINX. Plugins that need to execute code must provide a lua file at the root directory of the plugin folder using the `id` value of **plugin.json** as its name. Here is an example named **myplugin.lua** :
|
||||
|
||||
```lua
|
||||
local class = require "middleclass"
|
||||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
|
||||
|
||||
local myplugin = class("myplugin", plugin)
|
||||
|
||||
|
||||
function myplugin:initialize()
|
||||
plugin.initialize(self, "myplugin")
|
||||
self.dummy = "dummy"
|
||||
end
|
||||
|
||||
function myplugin:init()
|
||||
self.logger:log(ngx.NOTICE, "init called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:set()
|
||||
self.logger:log(ngx.NOTICE, "set called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:access()
|
||||
self.logger:log(ngx.NOTICE, "access called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:log()
|
||||
self.logger:log(ngx.NOTICE, "log called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:log_default()
|
||||
self.logger:log(ngx.NOTICE, "log_default called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:preread()
|
||||
self.logger:log(ngx.NOTICE, "preread called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
function myplugin:log_stream()
|
||||
self.logger:log(ngx.NOTICE, "log_stream called")
|
||||
return self:ret(true, "success")
|
||||
end
|
||||
|
||||
return myplugin
|
||||
```
|
||||
|
||||
The declared functions are automatically called during specific contexts. Here are the details of each function :
|
||||
|
||||
| Function | Context | Description | Return value |
|
||||
| :------: | :--------------------------------------------------------------------------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `init` | [init_by_lua](https://github.com/openresty/lua-nginx-module#init_by_lua) | Called when NGINX just started or received a reload order. the typical use case is to prepare any data that will be used by your plugin. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul>|
|
||||
| `set` | [set_by_lua](https://github.com/openresty/lua-nginx-module#set_by_lua) | Called before each request received by the server.The typical use case is for computing before access phase. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul>|
|
||||
| `access` | [access_by_lua](https://github.com/openresty/lua-nginx-module#access_by_lua) | Called on each request received by the server. The typical use case is to do the security checks here and deny the request if needed. | `ret`, `msg`,`status`,`redirect`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li><li>`status` (number) : interrupt current process and return [HTTP status](https://github.com/openresty/lua-nginx-module#http-status-constants)</li><li>`redirect` (URL) : if set will redirect to given URL</li></ul> |
|
||||
| `log` | [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua) | Called when a request has finished (and before it gets logged to the access logs). The typical use case is to make stats or compute counters for example. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul> |
|
||||
| `log_default` | [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua) | Same as `log` but only called on the default server. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul> |
|
||||
| `preread` | [preread_by_lua](https://github.com/openresty/stream-lua-nginx-module#preread_by_lua_block) | Similar to the `access` function but for stream mode. | `ret`, `msg`,`status`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li><li>`status` (number) : interrupt current process and return [status](https://github.com/openresty/lua-nginx-module#http-status-constants)</li></ul> |
|
||||
| `log_stream` | [log_by_lua](https://github.com/openresty/stream-lua-nginx-module#log_by_lua_block) | Similar to the `log` function but for stream mode. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul> |
|
||||
|
||||
#### Libraries
|
||||
|
||||
All directives from [NGINX LUA module](https://github.com/openresty/lua-nginx-module) and are available and [NGINX stream LUA module](https://github.com/openresty/stream-lua-nginx-module). On top of that, you can use the LUA libraries included within BunkerWeb : see [this script](https://github.com/bunkerity/bunkerweb/blobsrc/deps/clone.sh) for the complete list.
|
||||
|
||||
If you need additional libraries, you can put them in the root folder of the plugin and access them by prefixing them with your plugin ID. Here is an example file named **mylibrary.lua** :
|
||||
|
||||
```lua
|
||||
local _M = {}
|
||||
|
||||
_M.dummy = function ()
|
||||
return "dummy"
|
||||
end
|
||||
|
||||
return _M
|
||||
```
|
||||
|
||||
And here is how you can use it from the **myplugin.lua** file :
|
||||
|
||||
```lua
|
||||
local mylibrary = require "myplugin.mylibrary"
|
||||
|
||||
...
|
||||
|
||||
mylibrary.dummy()
|
||||
|
||||
...
|
||||
```
|
||||
|
||||
#### Helpers
|
||||
|
||||
Some helpers modules provide common helpful helpers :
|
||||
|
||||
- `self.variables` : allows to access and store plugins' attributes
|
||||
- `self.logger` : print logs
|
||||
- `bunkerweb.utils` : various useful functions
|
||||
- `bunkerweb.datastore` : access the global shared data on one instance (key/value store)
|
||||
- `bunkerweb.clusterstore` : access a Redis data store shared between BunkerWeb instances (key/value store)
|
||||
|
||||
To access the functions, you first need to **require** the modules :
|
||||
|
||||
```lua
|
||||
local utils = require "bunkerweb.utils"
|
||||
local datastore = require "bunkerweb.datastore"
|
||||
local clustestore = require "bunkerweb.clustertore"
|
||||
```
|
||||
|
||||
Retrieve a setting value :
|
||||
|
||||
```lua
|
||||
local myvar = self.variables["DUMMY_SETTING"]
|
||||
if not myvar then
|
||||
self.logger:log(ngx.ERR, "can't retrieve setting DUMMY_SETTING")
|
||||
else
|
||||
self.logger:log(ngx.NOTICE, "DUMMY_SETTING = " .. value)
|
||||
end
|
||||
```
|
||||
|
||||
Store something in the local cache :
|
||||
|
||||
```lua
|
||||
local ok, err = self.datastore:set("plugin_myplugin_something", "somevalue")
|
||||
if not ok then
|
||||
self.logger:log(ngx.ERR, "can't save plugin_myplugin_something into datastore : " .. err)
|
||||
else
|
||||
self.logger:log(ngx.NOTICE, "successfully saved plugin_myplugin_something into datastore")
|
||||
end
|
||||
```
|
||||
|
||||
Check if an IP address is global :
|
||||
|
||||
```lua
|
||||
local ret, err = utils.ip_is_global(ngx.ctx.bw.remote_addr)
|
||||
if ret == nil then
|
||||
self.logger:log(ngx.ERR, "error while checking if IP " .. ngx.ctx.bw.remote_addr .. " is global or not : " .. err)
|
||||
elseif not ret then
|
||||
self.logger:log(ngx.NOTICE, "IP " .. ngx.ctx.bw.remote_addr .. " is not global")
|
||||
else
|
||||
self.logger:log(ngx.NOTICE, "IP " .. ngx.ctx.bw.remote_addr .. " is global")
|
||||
end
|
||||
```
|
||||
|
||||
!!! tip "More examples"
|
||||
|
||||
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/src/bw/lua/bunkerweb) of the repository.
|
||||
|
||||
### Jobs
|
||||
|
||||
BunkerWeb uses an internal job scheduler for periodic tasks like renewing certificates with certbot, downloading blacklists, downloading MMDB files, ... You can add tasks of your choice by putting them inside a subfolder named **jobs** and listing them in the **plugin.json** metadata file. Don't forget to add the execution permissions for everyone to avoid any problems when a user is cloning and installing your plugin.
|
||||
|
||||
### Plugin page
|
||||
|
||||
Plugin pages are used to display information about your plugin and interact with the user inside the plugins section of the [web UI](web-ui.md).
|
||||
|
||||
Everything related to the web UI is located inside a subfolder named **ui** at the root directory of your plugin. A template file named **template.html** and located inside the **ui** subfolder contains the client code and logic to display your page. Another file named **actions.py** and also located inside the **ui** subfolder contains code that will be executed when the user is interacting with your page (filling a form for example).
|
||||
|
||||
!!! info "Jinja 2 template"
|
||||
The **template.html** file is a Jinja2 template, please refer to the [Jinja2 documentation](https://jinja.palletsprojects.com) if needed.
|
||||
|
||||
A plugin page can have a form that is used to submit data to the plugin. To get the values of the form, you need to put a **actions.py** file in the **ui** folder. Inside the file, **you must define a function that has the same name as the plugin**. This function will be called when the form is submitted. You can then use the **request** object (from the [Flask library](https://flask.palletsprojects.com)) to get the values of the form. The form's action must finish with **/plugins/<*plugin_id*>**. The helper function `url_for` will generate for you the prefix of the URL : `{{ url_for('plugins') }}/plugin_id`.
|
||||
|
||||
If you want to display variables generated from your **actions.py** in your template file, you can return a dictionary with variables name as keys and variables value as values. Here is dummy example where we return a single variable :
|
||||
|
||||
```python
|
||||
def myplugin() :
|
||||
return {"foo": "bar"}
|
||||
```
|
||||
|
||||
And we display it in the **template.html** file :
|
||||
```html
|
||||
{% if foo %}
|
||||
Content of foo is : {{ foo }}.
|
||||
{% endif %}
|
||||
```
|
||||
|
||||
Please note that every form submission is protected via a CSRF token, you will need to include the following snippet into your forms :
|
||||
```html
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
|
||||
```
|
||||
|
||||
Retrieving user submitted data is pretty simple, thanks to the request module provided by Flask :
|
||||
|
||||
```python
|
||||
from flask import request
|
||||
|
||||
def myplugin() :
|
||||
my_form_value = request.form["my_form_input"]
|
||||
```
|
||||
|
||||
!!! info "Python libraries"
|
||||
You can use Python libraries that are already available like :
|
||||
`Flask`, `Flask-Login`, `Flask-WTF`, `beautifulsoup4`, `docker`, `Jinja2`, `python-magic` and `requests`. To see the full list, you can have a look at the Web UI [requirements.txt](https://github.com/bunkerity/bunkerweb/blobsrc/ui/requirements.txt). If you need external libraries, you can install them inside the **ui** folder of your plugin and then use the classical **import** directive.
|
||||
30
docs/professional-services.md
Normal file
30
docs/professional-services.md
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
# Professional services
|
||||
|
||||
## Why should I get professional services ?
|
||||
|
||||
Since BunkerWeb is a free (as in freedom) software, you've the right to use it freely as long as you respect the [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html).
|
||||
|
||||
But dedicating time to a specific technology may not be easy depending on your business priorities. Not mentioning that cybersecurity is complex domain where being both judge and jury is not recommended.
|
||||
|
||||
Getting professional services in addition to the open-source solution is the ideal solution to cover your business needs. You can focus on your top priorities and rely on a trusted partner when it comes to web security.
|
||||
|
||||
Please note that professionnal services are directly offered by [Bunkerity](https://www.bunkerity.com/?utm_campaign=self&utm_source=doc), the company maintaining the BunkerWeb project, through our [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) online platform.
|
||||
|
||||
## Which professional services do you offer ?
|
||||
|
||||
We offer technical support around the BunkerWeb solution. By using this service, we will assist you on the technical issues (installation, configuration, false positive, ...).
|
||||
|
||||
According to your needs you have the choice between "one time" and subscriptions offers.
|
||||
|
||||
One important thing to note is that the support service is based on "credit" system where you pay for a number of support hours dedicated for you. Time passed on your requests will be deducted to your credit. In other words, you only pay for real time dedicated to your needs.
|
||||
|
||||
In addition to the support service, we also offer custom services around the BunkerWeb solution to meet your specific needs :
|
||||
|
||||
- Consulting : a dedicated expert will give you advices on your project
|
||||
- Development : if you need specific features in BunkerWeb, we can do it for you
|
||||
|
||||
## How can I get more information ?
|
||||
|
||||
You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc), our dedicated platform for professional services.
|
||||
|
||||
Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question, we will be more than happy to respond to your needs.
|
||||
2424
docs/quickstart-guide.md
Normal file
2424
docs/quickstart-guide.md
Normal file
File diff suppressed because it is too large
Load diff
5
docs/requirements.in
Normal file
5
docs/requirements.in
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
mike==2.0.0
|
||||
mkdocs==1.5.3
|
||||
mkdocs-material[imaging]==9.5.3
|
||||
mkdocs-print-site-plugin==2.3.6
|
||||
pytablewriter==1.2.0
|
||||
689
docs/requirements.txt
Normal file
689
docs/requirements.txt
Normal file
|
|
@ -0,0 +1,689 @@
|
|||
#
|
||||
# This file is autogenerated by pip-compile with Python 3.9
|
||||
# by the following command:
|
||||
#
|
||||
# pip-compile --allow-unsafe --generate-hashes --strip-extras requirements.in
|
||||
#
|
||||
babel==2.14.0 \
|
||||
--hash=sha256:6919867db036398ba21eb5c7a0f6b28ab8cbc3ae7a73a44ebe34ae74a4e7d363 \
|
||||
--hash=sha256:efb1a25b7118e67ce3a259bed20545c29cb68be8ad2c784c83689981b7a57287
|
||||
# via mkdocs-material
|
||||
cairocffi==1.6.1 \
|
||||
--hash=sha256:78e6bbe47357640c453d0be929fa49cd05cce2e1286f3d2a1ca9cbda7efdb8b7 \
|
||||
--hash=sha256:aa78ee52b9069d7475eeac457389b6275aa92111895d78fbaa2202a52dac112e
|
||||
# via cairosvg
|
||||
cairosvg==2.7.1 \
|
||||
--hash=sha256:432531d72347291b9a9ebfb6777026b607563fd8719c46ee742db0aef7271ba0 \
|
||||
--hash=sha256:8a5222d4e6c3f86f1f7046b63246877a63b49923a1cd202184c3a634ef546b3b
|
||||
# via mkdocs-material
|
||||
certifi==2023.11.17 \
|
||||
--hash=sha256:9b469f3a900bf28dc19b8cfbf8019bf47f7fdd1a65a1d4ffb98fc14166beb4d1 \
|
||||
--hash=sha256:e036ab49d5b79556f99cfc2d9320b34cfbe5be05c5871b51de9329f0603b0474
|
||||
# via requests
|
||||
cffi==1.16.0 \
|
||||
--hash=sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc \
|
||||
--hash=sha256:131fd094d1065b19540c3d72594260f118b231090295d8c34e19a7bbcf2e860a \
|
||||
--hash=sha256:1b8ebc27c014c59692bb2664c7d13ce7a6e9a629be20e54e7271fa696ff2b417 \
|
||||
--hash=sha256:2c56b361916f390cd758a57f2e16233eb4f64bcbeee88a4881ea90fca14dc6ab \
|
||||
--hash=sha256:2d92b25dbf6cae33f65005baf472d2c245c050b1ce709cc4588cdcdd5495b520 \
|
||||
--hash=sha256:31d13b0f99e0836b7ff893d37af07366ebc90b678b6664c955b54561fc36ef36 \
|
||||
--hash=sha256:32c68ef735dbe5857c810328cb2481e24722a59a2003018885514d4c09af9743 \
|
||||
--hash=sha256:3686dffb02459559c74dd3d81748269ffb0eb027c39a6fc99502de37d501faa8 \
|
||||
--hash=sha256:582215a0e9adbe0e379761260553ba11c58943e4bbe9c36430c4ca6ac74b15ed \
|
||||
--hash=sha256:5b50bf3f55561dac5438f8e70bfcdfd74543fd60df5fa5f62d94e5867deca684 \
|
||||
--hash=sha256:5bf44d66cdf9e893637896c7faa22298baebcd18d1ddb6d2626a6e39793a1d56 \
|
||||
--hash=sha256:6602bc8dc6f3a9e02b6c22c4fc1e47aa50f8f8e6d3f78a5e16ac33ef5fefa324 \
|
||||
--hash=sha256:673739cb539f8cdaa07d92d02efa93c9ccf87e345b9a0b556e3ecc666718468d \
|
||||
--hash=sha256:68678abf380b42ce21a5f2abde8efee05c114c2fdb2e9eef2efdb0257fba1235 \
|
||||
--hash=sha256:68e7c44931cc171c54ccb702482e9fc723192e88d25a0e133edd7aff8fcd1f6e \
|
||||
--hash=sha256:6b3d6606d369fc1da4fd8c357d026317fbb9c9b75d36dc16e90e84c26854b088 \
|
||||
--hash=sha256:748dcd1e3d3d7cd5443ef03ce8685043294ad6bd7c02a38d1bd367cfd968e000 \
|
||||
--hash=sha256:7651c50c8c5ef7bdb41108b7b8c5a83013bfaa8a935590c5d74627c047a583c7 \
|
||||
--hash=sha256:7b78010e7b97fef4bee1e896df8a4bbb6712b7f05b7ef630f9d1da00f6444d2e \
|
||||
--hash=sha256:7e61e3e4fa664a8588aa25c883eab612a188c725755afff6289454d6362b9673 \
|
||||
--hash=sha256:80876338e19c951fdfed6198e70bc88f1c9758b94578d5a7c4c91a87af3cf31c \
|
||||
--hash=sha256:8895613bcc094d4a1b2dbe179d88d7fb4a15cee43c052e8885783fac397d91fe \
|
||||
--hash=sha256:88e2b3c14bdb32e440be531ade29d3c50a1a59cd4e51b1dd8b0865c54ea5d2e2 \
|
||||
--hash=sha256:8f8e709127c6c77446a8c0a8c8bf3c8ee706a06cd44b1e827c3e6a2ee6b8c098 \
|
||||
--hash=sha256:9cb4a35b3642fc5c005a6755a5d17c6c8b6bcb6981baf81cea8bfbc8903e8ba8 \
|
||||
--hash=sha256:9f90389693731ff1f659e55c7d1640e2ec43ff725cc61b04b2f9c6d8d017df6a \
|
||||
--hash=sha256:a09582f178759ee8128d9270cd1344154fd473bb77d94ce0aeb2a93ebf0feaf0 \
|
||||
--hash=sha256:a6a14b17d7e17fa0d207ac08642c8820f84f25ce17a442fd15e27ea18d67c59b \
|
||||
--hash=sha256:a72e8961a86d19bdb45851d8f1f08b041ea37d2bd8d4fd19903bc3083d80c896 \
|
||||
--hash=sha256:abd808f9c129ba2beda4cfc53bde801e5bcf9d6e0f22f095e45327c038bfe68e \
|
||||
--hash=sha256:ac0f5edd2360eea2f1daa9e26a41db02dd4b0451b48f7c318e217ee092a213e9 \
|
||||
--hash=sha256:b29ebffcf550f9da55bec9e02ad430c992a87e5f512cd63388abb76f1036d8d2 \
|
||||
--hash=sha256:b2ca4e77f9f47c55c194982e10f058db063937845bb2b7a86c84a6cfe0aefa8b \
|
||||
--hash=sha256:b7be2d771cdba2942e13215c4e340bfd76398e9227ad10402a8767ab1865d2e6 \
|
||||
--hash=sha256:b84834d0cf97e7d27dd5b7f3aca7b6e9263c56308ab9dc8aae9784abb774d404 \
|
||||
--hash=sha256:b86851a328eedc692acf81fb05444bdf1891747c25af7529e39ddafaf68a4f3f \
|
||||
--hash=sha256:bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0 \
|
||||
--hash=sha256:c0f31130ebc2d37cdd8e44605fb5fa7ad59049298b3f745c74fa74c62fbfcfc4 \
|
||||
--hash=sha256:c6a164aa47843fb1b01e941d385aab7215563bb8816d80ff3a363a9f8448a8dc \
|
||||
--hash=sha256:d8a9d3ebe49f084ad71f9269834ceccbf398253c9fac910c4fd7053ff1386936 \
|
||||
--hash=sha256:db8e577c19c0fda0beb7e0d4e09e0ba74b1e4c092e0e40bfa12fe05b6f6d75ba \
|
||||
--hash=sha256:dc9b18bf40cc75f66f40a7379f6a9513244fe33c0e8aa72e2d56b0196a7ef872 \
|
||||
--hash=sha256:e09f3ff613345df5e8c3667da1d918f9149bd623cd9070c983c013792a9a62eb \
|
||||
--hash=sha256:e4108df7fe9b707191e55f33efbcb2d81928e10cea45527879a4749cbe472614 \
|
||||
--hash=sha256:e6024675e67af929088fda399b2094574609396b1decb609c55fa58b028a32a1 \
|
||||
--hash=sha256:e70f54f1796669ef691ca07d046cd81a29cb4deb1e5f942003f401c0c4a2695d \
|
||||
--hash=sha256:e715596e683d2ce000574bae5d07bd522c781a822866c20495e52520564f0969 \
|
||||
--hash=sha256:e760191dd42581e023a68b758769e2da259b5d52e3103c6060ddc02c9edb8d7b \
|
||||
--hash=sha256:ed86a35631f7bfbb28e108dd96773b9d5a6ce4811cf6ea468bb6a359b256b1e4 \
|
||||
--hash=sha256:ee07e47c12890ef248766a6e55bd38ebfb2bb8edd4142d56db91b21ea68b7627 \
|
||||
--hash=sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956 \
|
||||
--hash=sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357
|
||||
# via cairocffi
|
||||
chardet==5.2.0 \
|
||||
--hash=sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7 \
|
||||
--hash=sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970
|
||||
# via mbstrdecoder
|
||||
charset-normalizer==3.3.2 \
|
||||
--hash=sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027 \
|
||||
--hash=sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087 \
|
||||
--hash=sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786 \
|
||||
--hash=sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8 \
|
||||
--hash=sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09 \
|
||||
--hash=sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185 \
|
||||
--hash=sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574 \
|
||||
--hash=sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e \
|
||||
--hash=sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519 \
|
||||
--hash=sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898 \
|
||||
--hash=sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269 \
|
||||
--hash=sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3 \
|
||||
--hash=sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f \
|
||||
--hash=sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6 \
|
||||
--hash=sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8 \
|
||||
--hash=sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a \
|
||||
--hash=sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73 \
|
||||
--hash=sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc \
|
||||
--hash=sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714 \
|
||||
--hash=sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2 \
|
||||
--hash=sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc \
|
||||
--hash=sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce \
|
||||
--hash=sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d \
|
||||
--hash=sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e \
|
||||
--hash=sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6 \
|
||||
--hash=sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269 \
|
||||
--hash=sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96 \
|
||||
--hash=sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d \
|
||||
--hash=sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a \
|
||||
--hash=sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4 \
|
||||
--hash=sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77 \
|
||||
--hash=sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d \
|
||||
--hash=sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0 \
|
||||
--hash=sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed \
|
||||
--hash=sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068 \
|
||||
--hash=sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac \
|
||||
--hash=sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25 \
|
||||
--hash=sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8 \
|
||||
--hash=sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab \
|
||||
--hash=sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26 \
|
||||
--hash=sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2 \
|
||||
--hash=sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db \
|
||||
--hash=sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f \
|
||||
--hash=sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5 \
|
||||
--hash=sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99 \
|
||||
--hash=sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c \
|
||||
--hash=sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d \
|
||||
--hash=sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811 \
|
||||
--hash=sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa \
|
||||
--hash=sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a \
|
||||
--hash=sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03 \
|
||||
--hash=sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b \
|
||||
--hash=sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04 \
|
||||
--hash=sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c \
|
||||
--hash=sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001 \
|
||||
--hash=sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458 \
|
||||
--hash=sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389 \
|
||||
--hash=sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99 \
|
||||
--hash=sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985 \
|
||||
--hash=sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537 \
|
||||
--hash=sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238 \
|
||||
--hash=sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f \
|
||||
--hash=sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d \
|
||||
--hash=sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796 \
|
||||
--hash=sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a \
|
||||
--hash=sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143 \
|
||||
--hash=sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8 \
|
||||
--hash=sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c \
|
||||
--hash=sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5 \
|
||||
--hash=sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5 \
|
||||
--hash=sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711 \
|
||||
--hash=sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4 \
|
||||
--hash=sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6 \
|
||||
--hash=sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c \
|
||||
--hash=sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7 \
|
||||
--hash=sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4 \
|
||||
--hash=sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b \
|
||||
--hash=sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae \
|
||||
--hash=sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12 \
|
||||
--hash=sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c \
|
||||
--hash=sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae \
|
||||
--hash=sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8 \
|
||||
--hash=sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887 \
|
||||
--hash=sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b \
|
||||
--hash=sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4 \
|
||||
--hash=sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f \
|
||||
--hash=sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5 \
|
||||
--hash=sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33 \
|
||||
--hash=sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519 \
|
||||
--hash=sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561
|
||||
# via requests
|
||||
click==8.1.7 \
|
||||
--hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \
|
||||
--hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de
|
||||
# via mkdocs
|
||||
colorama==0.4.6 \
|
||||
--hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
|
||||
--hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
|
||||
# via mkdocs-material
|
||||
cssselect2==0.7.0 \
|
||||
--hash=sha256:1ccd984dab89fc68955043aca4e1b03e0cf29cad9880f6e28e3ba7a74b14aa5a \
|
||||
--hash=sha256:fd23a65bfd444595913f02fc71f6b286c29261e354c41d722ca7a261a49b5969
|
||||
# via cairosvg
|
||||
dataproperty==1.0.1 \
|
||||
--hash=sha256:0b8b07d4fb6453fcf975b53d35dea41f3cfd69c9d79b5010c3cf224ff0407a7a \
|
||||
--hash=sha256:723e5729fa6e885e127a771a983ee1e0e34bb141aca4ffe1f0bfa7cde34650a4
|
||||
# via
|
||||
# pytablewriter
|
||||
# tabledata
|
||||
defusedxml==0.7.1 \
|
||||
--hash=sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69 \
|
||||
--hash=sha256:a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
|
||||
# via cairosvg
|
||||
ghp-import==2.1.0 \
|
||||
--hash=sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619 \
|
||||
--hash=sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343
|
||||
# via mkdocs
|
||||
idna==3.6 \
|
||||
--hash=sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca \
|
||||
--hash=sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f
|
||||
# via requests
|
||||
importlib-metadata==7.0.1 \
|
||||
--hash=sha256:4805911c3a4ec7c3966410053e9ec6a1fecd629117df5adee56dfc9432a1081e \
|
||||
--hash=sha256:f238736bb06590ae52ac1fab06a3a9ef1d8dce2b7a35b5ab329371d6c8f5d2cc
|
||||
# via
|
||||
# markdown
|
||||
# mike
|
||||
# mkdocs
|
||||
importlib-resources==6.1.1 \
|
||||
--hash=sha256:3893a00122eafde6894c59914446a512f728a0c1a45f9bb9b63721b6bacf0b4a \
|
||||
--hash=sha256:e8bf90d8213b486f428c9c39714b920041cb02c184686a3dee24905aaa8105d6
|
||||
# via mike
|
||||
jinja2==3.1.3 \
|
||||
--hash=sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa \
|
||||
--hash=sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90
|
||||
# via
|
||||
# mike
|
||||
# mkdocs
|
||||
# mkdocs-material
|
||||
markdown==3.5.2 \
|
||||
--hash=sha256:d43323865d89fc0cb9b20c75fc8ad313af307cc087e84b657d9eec768eddeadd \
|
||||
--hash=sha256:e1ac7b3dc550ee80e602e71c1d168002f062e49f1b11e26a36264dafd4df2ef8
|
||||
# via
|
||||
# mkdocs
|
||||
# mkdocs-material
|
||||
# pymdown-extensions
|
||||
markupsafe==2.1.3 \
|
||||
--hash=sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e \
|
||||
--hash=sha256:0a4e4a1aff6c7ac4cd55792abf96c915634c2b97e3cc1c7129578aa68ebd754e \
|
||||
--hash=sha256:10bbfe99883db80bdbaff2dcf681dfc6533a614f700da1287707e8a5d78a8431 \
|
||||
--hash=sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686 \
|
||||
--hash=sha256:14ff806850827afd6b07a5f32bd917fb7f45b046ba40c57abdb636674a8b559c \
|
||||
--hash=sha256:1577735524cdad32f9f694208aa75e422adba74f1baee7551620e43a3141f559 \
|
||||
--hash=sha256:1b40069d487e7edb2676d3fbdb2b0829ffa2cd63a2ec26c4938b2d34391b4ecc \
|
||||
--hash=sha256:1b8dd8c3fd14349433c79fa8abeb573a55fc0fdd769133baac1f5e07abf54aeb \
|
||||
--hash=sha256:1f67c7038d560d92149c060157d623c542173016c4babc0c1913cca0564b9939 \
|
||||
--hash=sha256:282c2cb35b5b673bbcadb33a585408104df04f14b2d9b01d4c345a3b92861c2c \
|
||||
--hash=sha256:2c1b19b3aaacc6e57b7e25710ff571c24d6c3613a45e905b1fde04d691b98ee0 \
|
||||
--hash=sha256:2ef12179d3a291be237280175b542c07a36e7f60718296278d8593d21ca937d4 \
|
||||
--hash=sha256:338ae27d6b8745585f87218a3f23f1512dbf52c26c28e322dbe54bcede54ccb9 \
|
||||
--hash=sha256:3c0fae6c3be832a0a0473ac912810b2877c8cb9d76ca48de1ed31e1c68386575 \
|
||||
--hash=sha256:3fd4abcb888d15a94f32b75d8fd18ee162ca0c064f35b11134be77050296d6ba \
|
||||
--hash=sha256:42de32b22b6b804f42c5d98be4f7e5e977ecdd9ee9b660fda1a3edf03b11792d \
|
||||
--hash=sha256:47d4f1c5f80fc62fdd7777d0d40a2e9dda0a05883ab11374334f6c4de38adffd \
|
||||
--hash=sha256:504b320cd4b7eff6f968eddf81127112db685e81f7e36e75f9f84f0df46041c3 \
|
||||
--hash=sha256:525808b8019e36eb524b8c68acdd63a37e75714eac50e988180b169d64480a00 \
|
||||
--hash=sha256:56d9f2ecac662ca1611d183feb03a3fa4406469dafe241673d521dd5ae92a155 \
|
||||
--hash=sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac \
|
||||
--hash=sha256:65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52 \
|
||||
--hash=sha256:68e78619a61ecf91e76aa3e6e8e33fc4894a2bebe93410754bd28fce0a8a4f9f \
|
||||
--hash=sha256:69c0f17e9f5a7afdf2cc9fb2d1ce6aabdb3bafb7f38017c0b77862bcec2bbad8 \
|
||||
--hash=sha256:6b2b56950d93e41f33b4223ead100ea0fe11f8e6ee5f641eb753ce4b77a7042b \
|
||||
--hash=sha256:715d3562f79d540f251b99ebd6d8baa547118974341db04f5ad06d5ea3eb8007 \
|
||||
--hash=sha256:787003c0ddb00500e49a10f2844fac87aa6ce977b90b0feaaf9de23c22508b24 \
|
||||
--hash=sha256:7ef3cb2ebbf91e330e3bb937efada0edd9003683db6b57bb108c4001f37a02ea \
|
||||
--hash=sha256:8023faf4e01efadfa183e863fefde0046de576c6f14659e8782065bcece22198 \
|
||||
--hash=sha256:8758846a7e80910096950b67071243da3e5a20ed2546e6392603c096778d48e0 \
|
||||
--hash=sha256:8afafd99945ead6e075b973fefa56379c5b5c53fd8937dad92c662da5d8fd5ee \
|
||||
--hash=sha256:8c41976a29d078bb235fea9b2ecd3da465df42a562910f9022f1a03107bd02be \
|
||||
--hash=sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2 \
|
||||
--hash=sha256:8f9293864fe09b8149f0cc42ce56e3f0e54de883a9de90cd427f191c346eb2e1 \
|
||||
--hash=sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707 \
|
||||
--hash=sha256:962f82a3086483f5e5f64dbad880d31038b698494799b097bc59c2edf392fce6 \
|
||||
--hash=sha256:9aad3c1755095ce347e26488214ef77e0485a3c34a50c5a5e2471dff60b9dd9c \
|
||||
--hash=sha256:9dcdfd0eaf283af041973bff14a2e143b8bd64e069f4c383416ecd79a81aab58 \
|
||||
--hash=sha256:aa57bd9cf8ae831a362185ee444e15a93ecb2e344c8e52e4d721ea3ab6ef1823 \
|
||||
--hash=sha256:aa7bd130efab1c280bed0f45501b7c8795f9fdbeb02e965371bbef3523627779 \
|
||||
--hash=sha256:ab4a0df41e7c16a1392727727e7998a467472d0ad65f3ad5e6e765015df08636 \
|
||||
--hash=sha256:ad9e82fb8f09ade1c3e1b996a6337afac2b8b9e365f926f5a61aacc71adc5b3c \
|
||||
--hash=sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad \
|
||||
--hash=sha256:b076b6226fb84157e3f7c971a47ff3a679d837cf338547532ab866c57930dbee \
|
||||
--hash=sha256:b7ff0f54cb4ff66dd38bebd335a38e2c22c41a8ee45aa608efc890ac3e3931bc \
|
||||
--hash=sha256:bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2 \
|
||||
--hash=sha256:c011a4149cfbcf9f03994ec2edffcb8b1dc2d2aede7ca243746df97a5d41ce48 \
|
||||
--hash=sha256:c9c804664ebe8f83a211cace637506669e7890fec1b4195b505c214e50dd4eb7 \
|
||||
--hash=sha256:ca379055a47383d02a5400cb0d110cef0a776fc644cda797db0c5696cfd7e18e \
|
||||
--hash=sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b \
|
||||
--hash=sha256:cd0f502fe016460680cd20aaa5a76d241d6f35a1c3350c474bac1273803893fa \
|
||||
--hash=sha256:ceb01949af7121f9fc39f7d27f91be8546f3fb112c608bc4029aef0bab86a2a5 \
|
||||
--hash=sha256:d080e0a5eb2529460b30190fcfcc4199bd7f827663f858a226a81bc27beaa97e \
|
||||
--hash=sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb \
|
||||
--hash=sha256:df0be2b576a7abbf737b1575f048c23fb1d769f267ec4358296f31c2479db8f9 \
|
||||
--hash=sha256:e09031c87a1e51556fdcb46e5bd4f59dfb743061cf93c4d6831bf894f125eb57 \
|
||||
--hash=sha256:e4dd52d80b8c83fdce44e12478ad2e85c64ea965e75d66dbeafb0a3e77308fcc \
|
||||
--hash=sha256:f698de3fd0c4e6972b92290a45bd9b1536bffe8c6759c62471efaa8acb4c37bc \
|
||||
--hash=sha256:fec21693218efe39aa7f8599346e90c705afa52c5b31ae019b2e57e8f6542bb2 \
|
||||
--hash=sha256:ffcc3f7c66b5f5b7931a5aa68fc9cecc51e685ef90282f4a82f0f5e9b704ad11
|
||||
# via
|
||||
# jinja2
|
||||
# mkdocs
|
||||
mbstrdecoder==1.1.3 \
|
||||
--hash=sha256:d66c1ed3f2dc4e7c5d87cd44a75be10bc5af4250f95b38bbaedd7851308ce938 \
|
||||
--hash=sha256:dcfd2c759322eb44fe193a9e0b1b86c5b87f3ec5ea8e1bb43b3e9ae423f1e8fe
|
||||
# via
|
||||
# dataproperty
|
||||
# pytablewriter
|
||||
# typepy
|
||||
mergedeep==1.3.4 \
|
||||
--hash=sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8 \
|
||||
--hash=sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307
|
||||
# via mkdocs
|
||||
mike==2.0.0 \
|
||||
--hash=sha256:566f1cab1a58cc50b106fb79ea2f1f56e7bfc8b25a051e95e6eaee9fba0922de \
|
||||
--hash=sha256:87f496a65900f93ba92d72940242b65c86f3f2f82871bc60ebdcffc91fad1d9e
|
||||
# via -r requirements.in
|
||||
mkdocs==1.5.3 \
|
||||
--hash=sha256:3b3a78e736b31158d64dbb2f8ba29bd46a379d0c6e324c2246c3bc3d2189cfc1 \
|
||||
--hash=sha256:eb7c99214dcb945313ba30426c2451b735992c73c2e10838f76d09e39ff4d0e2
|
||||
# via
|
||||
# -r requirements.in
|
||||
# mike
|
||||
# mkdocs-material
|
||||
mkdocs-material==9.5.3 \
|
||||
--hash=sha256:5899219f422f0a6de784232d9d40374416302ffae3c160cacc72969fcc1ee372 \
|
||||
--hash=sha256:76c93a8525cceb0b395b9cedab3428bf518cf6439adef2b940f1c1574b775d89
|
||||
# via
|
||||
# -r requirements.in
|
||||
# mkdocs-material
|
||||
# mkdocs-print-site-plugin
|
||||
mkdocs-material-extensions==1.3.1 \
|
||||
--hash=sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443 \
|
||||
--hash=sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31
|
||||
# via mkdocs-material
|
||||
mkdocs-print-site-plugin==2.3.6 \
|
||||
--hash=sha256:01ccb1ceccc87f29e1612bebb77c3bf9980809fbce750fc2113f9d6acea589d4 \
|
||||
--hash=sha256:82e5cabcfb7fe3074daecea018f28ccb4bff086f965e3103fe91019a76752f22
|
||||
# via -r requirements.in
|
||||
packaging==23.2 \
|
||||
--hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
|
||||
--hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
|
||||
# via
|
||||
# mkdocs
|
||||
# typepy
|
||||
paginate==0.5.6 \
|
||||
--hash=sha256:5e6007b6a9398177a7e1648d04fdd9f8c9766a1a945bceac82f1929e8c78af2d
|
||||
# via mkdocs-material
|
||||
pathspec==0.12.1 \
|
||||
--hash=sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08 \
|
||||
--hash=sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712
|
||||
# via mkdocs
|
||||
pathvalidate==3.2.0 \
|
||||
--hash=sha256:5e8378cf6712bff67fbe7a8307d99fa8c1a0cb28aa477056f8fc374f0dff24ad \
|
||||
--hash=sha256:cc593caa6299b22b37f228148257997e2fa850eea2daf7e4cc9205cef6908dee
|
||||
# via pytablewriter
|
||||
pillow==9.5.0 \
|
||||
--hash=sha256:07999f5834bdc404c442146942a2ecadd1cb6292f5229f4ed3b31e0a108746b1 \
|
||||
--hash=sha256:0852ddb76d85f127c135b6dd1f0bb88dbb9ee990d2cd9aa9e28526c93e794fba \
|
||||
--hash=sha256:1781a624c229cb35a2ac31cc4a77e28cafc8900733a864870c49bfeedacd106a \
|
||||
--hash=sha256:1e7723bd90ef94eda669a3c2c19d549874dd5badaeefabefd26053304abe5799 \
|
||||
--hash=sha256:229e2c79c00e85989a34b5981a2b67aa079fd08c903f0aaead522a1d68d79e51 \
|
||||
--hash=sha256:22baf0c3cf0c7f26e82d6e1adf118027afb325e703922c8dfc1d5d0156bb2eeb \
|
||||
--hash=sha256:252a03f1bdddce077eff2354c3861bf437c892fb1832f75ce813ee94347aa9b5 \
|
||||
--hash=sha256:2dfaaf10b6172697b9bceb9a3bd7b951819d1ca339a5ef294d1f1ac6d7f63270 \
|
||||
--hash=sha256:322724c0032af6692456cd6ed554bb85f8149214d97398bb80613b04e33769f6 \
|
||||
--hash=sha256:35f6e77122a0c0762268216315bf239cf52b88865bba522999dc38f1c52b9b47 \
|
||||
--hash=sha256:375f6e5ee9620a271acb6820b3d1e94ffa8e741c0601db4c0c4d3cb0a9c224bf \
|
||||
--hash=sha256:3ded42b9ad70e5f1754fb7c2e2d6465a9c842e41d178f262e08b8c85ed8a1d8e \
|
||||
--hash=sha256:432b975c009cf649420615388561c0ce7cc31ce9b2e374db659ee4f7d57a1f8b \
|
||||
--hash=sha256:482877592e927fd263028c105b36272398e3e1be3269efda09f6ba21fd83ec66 \
|
||||
--hash=sha256:489f8389261e5ed43ac8ff7b453162af39c3e8abd730af8363587ba64bb2e865 \
|
||||
--hash=sha256:54f7102ad31a3de5666827526e248c3530b3a33539dbda27c6843d19d72644ec \
|
||||
--hash=sha256:560737e70cb9c6255d6dcba3de6578a9e2ec4b573659943a5e7e4af13f298f5c \
|
||||
--hash=sha256:5671583eab84af046a397d6d0ba25343c00cd50bce03787948e0fff01d4fd9b1 \
|
||||
--hash=sha256:5ba1b81ee69573fe7124881762bb4cd2e4b6ed9dd28c9c60a632902fe8db8b38 \
|
||||
--hash=sha256:5d4ebf8e1db4441a55c509c4baa7a0587a0210f7cd25fcfe74dbbce7a4bd1906 \
|
||||
--hash=sha256:60037a8db8750e474af7ffc9faa9b5859e6c6d0a50e55c45576bf28be7419705 \
|
||||
--hash=sha256:608488bdcbdb4ba7837461442b90ea6f3079397ddc968c31265c1e056964f1ef \
|
||||
--hash=sha256:6608ff3bf781eee0cd14d0901a2b9cc3d3834516532e3bd673a0a204dc8615fc \
|
||||
--hash=sha256:662da1f3f89a302cc22faa9f14a262c2e3951f9dbc9617609a47521c69dd9f8f \
|
||||
--hash=sha256:7002d0797a3e4193c7cdee3198d7c14f92c0836d6b4a3f3046a64bd1ce8df2bf \
|
||||
--hash=sha256:763782b2e03e45e2c77d7779875f4432e25121ef002a41829d8868700d119392 \
|
||||
--hash=sha256:77165c4a5e7d5a284f10a6efaa39a0ae8ba839da344f20b111d62cc932fa4e5d \
|
||||
--hash=sha256:7c9af5a3b406a50e313467e3565fc99929717f780164fe6fbb7704edba0cebbe \
|
||||
--hash=sha256:7ec6f6ce99dab90b52da21cf0dc519e21095e332ff3b399a357c187b1a5eee32 \
|
||||
--hash=sha256:833b86a98e0ede388fa29363159c9b1a294b0905b5128baf01db683672f230f5 \
|
||||
--hash=sha256:84a6f19ce086c1bf894644b43cd129702f781ba5751ca8572f08aa40ef0ab7b7 \
|
||||
--hash=sha256:8507eda3cd0608a1f94f58c64817e83ec12fa93a9436938b191b80d9e4c0fc44 \
|
||||
--hash=sha256:85ec677246533e27770b0de5cf0f9d6e4ec0c212a1f89dfc941b64b21226009d \
|
||||
--hash=sha256:8aca1152d93dcc27dc55395604dcfc55bed5f25ef4c98716a928bacba90d33a3 \
|
||||
--hash=sha256:8d935f924bbab8f0a9a28404422da8af4904e36d5c33fc6f677e4c4485515625 \
|
||||
--hash=sha256:8f36397bf3f7d7c6a3abdea815ecf6fd14e7fcd4418ab24bae01008d8d8ca15e \
|
||||
--hash=sha256:91ec6fe47b5eb5a9968c79ad9ed78c342b1f97a091677ba0e012701add857829 \
|
||||
--hash=sha256:965e4a05ef364e7b973dd17fc765f42233415974d773e82144c9bbaaaea5d089 \
|
||||
--hash=sha256:96e88745a55b88a7c64fa49bceff363a1a27d9a64e04019c2281049444a571e3 \
|
||||
--hash=sha256:99eb6cafb6ba90e436684e08dad8be1637efb71c4f2180ee6b8f940739406e78 \
|
||||
--hash=sha256:9adf58f5d64e474bed00d69bcd86ec4bcaa4123bfa70a65ce72e424bfb88ed96 \
|
||||
--hash=sha256:9b1af95c3a967bf1da94f253e56b6286b50af23392a886720f563c547e48e964 \
|
||||
--hash=sha256:a0aa9417994d91301056f3d0038af1199eb7adc86e646a36b9e050b06f526597 \
|
||||
--hash=sha256:a0f9bb6c80e6efcde93ffc51256d5cfb2155ff8f78292f074f60f9e70b942d99 \
|
||||
--hash=sha256:a127ae76092974abfbfa38ca2d12cbeddcdeac0fb71f9627cc1135bedaf9d51a \
|
||||
--hash=sha256:aaf305d6d40bd9632198c766fb64f0c1a83ca5b667f16c1e79e1661ab5060140 \
|
||||
--hash=sha256:aca1c196f407ec7cf04dcbb15d19a43c507a81f7ffc45b690899d6a76ac9fda7 \
|
||||
--hash=sha256:ace6ca218308447b9077c14ea4ef381ba0b67ee78d64046b3f19cf4e1139ad16 \
|
||||
--hash=sha256:b416f03d37d27290cb93597335a2f85ed446731200705b22bb927405320de903 \
|
||||
--hash=sha256:bf548479d336726d7a0eceb6e767e179fbde37833ae42794602631a070d630f1 \
|
||||
--hash=sha256:c1170d6b195555644f0616fd6ed929dfcf6333b8675fcca044ae5ab110ded296 \
|
||||
--hash=sha256:c380b27d041209b849ed246b111b7c166ba36d7933ec6e41175fd15ab9eb1572 \
|
||||
--hash=sha256:c446d2245ba29820d405315083d55299a796695d747efceb5717a8b450324115 \
|
||||
--hash=sha256:c830a02caeb789633863b466b9de10c015bded434deb3ec87c768e53752ad22a \
|
||||
--hash=sha256:cb841572862f629b99725ebaec3287fc6d275be9b14443ea746c1dd325053cbd \
|
||||
--hash=sha256:cfa4561277f677ecf651e2b22dc43e8f5368b74a25a8f7d1d4a3a243e573f2d4 \
|
||||
--hash=sha256:cfcc2c53c06f2ccb8976fb5c71d448bdd0a07d26d8e07e321c103416444c7ad1 \
|
||||
--hash=sha256:d3c6b54e304c60c4181da1c9dadf83e4a54fd266a99c70ba646a9baa626819eb \
|
||||
--hash=sha256:d3d403753c9d5adc04d4694d35cf0391f0f3d57c8e0030aac09d7678fa8030aa \
|
||||
--hash=sha256:d9c206c29b46cfd343ea7cdfe1232443072bbb270d6a46f59c259460db76779a \
|
||||
--hash=sha256:e49eb4e95ff6fd7c0c402508894b1ef0e01b99a44320ba7d8ecbabefddcc5569 \
|
||||
--hash=sha256:f8286396b351785801a976b1e85ea88e937712ee2c3ac653710a4a57a8da5d9c \
|
||||
--hash=sha256:f8fc330c3370a81bbf3f88557097d1ea26cd8b019d6433aa59f71195f5ddebbf \
|
||||
--hash=sha256:fbd359831c1657d69bb81f0db962905ee05e5e9451913b18b831febfe0519082 \
|
||||
--hash=sha256:fe7e1c262d3392afcf5071df9afa574544f28eac825284596ac6db56e6d11062 \
|
||||
--hash=sha256:fed1e1cf6a42577953abbe8e6cf2fe2f566daebde7c34724ec8803c4c0cda579
|
||||
# via
|
||||
# cairosvg
|
||||
# mkdocs-material
|
||||
platformdirs==4.1.0 \
|
||||
--hash=sha256:11c8f37bcca40db96d8144522d925583bdb7a31f7b0e37e3ed4318400a8e2380 \
|
||||
--hash=sha256:906d548203468492d432bcb294d4bc2fff751bf84971fbb2c10918cc206ee420
|
||||
# via mkdocs
|
||||
pycparser==2.21 \
|
||||
--hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \
|
||||
--hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206
|
||||
# via cffi
|
||||
pygments==2.17.2 \
|
||||
--hash=sha256:b27c2826c47d0f3219f29554824c30c5e8945175d888647acd804ddd04af846c \
|
||||
--hash=sha256:da46cec9fd2de5be3a8a784f434e4c4ab670b4ff54d605c4c2717e9d49c4c367
|
||||
# via mkdocs-material
|
||||
pymdown-extensions==10.7 \
|
||||
--hash=sha256:6ca215bc57bc12bf32b414887a68b810637d039124ed9b2e5bd3325cbb2c050c \
|
||||
--hash=sha256:c0d64d5cf62566f59e6b2b690a4095c931107c250a8c8e1351c1de5f6b036deb
|
||||
# via mkdocs-material
|
||||
pyparsing==3.1.1 \
|
||||
--hash=sha256:32c7c0b711493c72ff18a981d24f28aaf9c1fb7ed5e9667c9e84e3db623bdbfb \
|
||||
--hash=sha256:ede28a1a32462f5a9705e07aea48001a08f7cf81a021585011deba701581a0db
|
||||
# via mike
|
||||
pytablewriter==1.2.0 \
|
||||
--hash=sha256:0204a4bb684a22140d640f2599f09e137bcdc18b3dd49426f4a555016e246b46 \
|
||||
--hash=sha256:4a30e2bb4bf5bc1069b1d2b2bc41947577c4517ab0875b23a5b194d296f543d8
|
||||
# via -r requirements.in
|
||||
python-dateutil==2.8.2 \
|
||||
--hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \
|
||||
--hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
|
||||
# via
|
||||
# ghp-import
|
||||
# typepy
|
||||
pytz==2023.3.post1 \
|
||||
--hash=sha256:7b4fddbeb94a1eba4b557da24f19fdf9db575192544270a9101d8509f9f43d7b \
|
||||
--hash=sha256:ce42d816b81b68506614c11e8937d3aa9e41007ceb50bfdcb0749b921bf646c7
|
||||
# via typepy
|
||||
pyyaml==6.0.1 \
|
||||
--hash=sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5 \
|
||||
--hash=sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc \
|
||||
--hash=sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df \
|
||||
--hash=sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741 \
|
||||
--hash=sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206 \
|
||||
--hash=sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27 \
|
||||
--hash=sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595 \
|
||||
--hash=sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62 \
|
||||
--hash=sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98 \
|
||||
--hash=sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696 \
|
||||
--hash=sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290 \
|
||||
--hash=sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9 \
|
||||
--hash=sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d \
|
||||
--hash=sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6 \
|
||||
--hash=sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867 \
|
||||
--hash=sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47 \
|
||||
--hash=sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486 \
|
||||
--hash=sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6 \
|
||||
--hash=sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3 \
|
||||
--hash=sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007 \
|
||||
--hash=sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938 \
|
||||
--hash=sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0 \
|
||||
--hash=sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c \
|
||||
--hash=sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735 \
|
||||
--hash=sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d \
|
||||
--hash=sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28 \
|
||||
--hash=sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4 \
|
||||
--hash=sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba \
|
||||
--hash=sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8 \
|
||||
--hash=sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5 \
|
||||
--hash=sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd \
|
||||
--hash=sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3 \
|
||||
--hash=sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0 \
|
||||
--hash=sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515 \
|
||||
--hash=sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c \
|
||||
--hash=sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c \
|
||||
--hash=sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924 \
|
||||
--hash=sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34 \
|
||||
--hash=sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43 \
|
||||
--hash=sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859 \
|
||||
--hash=sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673 \
|
||||
--hash=sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54 \
|
||||
--hash=sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a \
|
||||
--hash=sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b \
|
||||
--hash=sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab \
|
||||
--hash=sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa \
|
||||
--hash=sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c \
|
||||
--hash=sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585 \
|
||||
--hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \
|
||||
--hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f
|
||||
# via
|
||||
# mike
|
||||
# mkdocs
|
||||
# pymdown-extensions
|
||||
# pyyaml-env-tag
|
||||
pyyaml-env-tag==0.1 \
|
||||
--hash=sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb \
|
||||
--hash=sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069
|
||||
# via mkdocs
|
||||
regex==2023.12.25 \
|
||||
--hash=sha256:0694219a1d54336fd0445ea382d49d36882415c0134ee1e8332afd1529f0baa5 \
|
||||
--hash=sha256:086dd15e9435b393ae06f96ab69ab2d333f5d65cbe65ca5a3ef0ec9564dfe770 \
|
||||
--hash=sha256:094ba386bb5c01e54e14434d4caabf6583334090865b23ef58e0424a6286d3dc \
|
||||
--hash=sha256:09da66917262d9481c719599116c7dc0c321ffcec4b1f510c4f8a066f8768105 \
|
||||
--hash=sha256:0ecf44ddf9171cd7566ef1768047f6e66975788258b1c6c6ca78098b95cf9a3d \
|
||||
--hash=sha256:0fda75704357805eb953a3ee15a2b240694a9a514548cd49b3c5124b4e2ad01b \
|
||||
--hash=sha256:11a963f8e25ab5c61348d090bf1b07f1953929c13bd2309a0662e9ff680763c9 \
|
||||
--hash=sha256:150c39f5b964e4d7dba46a7962a088fbc91f06e606f023ce57bb347a3b2d4630 \
|
||||
--hash=sha256:1b9d811f72210fa9306aeb88385b8f8bcef0dfbf3873410413c00aa94c56c2b6 \
|
||||
--hash=sha256:1e0eabac536b4cc7f57a5f3d095bfa557860ab912f25965e08fe1545e2ed8b4c \
|
||||
--hash=sha256:22a86d9fff2009302c440b9d799ef2fe322416d2d58fc124b926aa89365ec482 \
|
||||
--hash=sha256:22f3470f7524b6da61e2020672df2f3063676aff444db1daa283c2ea4ed259d6 \
|
||||
--hash=sha256:263ef5cc10979837f243950637fffb06e8daed7f1ac1e39d5910fd29929e489a \
|
||||
--hash=sha256:283fc8eed679758de38fe493b7d7d84a198b558942b03f017b1f94dda8efae80 \
|
||||
--hash=sha256:29171aa128da69afdf4bde412d5bedc335f2ca8fcfe4489038577d05f16181e5 \
|
||||
--hash=sha256:298dc6354d414bc921581be85695d18912bea163a8b23cac9a2562bbcd5088b1 \
|
||||
--hash=sha256:2aae8101919e8aa05ecfe6322b278f41ce2994c4a430303c4cd163fef746e04f \
|
||||
--hash=sha256:2f4e475a80ecbd15896a976aa0b386c5525d0ed34d5c600b6d3ebac0a67c7ddf \
|
||||
--hash=sha256:34e4af5b27232f68042aa40a91c3b9bb4da0eeb31b7632e0091afc4310afe6cb \
|
||||
--hash=sha256:37f8e93a81fc5e5bd8db7e10e62dc64261bcd88f8d7e6640aaebe9bc180d9ce2 \
|
||||
--hash=sha256:3a17d3ede18f9cedcbe23d2daa8a2cd6f59fe2bf082c567e43083bba3fb00347 \
|
||||
--hash=sha256:3b1de218d5375cd6ac4b5493e0b9f3df2be331e86520f23382f216c137913d20 \
|
||||
--hash=sha256:43f7cd5754d02a56ae4ebb91b33461dc67be8e3e0153f593c509e21d219c5060 \
|
||||
--hash=sha256:4558410b7a5607a645e9804a3e9dd509af12fb72b9825b13791a37cd417d73a5 \
|
||||
--hash=sha256:4719bb05094d7d8563a450cf8738d2e1061420f79cfcc1fa7f0a44744c4d8f73 \
|
||||
--hash=sha256:4bfc2b16e3ba8850e0e262467275dd4d62f0d045e0e9eda2bc65078c0110a11f \
|
||||
--hash=sha256:518440c991f514331f4850a63560321f833979d145d7d81186dbe2f19e27ae3d \
|
||||
--hash=sha256:51f4b32f793812714fd5307222a7f77e739b9bc566dc94a18126aba3b92b98a3 \
|
||||
--hash=sha256:531ac6cf22b53e0696f8e1d56ce2396311254eb806111ddd3922c9d937151dae \
|
||||
--hash=sha256:5cd05d0f57846d8ba4b71d9c00f6f37d6b97d5e5ef8b3c3840426a475c8f70f4 \
|
||||
--hash=sha256:5dd58946bce44b53b06d94aa95560d0b243eb2fe64227cba50017a8d8b3cd3e2 \
|
||||
--hash=sha256:60080bb3d8617d96f0fb7e19796384cc2467447ef1c491694850ebd3670bc457 \
|
||||
--hash=sha256:636ba0a77de609d6510235b7f0e77ec494d2657108f777e8765efc060094c98c \
|
||||
--hash=sha256:67d3ccfc590e5e7197750fcb3a2915b416a53e2de847a728cfa60141054123d4 \
|
||||
--hash=sha256:68191f80a9bad283432385961d9efe09d783bcd36ed35a60fb1ff3f1ec2efe87 \
|
||||
--hash=sha256:7502534e55c7c36c0978c91ba6f61703faf7ce733715ca48f499d3dbbd7657e0 \
|
||||
--hash=sha256:7aa47c2e9ea33a4a2a05f40fcd3ea36d73853a2aae7b4feab6fc85f8bf2c9704 \
|
||||
--hash=sha256:7d2af3f6b8419661a0c421584cfe8aaec1c0e435ce7e47ee2a97e344b98f794f \
|
||||
--hash=sha256:7e316026cc1095f2a3e8cc012822c99f413b702eaa2ca5408a513609488cb62f \
|
||||
--hash=sha256:88ad44e220e22b63b0f8f81f007e8abbb92874d8ced66f32571ef8beb0643b2b \
|
||||
--hash=sha256:88d1f7bef20c721359d8675f7d9f8e414ec5003d8f642fdfd8087777ff7f94b5 \
|
||||
--hash=sha256:89723d2112697feaa320c9d351e5f5e7b841e83f8b143dba8e2d2b5f04e10923 \
|
||||
--hash=sha256:8a0ccf52bb37d1a700375a6b395bff5dd15c50acb745f7db30415bae3c2b0715 \
|
||||
--hash=sha256:8c2c19dae8a3eb0ea45a8448356ed561be843b13cbc34b840922ddf565498c1c \
|
||||
--hash=sha256:905466ad1702ed4acfd67a902af50b8db1feeb9781436372261808df7a2a7bca \
|
||||
--hash=sha256:9852b76ab558e45b20bf1893b59af64a28bd3820b0c2efc80e0a70a4a3ea51c1 \
|
||||
--hash=sha256:98a2636994f943b871786c9e82bfe7883ecdaba2ef5df54e1450fa9869d1f756 \
|
||||
--hash=sha256:9aa1a67bbf0f957bbe096375887b2505f5d8ae16bf04488e8b0f334c36e31360 \
|
||||
--hash=sha256:9eda5f7a50141291beda3edd00abc2d4a5b16c29c92daf8d5bd76934150f3edc \
|
||||
--hash=sha256:a6d1047952c0b8104a1d371f88f4ab62e6275567d4458c1e26e9627ad489b445 \
|
||||
--hash=sha256:a9b6d73353f777630626f403b0652055ebfe8ff142a44ec2cf18ae470395766e \
|
||||
--hash=sha256:a9cc99d6946d750eb75827cb53c4371b8b0fe89c733a94b1573c9dd16ea6c9e4 \
|
||||
--hash=sha256:ad83e7545b4ab69216cef4cc47e344d19622e28aabec61574b20257c65466d6a \
|
||||
--hash=sha256:b014333bd0217ad3d54c143de9d4b9a3ca1c5a29a6d0d554952ea071cff0f1f8 \
|
||||
--hash=sha256:b43523d7bc2abd757119dbfb38af91b5735eea45537ec6ec3a5ec3f9562a1c53 \
|
||||
--hash=sha256:b521dcecebc5b978b447f0f69b5b7f3840eac454862270406a39837ffae4e697 \
|
||||
--hash=sha256:b77e27b79448e34c2c51c09836033056a0547aa360c45eeeb67803da7b0eedaf \
|
||||
--hash=sha256:b7a635871143661feccce3979e1727c4e094f2bdfd3ec4b90dfd4f16f571a87a \
|
||||
--hash=sha256:b7fca9205b59c1a3d5031f7e64ed627a1074730a51c2a80e97653e3e9fa0d415 \
|
||||
--hash=sha256:ba1b30765a55acf15dce3f364e4928b80858fa8f979ad41f862358939bdd1f2f \
|
||||
--hash=sha256:ba99d8077424501b9616b43a2d208095746fb1284fc5ba490139651f971d39d9 \
|
||||
--hash=sha256:c25a8ad70e716f96e13a637802813f65d8a6760ef48672aa3502f4c24ea8b400 \
|
||||
--hash=sha256:c3c4a78615b7762740531c27cf46e2f388d8d727d0c0c739e72048beb26c8a9d \
|
||||
--hash=sha256:c40281f7d70baf6e0db0c2f7472b31609f5bc2748fe7275ea65a0b4601d9b392 \
|
||||
--hash=sha256:c7ad32824b7f02bb3c9f80306d405a1d9b7bb89362d68b3c5a9be53836caebdb \
|
||||
--hash=sha256:cb3fe77aec8f1995611f966d0c656fdce398317f850d0e6e7aebdfe61f40e1cd \
|
||||
--hash=sha256:cc038b2d8b1470364b1888a98fd22d616fba2b6309c5b5f181ad4483e0017861 \
|
||||
--hash=sha256:cc37b9aeebab425f11f27e5e9e6cf580be7206c6582a64467a14dda211abc232 \
|
||||
--hash=sha256:cc6bb9aa69aacf0f6032c307da718f61a40cf970849e471254e0e91c56ffca95 \
|
||||
--hash=sha256:d126361607b33c4eb7b36debc173bf25d7805847346dd4d99b5499e1fef52bc7 \
|
||||
--hash=sha256:d15b274f9e15b1a0b7a45d2ac86d1f634d983ca40d6b886721626c47a400bf39 \
|
||||
--hash=sha256:d166eafc19f4718df38887b2bbe1467a4f74a9830e8605089ea7a30dd4da8887 \
|
||||
--hash=sha256:d498eea3f581fbe1b34b59c697512a8baef88212f92e4c7830fcc1499f5b45a5 \
|
||||
--hash=sha256:d6f7e255e5fa94642a0724e35406e6cb7001c09d476ab5fce002f652b36d0c39 \
|
||||
--hash=sha256:d78bd484930c1da2b9679290a41cdb25cc127d783768a0369d6b449e72f88beb \
|
||||
--hash=sha256:d865984b3f71f6d0af64d0d88f5733521698f6c16f445bb09ce746c92c97c586 \
|
||||
--hash=sha256:d902a43085a308cef32c0d3aea962524b725403fd9373dea18110904003bac97 \
|
||||
--hash=sha256:d94a1db462d5690ebf6ae86d11c5e420042b9898af5dcf278bd97d6bda065423 \
|
||||
--hash=sha256:da695d75ac97cb1cd725adac136d25ca687da4536154cdc2815f576e4da11c69 \
|
||||
--hash=sha256:db2a0b1857f18b11e3b0e54ddfefc96af46b0896fb678c85f63fb8c37518b3e7 \
|
||||
--hash=sha256:df26481f0c7a3f8739fecb3e81bc9da3fcfae34d6c094563b9d4670b047312e1 \
|
||||
--hash=sha256:e14b73607d6231f3cc4622809c196b540a6a44e903bcfad940779c80dffa7be7 \
|
||||
--hash=sha256:e2610e9406d3b0073636a3a2e80db05a02f0c3169b5632022b4e81c0364bcda5 \
|
||||
--hash=sha256:e692296c4cc2873967771345a876bcfc1c547e8dd695c6b89342488b0ea55cd8 \
|
||||
--hash=sha256:e693e233ac92ba83a87024e1d32b5f9ab15ca55ddd916d878146f4e3406b5c91 \
|
||||
--hash=sha256:e81469f7d01efed9b53740aedd26085f20d49da65f9c1f41e822a33992cb1590 \
|
||||
--hash=sha256:e8c7e08bb566de4faaf11984af13f6bcf6a08f327b13631d41d62592681d24fe \
|
||||
--hash=sha256:ed19b3a05ae0c97dd8f75a5d8f21f7723a8c33bbc555da6bbe1f96c470139d3c \
|
||||
--hash=sha256:efb2d82f33b2212898f1659fb1c2e9ac30493ac41e4d53123da374c3b5541e64 \
|
||||
--hash=sha256:f44dd4d68697559d007462b0a3a1d9acd61d97072b71f6d1968daef26bc744bd \
|
||||
--hash=sha256:f72cbae7f6b01591f90814250e636065850c5926751af02bb48da94dfced7baa \
|
||||
--hash=sha256:f7bc09bc9c29ebead055bcba136a67378f03d66bf359e87d0f7c759d6d4ffa31 \
|
||||
--hash=sha256:ff100b203092af77d1a5a7abe085b3506b7eaaf9abf65b73b7d6905b6cb76988
|
||||
# via mkdocs-material
|
||||
requests==2.31.0 \
|
||||
--hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
|
||||
--hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
|
||||
# via
|
||||
# importlib-metadata
|
||||
# importlib-resources
|
||||
|
||||
# The following packages are considered to be unsafe in a requirements file:
|
||||
setuptools==69.0.3 \
|
||||
--hash=sha256:385eb4edd9c9d5c17540511303e39a147ce2fc04bc55289c322b9e5904fe2c05 \
|
||||
--hash=sha256:be1af57fc409f93647f2e8e4573a142ed38724b8cdd389706a867bb4efcf1e78
|
||||
# via mkdocs-material
|
||||
six==1.16.0 \
|
||||
--hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
|
||||
--hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
|
||||
# via python-dateutil
|
||||
tabledata==1.3.3 \
|
||||
--hash=sha256:4abad1c996d8607e23b045b44dc0c5f061668f3c37585302c5f6c84c93a89962 \
|
||||
--hash=sha256:c90daaba9a408e4397934b3ff2f6c06797d5289676420bf520c741ad43e6ff91
|
||||
# via pytablewriter
|
||||
tcolorpy==0.1.4 \
|
||||
--hash=sha256:d0926480aa5012f34877d69fc3b670f207dc165674e68ad07458fa6ee5b12724 \
|
||||
--hash=sha256:f0dceb1cb95e554cee63024b3cd2fd8d4628c568773de2d1e6b4f0478461901c
|
||||
# via pytablewriter
|
||||
tinycss2==1.2.1 \
|
||||
--hash=sha256:2b80a96d41e7c3914b8cda8bc7f705a4d9c49275616e886103dd839dfc847847 \
|
||||
--hash=sha256:8cff3a8f066c2ec677c06dbc7b45619804a6938478d9d73c284b29d14ecb0627
|
||||
# via
|
||||
# cairosvg
|
||||
# cssselect2
|
||||
typepy==1.3.2 \
|
||||
--hash=sha256:b69fd48b9f50cdb3809906eef36b855b3134ff66c8893a4f8580abddb0b39517 \
|
||||
--hash=sha256:d5d1022a424132622993800f1d2cd16cfdb691ac4e3b9c325f0fcb37799db1ae
|
||||
# via
|
||||
# dataproperty
|
||||
# pytablewriter
|
||||
# tabledata
|
||||
# typepy
|
||||
urllib3==2.1.0 \
|
||||
--hash=sha256:55901e917a5896a349ff771be919f8bd99aff50b79fe58fec595eb37bbc56bb3 \
|
||||
--hash=sha256:df7aa8afb0148fa78488e7899b2c59b5f4ffcfa82e6c54ccb9dd37c1d7b52d54
|
||||
# via requests
|
||||
verspec==0.1.0 \
|
||||
--hash=sha256:741877d5633cc9464c45a469ae2a31e801e6dbbaa85b9675d481cda100f11c31 \
|
||||
--hash=sha256:c4504ca697b2056cdb4bfa7121461f5a0e81809255b41c03dda4ba823637c01e
|
||||
# via mike
|
||||
watchdog==3.0.0 \
|
||||
--hash=sha256:0e06ab8858a76e1219e68c7573dfeba9dd1c0219476c5a44d5333b01d7e1743a \
|
||||
--hash=sha256:13bbbb462ee42ec3c5723e1205be8ced776f05b100e4737518c67c8325cf6100 \
|
||||
--hash=sha256:233b5817932685d39a7896b1090353fc8efc1ef99c9c054e46c8002561252fb8 \
|
||||
--hash=sha256:25f70b4aa53bd743729c7475d7ec41093a580528b100e9a8c5b5efe8899592fc \
|
||||
--hash=sha256:2b57a1e730af3156d13b7fdddfc23dea6487fceca29fc75c5a868beed29177ae \
|
||||
--hash=sha256:336adfc6f5cc4e037d52db31194f7581ff744b67382eb6021c868322e32eef41 \
|
||||
--hash=sha256:3aa7f6a12e831ddfe78cdd4f8996af9cf334fd6346531b16cec61c3b3c0d8da0 \
|
||||
--hash=sha256:3ed7c71a9dccfe838c2f0b6314ed0d9b22e77d268c67e015450a29036a81f60f \
|
||||
--hash=sha256:4c9956d27be0bb08fc5f30d9d0179a855436e655f046d288e2bcc11adfae893c \
|
||||
--hash=sha256:4d98a320595da7a7c5a18fc48cb633c2e73cda78f93cac2ef42d42bf609a33f9 \
|
||||
--hash=sha256:4f94069eb16657d2c6faada4624c39464f65c05606af50bb7902e036e3219be3 \
|
||||
--hash=sha256:5113334cf8cf0ac8cd45e1f8309a603291b614191c9add34d33075727a967709 \
|
||||
--hash=sha256:51f90f73b4697bac9c9a78394c3acbbd331ccd3655c11be1a15ae6fe289a8c83 \
|
||||
--hash=sha256:5d9f3a10e02d7371cd929b5d8f11e87d4bad890212ed3901f9b4d68767bee759 \
|
||||
--hash=sha256:7ade88d0d778b1b222adebcc0927428f883db07017618a5e684fd03b83342bd9 \
|
||||
--hash=sha256:7c5f84b5194c24dd573fa6472685b2a27cc5a17fe5f7b6fd40345378ca6812e3 \
|
||||
--hash=sha256:7e447d172af52ad204d19982739aa2346245cc5ba6f579d16dac4bfec226d2e7 \
|
||||
--hash=sha256:8ae9cda41fa114e28faf86cb137d751a17ffd0316d1c34ccf2235e8a84365c7f \
|
||||
--hash=sha256:8f3ceecd20d71067c7fd4c9e832d4e22584318983cabc013dbf3f70ea95de346 \
|
||||
--hash=sha256:9fac43a7466eb73e64a9940ac9ed6369baa39b3bf221ae23493a9ec4d0022674 \
|
||||
--hash=sha256:a70a8dcde91be523c35b2bf96196edc5730edb347e374c7de7cd20c43ed95397 \
|
||||
--hash=sha256:adfdeab2da79ea2f76f87eb42a3ab1966a5313e5a69a0213a3cc06ef692b0e96 \
|
||||
--hash=sha256:ba07e92756c97e3aca0912b5cbc4e5ad802f4557212788e72a72a47ff376950d \
|
||||
--hash=sha256:c07253088265c363d1ddf4b3cdb808d59a0468ecd017770ed716991620b8f77a \
|
||||
--hash=sha256:c9d8c8ec7efb887333cf71e328e39cffbf771d8f8f95d308ea4125bf5f90ba64 \
|
||||
--hash=sha256:d00e6be486affb5781468457b21a6cbe848c33ef43f9ea4a73b4882e5f188a44 \
|
||||
--hash=sha256:d429c2430c93b7903914e4db9a966c7f2b068dd2ebdd2fa9b9ce094c7d459f33
|
||||
# via mkdocs
|
||||
webencodings==0.5.1 \
|
||||
--hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \
|
||||
--hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923
|
||||
# via
|
||||
# cssselect2
|
||||
# tinycss2
|
||||
zipp==3.17.0 \
|
||||
--hash=sha256:0e923e726174922dce09c53c59ad483ff7bbb8e572e00c7f7c46b88556409f31 \
|
||||
--hash=sha256:84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0
|
||||
# via pytablewriter
|
||||
4
docs/robots.txt
Normal file
4
docs/robots.txt
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
User-agent: *
|
||||
Allow: /latest/
|
||||
|
||||
Sitemap: https://docs.bunkerweb.io/latest/sitemap.xml
|
||||
495
docs/security-tuning.md
Normal file
495
docs/security-tuning.md
Normal file
|
|
@ -0,0 +1,495 @@
|
|||
# Security tuning
|
||||
|
||||
BunkerWeb offers many security features that you can configure with [settings](settings.md). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you tune them. By doing so you will be able to ensure the security level of your choice but also manage false positives.
|
||||
|
||||
!!! tip "Other settings"
|
||||
This section only focuses on security tuning, see the [settings section](settings.md) of the documentation for other settings.
|
||||
|
||||
<figure markdown>
|
||||
{ align=center }
|
||||
<figcaption>Overview and order of the core security plugins</figcaption>
|
||||
</figure>
|
||||
|
||||
## HTTP protocol
|
||||
|
||||
### Deny status code
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
The first thing to define is the kind of action to do when a client access is denied. You can control the action with the `DENY_HTTP_STATUS` setting which allows the following values :
|
||||
|
||||
- `403` : send a "classical" Forbidden HTTP status code (a web page or custom content will be displayed)
|
||||
- `444` : close the connection (no web page or custom content will be displayed)
|
||||
|
||||
The default value is `403` and we suggest you set it to `444` only if you already fixed a lot of false positive, you are familiar with BunkerWeb and want a higher level of security.
|
||||
|
||||
When using stream mode, value is ignored and always set to `444` with effect of closing the connection.
|
||||
|
||||
### Default server
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
In the HTTP protocol, the Host header is used to determine which server the client wants to send the request to. That header is facultative and may be missing from the request or can be set as an unknown value. This is a common case, a lot of bots are scanning the Internet and are trying to exploit services or simply doing some fingerprinting.
|
||||
|
||||
You can disable any request containing undefined or unknown Host value by setting `DISABLE_DEFAULT_SERVER` to `yes` (default : `no`). Please note that clients won't even receive a response, the TCP connection will be closed (using the special 444 status code of NGINX).
|
||||
|
||||
### Allowed methods
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
You can control the allowed HTTP methods by listing them (separated with "|") in the `ALLOWED_METHODS` setting (default : `GET|POST|HEAD`). Clients sending a method which is not listed will get a "405 - Method Not Allowed".
|
||||
|
||||
### Max sizes
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
You can control the maximum body size with the `MAX_CLIENT_SIZE` setting (default : `10m`). See [here](https://nginx.org/en/docs/syntax.html) for accepted values. You can use the special value `0` to allow a body of infinite size (not recommended).
|
||||
|
||||
### Serve files
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
To disable serving files from the www folder, you can set `SERVE_FILES` to `no` (default : `yes`). The value `no` is recommended if you use BunkerWeb as a reverse proxy.
|
||||
|
||||
### Headers
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Headers are very important when it comes to HTTP security. While some of them might be too verbose, others' verbosity will need to be increased, especially on the client-side.
|
||||
|
||||
#### Remove headers
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
You can automatically remove verbose headers in the HTTP responses by using the `REMOVE_HEADERS` setting (default : `Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version`).
|
||||
|
||||
#### Keep upstream headers
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
You can automatically keep headers from upstream servers and prevent BunkerWeb from overriding them in the HTTP responses by using the `KEEP_UPSTREAM_HEADERS` setting (default : `Content-Security-Policy Permissions-Policy Feature-Policy X-Frame-Options`). A special value `*` is available to keep all headers. List of headers to keep must be separated with a space. Note that if the header is not present in the upstream response, it will be added by BunkerWeb.
|
||||
|
||||
#### Cookies
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
When it comes to cookies security, we can use the following flags :
|
||||
|
||||
- HttpOnly : disable any access to the cookie from Javascript using document.cookie
|
||||
- SameSite : policy when requests come from third-party websites
|
||||
- Secure : only send cookies on HTTPS request
|
||||
|
||||
Cookie flags can be overridden with values of your choice by using the `COOKIE_FLAGS` setting (default : `* HttpOnly SameSite=Lax`). See [here](https://github.com/AirisX/nginx_cookie_flag_module) for accepted values.
|
||||
|
||||
The Secure flag can be automatically added if HTTPS is used by using the `COOKIE_AUTO_SECURE_FLAG` setting (default : `yes`). The value `no` is not recommended unless you know what you're doing.
|
||||
|
||||
#### Security headers
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Various security headers are available and most of them can be set using BunkerWeb settings. Here is the list of headers, the corresponding setting and default value :
|
||||
|
||||
| Header | Setting | Default |
|
||||
| :-------------------------: | :-------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
|
||||
| `Content-Security-Policy` | `CONTENT_SECURITY_POLICY` | `object-src 'none'; frame-src 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self';` |
|
||||
| `Strict-Transport-Security` | `STRICT_TRANSPORT_SECURITY` | `max-age=31536000` |
|
||||
| `Referrer-Policy` | `REFERRER_POLICY` | `strict-origin-when-cross-origin` |
|
||||
| `Permissions-Policy` | `PERMISSIONS_POLICY` | `accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()` |
|
||||
| `Feature-Policy` | `FEATURE_POLICY` | `accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';` |
|
||||
| `X-Frame-Options` | `X_FRAME_OPTIONS` | `SAMEORIGIN` |
|
||||
| `X-Content-Type-Options` | `X_CONTENT_TYPE_OPTIONS` | `nosniff` |
|
||||
| `X-XSS-Protection` | `X_XSS_PROTECTION` | `1; mode=block` |
|
||||
|
||||
#### CORS
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
[Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) lets you manage how your service can be contacted from different origins. Please note that you will have to allow the `OPTIONS` HTTP method using the `ALLOWED_METHODS` if you want to enable it (more info [here](#allowed-methods)). Here is the list of settings related to CORS :
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|------------------------|------------------------------------------------------------------------------------|---------|--------|-------------------------------------------------------------------|
|
||||
|`USE_CORS` |`no` |multisite|no |Use CORS |
|
||||
|`CORS_ALLOW_ORIGIN` |`*` |multisite|no |Allowed origins to make CORS requests : PCRE regex or *. |
|
||||
|`CORS_EXPOSE_HEADERS` |`Content-Length,Content-Range` |multisite|no |Value of the Access-Control-Expose-Headers header. |
|
||||
|`CORS_MAX_AGE` |`86400` |multisite|no |Value of the Access-Control-Max-Age header. |
|
||||
|`CORS_ALLOW_CREDENTIALS`|`no` |multisite|no |Send the Access-Control-Allow-Credentials header. |
|
||||
|`CORS_ALLOW_METHODS` |`GET, POST, OPTIONS` |multisite|no |Value of the Access-Control-Allow-Methods header. |
|
||||
|`CORS_ALLOW_HEADERS` |`DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range`|multisite|no |Value of the Access-Control-Allow-Headers header. |
|
||||
|`CORS_DENY_REQUEST` |`yes` |multisite|no |Deny request and don't send it to backend if Origin is not allowed.|
|
||||
|
||||
Here is some examples of possible values for `CORS_ALLOW_ORIGIN` setting :
|
||||
|
||||
- `*` will allow all origin
|
||||
- `^https://www\.example\.com$` will allow `https://www.example.com`
|
||||
- `^https://.+\.example.com$` will allow any origins when domain ends with `.example.com`
|
||||
- `^https://(www\.example1\.com|www\.example2\.com)$` will allow both `https://www.example1.com` and `https://www.example2.com`
|
||||
- `^https?://www\.example\.com$` will allow both `https://www.example.com` and `http://www.example.com`
|
||||
|
||||
## HTTPS / SSL/TLS
|
||||
|
||||
Besides the HTTPS / SSL/TLS configuration, the following settings related to HTTPS / SSL/TLS can be set :
|
||||
|
||||
| Setting | Default | Description |
|
||||
| :---------------------------: | :---------------: | :----------------------------------------------------------------------------------------------------------- |
|
||||
| `REDIRECT_HTTP_TO_HTTPS` | `no` | When set to `yes`, will redirect every HTTP request to HTTPS even if BunkerWeb is not configured with HTTPS. |
|
||||
| `AUTO_REDIRECT_HTTP_TO_HTTPS` | `yes` | When set to `yes`, will redirect every HTTP request to HTTPS only if BunkerWeb is configured with HTTPS. |
|
||||
| `SSL_PROTOCOLS` | `TLSv1.2 TLSv1.3` | List of supported SSL/TLS protocols when SSL is enabled. |
|
||||
| `HTTP2` | `yes` | When set to `yes`, will enable HTTP2 protocol support when using HTTPS. |
|
||||
| `LISTEN_HTTP` | `yes` | When set to `no`, BunkerWeb will not listen for HTTP requests. Useful if you want HTTPS only for example. |
|
||||
|
||||
### Let's Encrypt
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
BunkerWeb comes with automatic Let's Encrypt certificate generation and renewal. This is the easiest way of getting HTTPS / SSL/TLS working out of the box for public-facing web applications. Please note that you will need to set up proper DNS A record(s) for each of your domains pointing to your public IP(s) where BunkerWeb is accessible.
|
||||
|
||||
Here is the list of related settings :
|
||||
|
||||
| Setting | Default | Description |
|
||||
| :------------------------: | :----------------------: | :----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `AUTO_LETS_ENCRYPT` | `no` | When set to `yes`, HTTPS / SSL/TLS will be enabled with automatic certificate generation and renewal from Let's Encrypt. |
|
||||
| `EMAIL_LETS_ENCRYPT` | `contact@{FIRST_SERVER}` | Email to use when generating certificates. Let's Encrypt will send notifications to that email like certificate expiration. |
|
||||
| `USE_LETS_ENCRYPT_STAGING` | `no` | When set to `yes`, the staging server of Let's Encrypt will be used instead of the production one. Useful when doing tests to avoid being "blocked" due to limits. |
|
||||
|
||||
Full Let's Encrypt automation is fully working with stream mode as long as you open the `80/tcp` port from the outside. Please note that you will need to use the `LISTEN_STREAM_PORT_SSL` setting in order to choose your listening SSL/TLS port.
|
||||
|
||||
### Custom certificate
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
If you want to use your own certificates, here is the list of related settings :
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|-----------------|-------|---------|--------|--------------------------------------------------------------------------------|
|
||||
|`USE_CUSTOM_SSL` |`no` |multisite|no |Use custom HTTPS / SSL/TLS certificate. |
|
||||
|`CUSTOM_SSL_CERT`| |multisite|no |Full path of the certificate or bundle file (must be readable by the scheduler).|
|
||||
|`CUSTOM_SSL_KEY` | |multisite|no |Full path of the key file (must be readable by the scheduler). |
|
||||
|
||||
|
||||
When `USE_CUSTOM_SSL` is set to `yes`, BunkerWeb will check every day if the custom certificate specified in `CUSTOM_SSL_CERT` is modified and will reload NGINX if that's the case.
|
||||
|
||||
When using stream mode, you will need to use the `LISTEN_STREAM_PORT_SSL` setting in order to choose your listening SSL/TLS port.
|
||||
|
||||
### Self-signed
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
If you want to quickly test HTTPS / SSL/TLS for staging/dev environment you can configure BunkerWeb to generate self-signed certificates, here is the list of related settings :
|
||||
|
||||
| Setting | Default | Description |
|
||||
| :------------------------: | :--------------------: | :------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `GENERATE_SELF_SIGNED_SSL` | `no` | When set to `yes`, HTTPS / SSL/TLS will be enabled with automatic self-signed certificate generation and renewal from Let's Encrypt. |
|
||||
| `SELF_SIGNED_SSL_EXPIRY` | `365` | Number of days for the certificate expiration (**-days** value used with **openssl**). |
|
||||
| `SELF_SIGNED_SSL_SUBJ` | `/CN=www.example.com/` | Certificate subject to use (**-subj** value used with **openssl**). |
|
||||
|
||||
When using stream mode, you will need to use the `LISTEN_STREAM_PORT_SSL` setting in order to choose your listening SSL/TLS port.
|
||||
|
||||
## ModSecurity
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
ModSecurity is integrated and enabled by default alongside the OWASP Core Rule Set within BunkerWeb. Here is the list of related settings :
|
||||
|
||||
| Setting | Default | Description |
|
||||
| :-------------------: | :-----: | :---------------------------------------------------------------------------------------------------- |
|
||||
| `USE_MODSECURITY` | `yes` | When set to `yes`, ModSecurity will be enabled. |
|
||||
| `USE_MODSECURITY_CRS` | `yes` | When set to `yes` and `USE_MODSECURITY` is also set to `yes`, the OWASP Core Rule Set will be loaded. |
|
||||
|
||||
We strongly recommend keeping both ModSecurity and the OWASP Core Rule Set enabled. The only downsides are the false positives that may occur. But they can be fixed with some efforts and the CRS team maintains a list of exclusions for common applications (e.g., WordPress, Nextcloud, Drupal, Cpanel, ...).
|
||||
|
||||
Tuning ModSecurity and the CRS can be done using [custom configurations](quickstart-guide.md#custom-configurations) :
|
||||
|
||||
- modsec-crs : before the OWASP Core Rule Set is loaded
|
||||
- modsec : after the OWASP Core Rule Set is loaded (also used if CRS is not loaded)
|
||||
|
||||
For example, you can add a custom configuration with type `modsec-crs` to add CRS exclusions :
|
||||
|
||||
```conf
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_wordpress=1"
|
||||
```
|
||||
|
||||
You can also add a custom configuration with type `modsec` to update loaded CRS rules :
|
||||
|
||||
```conf
|
||||
SecRule REQUEST_FILENAME "/wp-admin/admin-ajax.php" "id:1,ctl:ruleRemoveByTag=attack-xss,ctl:ruleRemoveByTag=attack-rce"
|
||||
SecRule REQUEST_FILENAME "/wp-admin/options.php" "id:2,ctl:ruleRemoveByTag=attack-xss"
|
||||
SecRule REQUEST_FILENAME "^/wp-json/yoast" "id:3,ctl:ruleRemoveById=930120"
|
||||
```
|
||||
|
||||
## Bad behavior
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
When attackers search for and/or exploit vulnerabilities they might generate some "suspicious" HTTP status codes that a "regular" user won’t generate within a period of time. If we detect that kind of behavior we can ban the offending IP address and force the attacker to come up with a new one.
|
||||
|
||||
That kind of security measure is implemented and enabled by default in BunkerWeb and is called "Bad behavior". Here is the list of the related settings :
|
||||
|
||||
| Setting | Default | Description |
|
||||
| :-------------------------: | :---------------------------: | :--------------------------------------------------------------------------- |
|
||||
| `USE_BAD_BEHAVIOR` | `yes` | When set to `yes`, the Bad behavior feature will be enabled. |
|
||||
| `BAD_BEHAVIOR_STATUS_CODES` | `400 401 403 404 405 429 444` | List of HTTP status codes considered as "suspicious". |
|
||||
| `BAD_BEHAVIOR_BAN_TIME` | `86400` | The duration time (in seconds) of a ban when a client reached the threshold. |
|
||||
| `BAD_BEHAVIOR_THRESHOLD` | `10` | Maximum number of "suspicious" HTTP status codes within the time period. |
|
||||
| `BAD_BEHAVIOR_COUNT_TIME` | `60` | Period of time during which we count "suspicious" HTTP status codes. |
|
||||
|
||||
In other words, with the default values, if a client generates more than `10` status codes from the list `400 401 403 404 405 429 444` within `60` seconds their IP address will be banned for `86400` seconds.
|
||||
|
||||
When using stream mode, only the `444` status code will count as "bad".
|
||||
|
||||
## Antibot
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Attackers will certainly use automated tools to exploit/find some vulnerabilities in your web applications. One countermeasure is to challenge the users to detect if they look like a bot. If the challenge is solved, we consider the client as "legitimate" and they can access the web application.
|
||||
|
||||
That kind of security is implemented but not enabled by default in BunkerWeb and is called "Antibot". Here is the list of supported challenges :
|
||||
|
||||
- **Cookie** : send a cookie to the client, we expect to get the cookie back on other requests
|
||||
- **Javascript** : force a client to solve a computation challenge using Javascript
|
||||
- **Captcha** : force the client to solve a classical captcha (no external dependencies)
|
||||
- **hCaptcha** : force the client to solve a captcha from hCaptcha
|
||||
- **reCAPTCHA** : force the client to get a minimum score with Google reCAPTCHA
|
||||
- **Turnstile** : enforce rate limiting and access control for APIs and web applications using various mechanisms with Coudflare Turnstile
|
||||
|
||||
Here is the list of related settings :
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------|------------|---------|--------|------------------------------------------------------------------------------------------------------------------------------|
|
||||
|`USE_ANTIBOT` |`no` |multisite|no |Activate antibot feature. |
|
||||
|`ANTIBOT_URI` |`/challenge`|multisite|no |Unused URI that clients will be redirected to to solve the challenge. |
|
||||
|`ANTIBOT_RECAPTCHA_SCORE` |`0.7` |multisite|no |Minimum score required for reCAPTCHA challenge. |
|
||||
|`ANTIBOT_RECAPTCHA_SITEKEY`| |multisite|no |Sitekey for reCAPTCHA challenge. |
|
||||
|`ANTIBOT_RECAPTCHA_SECRET` | |multisite|no |Secret for reCAPTCHA challenge. |
|
||||
|`ANTIBOT_HCAPTCHA_SITEKEY` | |multisite|no |Sitekey for hCaptcha challenge. |
|
||||
|`ANTIBOT_HCAPTCHA_SECRET` | |multisite|no |Secret for hCaptcha challenge. |
|
||||
|`ANTIBOT_TURNSTILE_SITEKEY`| |multisite|no |Sitekey for Turnstile challenge. |
|
||||
|`ANTIBOT_TURNSTILE_SECRET` | |multisite|no |Secret for Turnstile challenge. |
|
||||
|`ANTIBOT_TIME_RESOLVE` |`60` |multisite|no |Maximum time (in seconds) clients have to resolve the challenge. Once this time has passed, a new challenge will be generated.|
|
||||
|`ANTIBOT_TIME_VALID` |`86400` |multisite|no |Maximum validity time of solved challenges. Once this time has passed, clients will need to resolve a new one. |
|
||||
|
||||
Please note that antibot feature is using a cookie to maintain a session with clients. If you are using BunkerWeb in a clustered environment, you will need to set the `SESSIONS_SECRET` and `SESSIONS_NAME` settings to another value than the default one (which is `random`). You will find more info about sessions [here](settings.md#sessions).
|
||||
|
||||
## Blacklisting, whitelisting and greylisting
|
||||
|
||||
The blacklisting security feature is very easy to understand : if a specific criteria is met, the client will be banned. As for the whitelisting, it's the exact opposite : if a specific criteria is met, the client will be allowed and no additional security check will be done. Whereas for the greylisting : if a specific criteria is met, the client will be allowed but additional security checks will be done.
|
||||
|
||||
You can configure blacklisting, whitelisting and greylisting at the same time. If that's the case, note that whitelisting is executed before blacklisting and greylisting : even if a criteria is true for all of them, the client will be whitelisted.
|
||||
|
||||
### Blacklisting
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
You can use the following settings to set up blacklisting :
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|----------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------|--------|------------------------------------------------------------------------------------------------|
|
||||
|`USE_BLACKLIST` |`yes` |multisite|no |Activate blacklist feature. |
|
||||
|`BLACKLIST_IP` | |multisite|no |List of IP/network, separated with spaces, to block. |
|
||||
|`BLACKLIST_IP_URLS` |`https://www.dan.me.uk/torlist/?exit` |global |no |List of URLs, separated with spaces, containing bad IP/network to block. |
|
||||
|`BLACKLIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS blacklist checks on global IP addresses. |
|
||||
|`BLACKLIST_RDNS` |`.shodan.io .censys.io` |multisite|no |List of reverse DNS suffixes, separated with spaces, to block. |
|
||||
|`BLACKLIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to block. |
|
||||
|`BLACKLIST_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to block. |
|
||||
|`BLACKLIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to block. |
|
||||
|`BLACKLIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to block. |
|
||||
|`BLACKLIST_USER_AGENT_URLS` |`https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list`|global |no |List of URLs, separated with spaces, containing bad User-Agent to block. |
|
||||
|`BLACKLIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to block. |
|
||||
|`BLACKLIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to block. |
|
||||
|`BLACKLIST_IGNORE_IP` | |multisite|no |List of IP/network, separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_IP_URLS` | |global |no |List of URLs, separated with spaces, containing IP/network to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_RDNS` | |multisite|no |List of reverse DNS suffixes, separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist.|
|
||||
|`BLACKLIST_IGNORE_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_URI_URLS` | |global |no |List of URLs, separated with spaces, containing URI to ignore in the blacklist. |
|
||||
|
||||
When using stream mode, only IP, RDNS and ASN checks will be done.
|
||||
|
||||
### Greylisting
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
You can use the following settings to set up greylisting :
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|--------------------------|-------|---------|--------|----------------------------------------------------------------------------------------------|
|
||||
|`USE_GREYLIST` |`no` |multisite|no |Activate greylist feature. |
|
||||
|`GREYLIST_IP` | |multisite|no |List of IP/network, separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_IP_URLS` | |global |no |List of URLs, separated with spaces, containing good IP/network to put into the greylist. |
|
||||
|`GREYLIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS greylist checks on global IP addresses. |
|
||||
|`GREYLIST_RDNS` | |multisite|no |List of reverse DNS suffixes, separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist.|
|
||||
|`GREYLIST_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to put into the greylist. |
|
||||
|`GREYLIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing good User-Agent to put into the greylist. |
|
||||
|`GREYLIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to put into the greylist. |
|
||||
|
||||
When using stream mode, only IP, RDNS and ASN checks will be done.
|
||||
|
||||
### Whitelisting
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
You can use the following settings to set up whitelisting :
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|----------------------------------------------------------------------------------|
|
||||
|`USE_WHITELIST` |`yes` |multisite|no |Activate whitelist feature. |
|
||||
|`WHITELIST_IP` |`20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8`|multisite|no |List of IP/network, separated with spaces, to put into the whitelist. |
|
||||
|`WHITELIST_IP_URLS` | |global |no |List of URLs, separated with spaces, containing good IP/network to whitelist. |
|
||||
|`WHITELIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS whitelist checks on global IP addresses. |
|
||||
|`WHITELIST_RDNS` |`.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com` |multisite|no |List of reverse DNS suffixes, separated with spaces, to whitelist. |
|
||||
|`WHITELIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.|
|
||||
|`WHITELIST_ASN` |`32934` |multisite|no |List of ASN numbers, separated with spaces, to whitelist. |
|
||||
|`WHITELIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to whitelist. |
|
||||
|`WHITELIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to whitelist. |
|
||||
|`WHITELIST_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing good User-Agent to whitelist. |
|
||||
|`WHITELIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to whitelist. |
|
||||
|`WHITELIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to whitelist. |
|
||||
|
||||
When using stream mode, only IP, RDNS and ASN checks will be done.
|
||||
|
||||
## Reverse scan
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Reverse scan is a feature designed to detect open ports by establishing TCP connections with clients' IP addresses.
|
||||
Consider adding this feature if you want to detect possible open proxies or connections from servers.
|
||||
|
||||
We provide a list of suspicious ports by default but it can be modified to fit your needs. Be mindful, adding too many ports to the list can significantly slow down clients' connections due to the network checks. If a listed port is open, the client's access will be denied.
|
||||
|
||||
Please be aware, this feature is new and further improvements will be added soon.
|
||||
|
||||
Here is the list of settings related to reverse scan :
|
||||
|
||||
| Setting | Default | Description |
|
||||
| :----------: | :--------------------------------------------------------------------------: | :--------------------------------------------- |
|
||||
| `USE_REVERSE_SCAN` | `no` | When set to `yes`, will enable ReverseScan. |
|
||||
| `REVERSE_SCAN_PORTS` | `22 80 443 3128 8000 8080` | List of suspicious ports to scan. |
|
||||
| `REVERSE_SCAN_TIMEOUT` | `500` | Specify the maximum timeout (in ms) when scanning a port. |
|
||||
|
||||
## BunkerNet
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
BunkerNet is a crowdsourced database of malicious requests shared between all BunkerWeb instances over the world.
|
||||
|
||||
If you enable BunkerNet, malicious requests will be sent to a remote server and will be analyzed by our systems. By doing so, we can extract malicious data from everyone's reports and give back the results to each BunkerWeb instances participating into BunkerNet.
|
||||
|
||||
At the moment, that feature should be considered in "beta". We only extract malicious IP and we are very strict about how we do it to avoid any "poisoning". We strongly recommend activating it (which is the default) because the more instances participate, the more data we have to improve the algorithm.
|
||||
|
||||
The setting used to enable or disable BunkerNet is `USE_BUNKERNET` (default : `yes`).
|
||||
|
||||
## DNSBL
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
DNSBL or "DNS BlackList" is an external list of malicious IPs that you query using the DNS protocol. Automatic querying of that kind of blacklist is supported by BunkerWeb. If a remote DNSBL server of your choice says that the IP address of the client is in the blacklist, it will be banned.
|
||||
|
||||
Here is the list of settings related to DNSBL :
|
||||
|
||||
| Setting | Default | Description |
|
||||
| :----------: | :--------------------------------------------------------------------------: | :--------------------------------------------- |
|
||||
| `USE_DNSBL` | `yes` | When set to `yes`, will enable DNSBL checking. |
|
||||
| `DNSBL_LIST` | `bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org` | List of DNSBL servers to ask. |
|
||||
|
||||
## Limiting
|
||||
|
||||
BunkerWeb supports applying a limit policy to :
|
||||
|
||||
- Number of connections per IP
|
||||
- Number of requests per IP and URL within a time period
|
||||
|
||||
Please note that it should not be considered as an effective solution against DoS or DDoS but rather as an anti-bruteforce measure or rate limit policy for API.
|
||||
|
||||
In both cases (connections or requests) if the limit is reached, the client will receive the HTTP status "429 - Too Many Requests".
|
||||
|
||||
### Connections
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
The following settings are related to the Limiting connections feature :
|
||||
|
||||
| Setting | Default | Description |
|
||||
| :--------------------: | :-----: | :----------------------------------------------------------------------------------------- |
|
||||
| `USE_LIMIT_CONN` | `yes` | When set to `yes`, will limit the maximum number of concurrent connections for a given IP. |
|
||||
| `LIMIT_CONN_MAX_HTTP1` | `10` | Maximum number of concurrent connections when using HTTP1 protocol. |
|
||||
| `LIMIT_CONN_MAX_HTTP2` | `100` | Maximum number of concurrent streams when using HTTP2 protocol. |
|
||||
| `LIMIT_CONN_MAX_STREAM`| `10` | Maximum number of connections per IP when using stream. |
|
||||
|
||||
### Requests
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
The following settings are related to the Limiting requests feature :
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|-----------------------|-------|---------|--------|---------------------------------------------------------------------------------------------|
|
||||
|`USE_LIMIT_REQ` |`yes` |multisite|no |Activate limit requests feature. |
|
||||
|`LIMIT_REQ_URL` |`/` |multisite|yes |URL (PCRE regex) where the limit request will be applied or special value / for all requests.|
|
||||
|`LIMIT_REQ_RATE` |`2r/s` |multisite|yes |Rate to apply to the URL (s for second, m for minute, h for hour and d for day). |
|
||||
|`USE_LIMIT_CONN` |`yes` |multisite|no |Activate limit connections feature. |
|
||||
|`LIMIT_CONN_MAX_HTTP1` |`10` |multisite|no |Maximum number of connections per IP when using HTTP/1.X protocol. |
|
||||
|`LIMIT_CONN_MAX_HTTP2` |`100` |multisite|no |Maximum number of streams per IP when using HTTP/2 protocol. |
|
||||
|`LIMIT_CONN_MAX_STREAM`|`10` |multisite|no |Maximum number of connections per IP when using stream. |
|
||||
|
||||
Please note that you can add different rates for different URLs by adding a number as a suffix to the settings for example : `LIMIT_REQ_URL_1=^/url1$`, `LIMIT_REQ_RATE_1=5r/d`, `LIMIT_REQ_URL_2=^/url2/subdir/.*$`, `LIMIT_REQ_RATE_2=1r/m`, ...
|
||||
|
||||
Another important thing to note is that `LIMIT_REQ_URL` values are PCRE regex.
|
||||
|
||||
## Country
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
The country security feature allows you to apply policy based on the country of the IP address of clients :
|
||||
|
||||
- Deny any access if the country is in a blacklist
|
||||
- Only allow access if the country is in a whitelist (other security checks will still be executed)
|
||||
|
||||
Here is the list of related settings :
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|-------------------|-------|---------|--------|--------------------------------------------------------------------------------------------------------------|
|
||||
|`BLACKLIST_COUNTRY`| |multisite|no |Deny access if the country of the client is in the list (ISO 3166-1 alpha-2 format separated with spaces). |
|
||||
|`WHITELIST_COUNTRY`| |multisite|no |Deny access if the country of the client is not in the list (ISO 3166-1 alpha-2 format separated with spaces).|
|
||||
|
||||
Using both country blacklist and whitelist at the same time makes no sense. If you do, please note that only the whitelist will be executed.
|
||||
|
||||
## Authentication
|
||||
|
||||
### Auth basic
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
You can quickly protect sensitive resources like the admin area for example, by requiring HTTP basic authentication. Here is the list of related settings :
|
||||
|
||||
| Setting | Default | Description |
|
||||
| :-----------------------: | :---------------: | :------------------------------------------------------------------------------------------- |
|
||||
| `USE_AUTH_BASIC` | `no` | When set to `yes` HTTP auth basic will be enabled. |
|
||||
| `AUTH_BASIC_LOCATION` | `sitewide` | Location (URL) of the sensitive resource. Use special value `sitewide` to enable everywhere. |
|
||||
| `AUTH_BASIC_USER` | `changeme` | The username required. |
|
||||
| `AUTH_BASIC_PASSWORD` | `changeme` | The password required. |
|
||||
| `AUTH_BASIC_TEXT` | `Restricted area` | Text to display in the auth prompt. |
|
||||
|
||||
### Auth request
|
||||
|
||||
You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/examples).
|
||||
|
||||
**Auth request settings are related to reverse proxy rules.**
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------------------|----------------------------------|---------|--------|--------------------------------------------------------------------------------------------------------------------|
|
||||
|`REVERSE_PROXY_AUTH_REQUEST` | |multisite|yes |Enable authentication using an external provider (value of auth_request directive). |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL`| |multisite|yes |Redirect clients to sign-in URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401). |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST_SET` | |multisite|yes |List of variables to set from the authentication provider, separated with ; (values of auth_request_set directives).|
|
||||
553
docs/settings.md
Normal file
553
docs/settings.md
Normal file
|
|
@ -0,0 +1,553 @@
|
|||
# Settings
|
||||
|
||||
!!! info "Settings generator tool"
|
||||
|
||||
To help you tune BunkerWeb, we have made an easy-to-use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=doc).
|
||||
|
||||
This section contains the full list of settings supported by BunkerWeb. If you are not yet familiar with BunkerWeb, you should first read the [concepts](concepts.md) section of the documentation. Please follow the instructions for your own [integration](integrations.md) on how to apply the settings.
|
||||
|
||||
As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server, you will need to add the primary (first) server name as a prefix like `www.example.com_USE_ANTIBOT=captcha` or `myapp.example.com_USE_GZIP=yes` for example.
|
||||
|
||||
When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
|
||||
|
||||
## Global settings
|
||||
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|------------------------------|------------------------------------------------------------------------------------------------------------------------|---------|--------|--------------------------------------------------|
|
||||
|`IS_LOADING` |`no` |global |no |Internal use : set to yes when BW is loading. |
|
||||
|`NGINX_PREFIX` |`/etc/nginx/` |global |no |Where nginx will search for configurations. |
|
||||
|`HTTP_PORT` |`8080` |global |no |HTTP port number which bunkerweb binds to. |
|
||||
|`HTTPS_PORT` |`8443` |global |no |HTTPS port number which bunkerweb binds to. |
|
||||
|`MULTISITE` |`no` |global |no |Multi site activation. |
|
||||
|`SERVER_NAME` |`www.example.com` |multisite|no |List of the virtual hosts served by bunkerweb. |
|
||||
|`WORKER_PROCESSES` |`auto` |global |no |Number of worker processes. |
|
||||
|`WORKER_RLIMIT_NOFILE` |`2048` |global |no |Maximum number of open files for worker processes.|
|
||||
|`WORKER_CONNECTIONS` |`1024` |global |no |Maximum number of connections per worker. |
|
||||
|`LOG_FORMAT` |`$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"`|global |no |The format to use for access logs. |
|
||||
|`LOG_LEVEL` |`notice` |global |no |The level to use for error logs. |
|
||||
|`DNS_RESOLVERS` |`127.0.0.11` |global |no |DNS addresses of resolvers to use. |
|
||||
|`DATASTORE_MEMORY_SIZE` |`64m` |global |no |Size of the internal datastore. |
|
||||
|`CACHESTORE_MEMORY_SIZE` |`64m` |global |no |Size of the internal cachestore. |
|
||||
|`CACHESTORE_IPC_MEMORY_SIZE` |`16m` |global |no |Size of the internal cachestore (ipc). |
|
||||
|`CACHESTORE_MISS_MEMORY_SIZE` |`16m` |global |no |Size of the internal cachestore (miss). |
|
||||
|`CACHESTORE_LOCKS_MEMORY_SIZE`|`16m` |global |no |Size of the internal cachestore (locks). |
|
||||
|`USE_API` |`yes` |global |no |Activate the API to control BunkerWeb. |
|
||||
|`API_HTTP_PORT` |`5000` |global |no |Listen port number for the API. |
|
||||
|`API_LISTEN_IP` |`0.0.0.0` |global |no |Listen IP address for the API. |
|
||||
|`API_SERVER_NAME` |`bwapi` |global |no |Server name (virtual host) for the API. |
|
||||
|`API_WHITELIST_IP` |`127.0.0.0/8` |global |no |List of IP/network allowed to contact the API. |
|
||||
|`AUTOCONF_MODE` |`no` |global |no |Enable Autoconf Docker integration. |
|
||||
|`SWARM_MODE` |`no` |global |no |Enable Docker Swarm integration. |
|
||||
|`KUBERNETES_MODE` |`no` |global |no |Enable Kubernetes integration. |
|
||||
|`SERVER_TYPE` |`http` |multisite|no |Server type : http or stream. |
|
||||
|`LISTEN_STREAM` |`yes` |multisite|no |Enable listening for non-ssl (passthrough). |
|
||||
|`LISTEN_STREAM_PORT` |`1337` |multisite|no |Listening port for non-ssl (passthrough). |
|
||||
|`LISTEN_STREAM_PORT_SSL` |`4242` |multisite|no |Listening port for ssl (passthrough). |
|
||||
|`USE_UDP` |`no` |multisite|no |UDP listen instead of TCP (stream). |
|
||||
|`USE_IPV6` |`no` |global |no |Enable IPv6 connectivity. |
|
||||
|
||||
|
||||
## Core settings
|
||||
|
||||
### Antibot
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Bot detection by using a challenge.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------|------------|---------|--------|------------------------------------------------------------------------------------------------------------------------------|
|
||||
|`USE_ANTIBOT` |`no` |multisite|no |Activate antibot feature. |
|
||||
|`ANTIBOT_URI` |`/challenge`|multisite|no |Unused URI that clients will be redirected to to solve the challenge. |
|
||||
|`ANTIBOT_RECAPTCHA_SCORE` |`0.7` |multisite|no |Minimum score required for reCAPTCHA challenge. |
|
||||
|`ANTIBOT_RECAPTCHA_SITEKEY`| |multisite|no |Sitekey for reCAPTCHA challenge. |
|
||||
|`ANTIBOT_RECAPTCHA_SECRET` | |multisite|no |Secret for reCAPTCHA challenge. |
|
||||
|`ANTIBOT_HCAPTCHA_SITEKEY` | |multisite|no |Sitekey for hCaptcha challenge. |
|
||||
|`ANTIBOT_HCAPTCHA_SECRET` | |multisite|no |Secret for hCaptcha challenge. |
|
||||
|`ANTIBOT_TURNSTILE_SITEKEY`| |multisite|no |Sitekey for Turnstile challenge. |
|
||||
|`ANTIBOT_TURNSTILE_SECRET` | |multisite|no |Secret for Turnstile challenge. |
|
||||
|`ANTIBOT_TIME_RESOLVE` |`60` |multisite|no |Maximum time (in seconds) clients have to resolve the challenge. Once this time has passed, a new challenge will be generated.|
|
||||
|`ANTIBOT_TIME_VALID` |`86400` |multisite|no |Maximum validity time of solved challenges. Once this time has passed, clients will need to resolve a new one. |
|
||||
|
||||
### Auth basic
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Enforce login before accessing a resource or the whole site using HTTP basic auth method.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------|-----------------|---------|--------|------------------------------------------------|
|
||||
|`USE_AUTH_BASIC` |`no` |multisite|no |Use HTTP basic auth |
|
||||
|`AUTH_BASIC_LOCATION`|`sitewide` |multisite|no |URL of the protected resource or sitewide value.|
|
||||
|`AUTH_BASIC_USER` |`changeme` |multisite|no |Username |
|
||||
|`AUTH_BASIC_PASSWORD`|`changeme` |multisite|no |Password |
|
||||
|`AUTH_BASIC_TEXT` |`Restricted area`|multisite|no |Text to display |
|
||||
|
||||
### Bad behavior
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Ban IP generating too much 'bad' HTTP status code in a period of time.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------|-----------------------------|---------|--------|--------------------------------------------------------------------------------------------|
|
||||
|`USE_BAD_BEHAVIOR` |`yes` |multisite|no |Activate Bad behavior feature. |
|
||||
|`BAD_BEHAVIOR_STATUS_CODES`|`400 401 403 404 405 429 444`|multisite|no |List of HTTP status codes considered as 'bad'. |
|
||||
|`BAD_BEHAVIOR_BAN_TIME` |`86400` |multisite|no |The duration time (in seconds) of a ban when the corresponding IP has reached the threshold.|
|
||||
|`BAD_BEHAVIOR_THRESHOLD` |`10` |multisite|no |Maximum number of 'bad' HTTP status codes within the period of time before IP is banned. |
|
||||
|`BAD_BEHAVIOR_COUNT_TIME` |`60` |multisite|no |Period of time (in seconds) during which we count 'bad' HTTP status codes. |
|
||||
|
||||
### Blacklist
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
Deny access based on internal and external IP/network/rDNS/ASN blacklists.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|----------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------|--------|------------------------------------------------------------------------------------------------|
|
||||
|`USE_BLACKLIST` |`yes` |multisite|no |Activate blacklist feature. |
|
||||
|`BLACKLIST_IP` | |multisite|no |List of IP/network, separated with spaces, to block. |
|
||||
|`BLACKLIST_IP_URLS` |`https://www.dan.me.uk/torlist/?exit` |global |no |List of URLs, separated with spaces, containing bad IP/network to block. |
|
||||
|`BLACKLIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS blacklist checks on global IP addresses. |
|
||||
|`BLACKLIST_RDNS` |`.shodan.io .censys.io` |multisite|no |List of reverse DNS suffixes, separated with spaces, to block. |
|
||||
|`BLACKLIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to block. |
|
||||
|`BLACKLIST_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to block. |
|
||||
|`BLACKLIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to block. |
|
||||
|`BLACKLIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to block. |
|
||||
|`BLACKLIST_USER_AGENT_URLS` |`https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list`|global |no |List of URLs, separated with spaces, containing bad User-Agent to block. |
|
||||
|`BLACKLIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to block. |
|
||||
|`BLACKLIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to block. |
|
||||
|`BLACKLIST_IGNORE_IP` | |multisite|no |List of IP/network, separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_IP_URLS` | |global |no |List of URLs, separated with spaces, containing IP/network to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_RDNS` | |multisite|no |List of reverse DNS suffixes, separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist.|
|
||||
|`BLACKLIST_IGNORE_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to ignore in the blacklist. |
|
||||
|`BLACKLIST_IGNORE_URI_URLS` | |global |no |List of URLs, separated with spaces, containing URI to ignore in the blacklist. |
|
||||
|
||||
### Brotli
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Compress HTTP requests with the brotli algorithm.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|-------------------------------------------------------|
|
||||
|`USE_BROTLI` |`no` |multisite|no |Use brotli |
|
||||
|`BROTLI_TYPES` |`application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml`|multisite|no |List of MIME types that will be compressed with brotli.|
|
||||
|`BROTLI_MIN_LENGTH`|`1000` |multisite|no |Minimum length for brotli compression. |
|
||||
|`BROTLI_COMP_LEVEL`|`6` |multisite|no |The compression level of the brotli algorithm. |
|
||||
|
||||
### BunkerNet
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Share threat data with other BunkerWeb instances via BunkerNet.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|------------------|--------------------------|---------|--------|-----------------------------|
|
||||
|`USE_BUNKERNET` |`yes` |multisite|no |Activate BunkerNet feature. |
|
||||
|`BUNKERNET_SERVER`|`https://api.bunkerweb.io`|global |no |Address of the BunkerNet API.|
|
||||
|
||||
### CORS
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Cross-Origin Resource Sharing.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|------------------------------|------------------------------------------------------------------------------------|---------|--------|-------------------------------------------------------------------|
|
||||
|`USE_CORS` |`no` |multisite|no |Use CORS |
|
||||
|`CORS_ALLOW_ORIGIN` |`*` |multisite|no |Allowed origins to make CORS requests : PCRE regex or *. |
|
||||
|`CORS_EXPOSE_HEADERS` |`Content-Length,Content-Range` |multisite|no |Value of the Access-Control-Expose-Headers header. |
|
||||
|`CROSS_ORIGIN_OPENER_POLICY` | |multisite|no |Value for the Cross-Origin-Opener-Policy header. |
|
||||
|`CROSS_ORIGIN_EMBEDDER_POLICY`| |multisite|no |Value for the Cross-Origin-Embedder-Policy header. |
|
||||
|`CROSS_ORIGIN_RESOURCE_POLICY`| |multisite|no |Value for the Cross-Origin-Resource-Policy header. |
|
||||
|`CORS_MAX_AGE` |`86400` |multisite|no |Value of the Access-Control-Max-Age header. |
|
||||
|`CORS_ALLOW_CREDENTIALS` |`no` |multisite|no |Send the Access-Control-Allow-Credentials header. |
|
||||
|`CORS_ALLOW_METHODS` |`GET, POST, OPTIONS` |multisite|no |Value of the Access-Control-Allow-Methods header. |
|
||||
|`CORS_ALLOW_HEADERS` |`DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range`|multisite|no |Value of the Access-Control-Allow-Headers header. |
|
||||
|`CORS_DENY_REQUEST` |`yes` |multisite|no |Deny request and don't send it to backend if Origin is not allowed.|
|
||||
|
||||
### Client cache
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Manage caching for clients.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|-------------------------|------------------------------------------------------------|---------|--------|--------------------------------------------------------------------|
|
||||
|`USE_CLIENT_CACHE` |`no` |multisite|no |Tell client to store locally static files. |
|
||||
|`CLIENT_CACHE_EXTENSIONS`|`jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2`|global |no |List of file extensions, separated with pipes that should be cached.|
|
||||
|`CLIENT_CACHE_ETAG` |`yes` |multisite|no |Send the HTTP ETag header for static resources. |
|
||||
|`CLIENT_CACHE_CONTROL` |`public, max-age=15552000` |multisite|no |Value of the Cache-Control HTTP header. |
|
||||
|
||||
### Country
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Deny access based on the country of the client IP.
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|-------------------|-------|---------|--------|--------------------------------------------------------------------------------------------------------------|
|
||||
|`BLACKLIST_COUNTRY`| |multisite|no |Deny access if the country of the client is in the list (ISO 3166-1 alpha-2 format separated with spaces). |
|
||||
|`WHITELIST_COUNTRY`| |multisite|no |Deny access if the country of the client is not in the list (ISO 3166-1 alpha-2 format separated with spaces).|
|
||||
|
||||
### Custom HTTPS certificate
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Choose custom certificate for HTTPS.
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|----------------------|-------|---------|--------|--------------------------------------------------------------------------------|
|
||||
|`USE_CUSTOM_SSL` |`no` |multisite|no |Use custom HTTPS certificate. |
|
||||
|`CUSTOM_SSL_CERT` | |multisite|no |Full path of the certificate or bundle file (must be readable by the scheduler).|
|
||||
|`CUSTOM_SSL_KEY` | |multisite|no |Full path of the key file (must be readable by the scheduler). |
|
||||
|`CUSTOM_SSL_CERT_DATA`| |multisite|no |Certificate data encoded in base64. |
|
||||
|`CUSTOM_SSL_KEY_DATA` | |multisite|no |Key data encoded in base64. |
|
||||
|
||||
### DB
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Integrate easily the Database.
|
||||
|
||||
| Setting | Default |Context|Multiple| Description |
|
||||
|--------------|-----------------------------------------|-------|--------|--------------------------------------------------|
|
||||
|`DATABASE_URI`|`sqlite:////var/lib/bunkerweb/db.sqlite3`|global |no |The database URI, following the sqlalchemy format.|
|
||||
|
||||
### DNSBL
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Deny access based on external DNSBL servers.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|------------|----------------------------------------------------------------------------|---------|--------|-----------------------|
|
||||
|`USE_DNSBL` |`yes` |multisite|no |Activate DNSBL feature.|
|
||||
|`DNSBL_LIST`|`bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org`|global |no |List of DNSBL servers. |
|
||||
|
||||
### Errors
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Manage default error pages
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|-------------------------|-------------------------------------------------|---------|--------|------------------------------------------------------------------------------------------------------------------------|
|
||||
|`ERRORS` | |multisite|no |List of HTTP error code and corresponding error pages, separated with spaces (404=/my404.html 403=/errors/403.html ...).|
|
||||
|`INTERCEPTED_ERROR_CODES`|`400 401 403 404 405 413 429 500 501 502 503 504`|multisite|no |List of HTTP error code intercepted by BunkerWeb |
|
||||
|
||||
### Greylist
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
Allow access while keeping security features based on internal and external IP/network/rDNS/ASN greylists.
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|--------------------------|-------|---------|--------|----------------------------------------------------------------------------------------------|
|
||||
|`USE_GREYLIST` |`no` |multisite|no |Activate greylist feature. |
|
||||
|`GREYLIST_IP` | |multisite|no |List of IP/network, separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_IP_URLS` | |global |no |List of URLs, separated with spaces, containing good IP/network to put into the greylist. |
|
||||
|`GREYLIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS greylist checks on global IP addresses. |
|
||||
|`GREYLIST_RDNS` | |multisite|no |List of reverse DNS suffixes, separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist.|
|
||||
|`GREYLIST_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to put into the greylist. |
|
||||
|`GREYLIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing good User-Agent to put into the greylist. |
|
||||
|`GREYLIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to put into the greylist. |
|
||||
|`GREYLIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to put into the greylist. |
|
||||
|
||||
### Gzip
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Compress HTTP requests with the gzip algorithm.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|-----------------------------------------------------|
|
||||
|`USE_GZIP` |`no` |multisite|no |Use gzip |
|
||||
|`GZIP_TYPES` |`application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml`|multisite|no |List of MIME types that will be compressed with gzip.|
|
||||
|`GZIP_MIN_LENGTH`|`1000` |multisite|no |Minimum length for gzip compression. |
|
||||
|`GZIP_COMP_LEVEL`|`5` |multisite|no |The compression level of the gzip algorithm. |
|
||||
|
||||
### HTML injection
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Inject custom HTML code before the </body> tag.
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|-------------|-------|---------|--------|------------------------|
|
||||
|`INJECT_BODY`| |multisite|no |The HTML code to inject.|
|
||||
|
||||
### Headers
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Manage HTTP headers sent to clients.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|----------------------------------------------------------------------------------------------|
|
||||
|`CUSTOM_HEADER` | |multisite|yes |Custom header to add (HeaderName: HeaderValue). |
|
||||
|`REMOVE_HEADERS` |`Server Expect-CT X-Powered-By X-AspNet-Version X-AspNetMvc-Version` |multisite|no |Headers to remove (Header1 Header2 Header3 ...) |
|
||||
|`KEEP_UPSTREAM_HEADERS` |`Content-Security-Policy Permissions-Policy Feature-Policy X-Frame-Options` |multisite|no |Headers to keep from upstream (Header1 Header2 Header3 ... or * for all). |
|
||||
|`STRICT_TRANSPORT_SECURITY` |`max-age=31536000` |multisite|no |Value for the Strict-Transport-Security header. |
|
||||
|`COOKIE_FLAGS` |`* HttpOnly SameSite=Lax` |multisite|yes |Cookie flags automatically added to all cookies (value accepted for nginx_cookie_flag_module).|
|
||||
|`COOKIE_AUTO_SECURE_FLAG` |`yes` |multisite|no |Automatically add the Secure flag to all cookies. |
|
||||
|`CONTENT_SECURITY_POLICY` |`object-src 'none'; form-action 'self'; frame-ancestors 'self';` |multisite|no |Value for the Content-Security-Policy header. |
|
||||
|`CONTENT_SECURITY_POLICY_REPORT_ONLY`|`no` |multisite|no |Send reports for violations of the Content-Security-Policy header instead of blocking them. |
|
||||
|`REFERRER_POLICY` |`strict-origin-when-cross-origin` |multisite|no |Value for the Referrer-Policy header. |
|
||||
|`PERMISSIONS_POLICY` |`accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()` |multisite|no |Value for the Permissions-Policy header. |
|
||||
|`FEATURE_POLICY` |`accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';`|multisite|no |Value for the Feature-Policy header. |
|
||||
|`X_FRAME_OPTIONS` |`SAMEORIGIN` |multisite|no |Value for the X-Frame-Options header. |
|
||||
|`X_CONTENT_TYPE_OPTIONS` |`nosniff` |multisite|no |Value for the X-Content-Type-Options header. |
|
||||
|`X_XSS_PROTECTION` |`1; mode=block` |multisite|no |Value for the X-XSS-Protection header. |
|
||||
|
||||
### Let's Encrypt
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Automatic creation, renewal and configuration of Let's Encrypt certificates.
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|--------------------------|-------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
|`AUTO_LETS_ENCRYPT` |`no` |multisite|no |Activate automatic Let's Encrypt mode. |
|
||||
|`EMAIL_LETS_ENCRYPT` | |multisite|no |Email used for Let's Encrypt notification and in certificate. |
|
||||
|`USE_LETS_ENCRYPT_STAGING`|`no` |multisite|no |Use the staging environment for Let’s Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.|
|
||||
|
||||
### Limit
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
Limit maximum number of requests and connections.
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|-----------------------|-------|---------|--------|---------------------------------------------------------------------------------------------|
|
||||
|`USE_LIMIT_REQ` |`yes` |multisite|no |Activate limit requests feature. |
|
||||
|`LIMIT_REQ_URL` |`/` |multisite|yes |URL (PCRE regex) where the limit request will be applied or special value / for all requests.|
|
||||
|`LIMIT_REQ_RATE` |`2r/s` |multisite|yes |Rate to apply to the URL (s for second, m for minute, h for hour and d for day). |
|
||||
|`USE_LIMIT_CONN` |`yes` |multisite|no |Activate limit connections feature. |
|
||||
|`LIMIT_CONN_MAX_HTTP1` |`10` |multisite|no |Maximum number of connections per IP when using HTTP/1.X protocol. |
|
||||
|`LIMIT_CONN_MAX_HTTP2` |`100` |multisite|no |Maximum number of streams per IP when using HTTP/2 protocol. |
|
||||
|`LIMIT_CONN_MAX_STREAM`|`10` |multisite|no |Maximum number of connections per IP when using stream. |
|
||||
|
||||
### Miscellaneous
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
Miscellaneous settings.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|-----------------------------|-----------------------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------|
|
||||
|`DISABLE_DEFAULT_SERVER` |`no` |global |no |Close connection if the request vhost is unknown. |
|
||||
|`REDIRECT_HTTP_TO_HTTPS` |`no` |multisite|no |Redirect all HTTP request to HTTPS. |
|
||||
|`AUTO_REDIRECT_HTTP_TO_HTTPS`|`yes` |multisite|no |Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case. |
|
||||
|`ALLOWED_METHODS` |`GET|POST|HEAD` |multisite|no |Allowed HTTP and WebDAV methods, separated with pipes to be sent by clients. |
|
||||
|`MAX_CLIENT_SIZE` |`10m` |multisite|no |Maximum body size (0 for infinite). |
|
||||
|`SERVE_FILES` |`yes` |multisite|no |Serve files from the local folder. |
|
||||
|`ROOT_FOLDER` | |multisite|no |Root folder containing files to serve (/var/www/html/{server_name} if unset). |
|
||||
|`SSL_PROTOCOLS` |`TLSv1.2 TLSv1.3` |multisite|no |The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons. |
|
||||
|`HTTP2` |`yes` |multisite|no |Support HTTP2 protocol when HTTPS is enabled. |
|
||||
|`LISTEN_HTTP` |`yes` |multisite|no |Respond to (insecure) HTTP requests. |
|
||||
|`USE_OPEN_FILE_CACHE` |`no` |multisite|no |Enable open file cache feature |
|
||||
|`OPEN_FILE_CACHE` |`max=1000 inactive=20s`|multisite|no |Open file cache directive |
|
||||
|`OPEN_FILE_CACHE_ERRORS` |`yes` |multisite|no |Enable open file cache for errors |
|
||||
|`OPEN_FILE_CACHE_MIN_USES` |`2` |multisite|no |Enable open file cache minimum uses |
|
||||
|`OPEN_FILE_CACHE_VALID` |`30s` |multisite|no |Open file cache valid time |
|
||||
|`EXTERNAL_PLUGIN_URLS` | |global |no |List of external plugins URLs (direct download to .zip or .tar file) to download and install (URLs are separated with space).|
|
||||
|`DENY_HTTP_STATUS` |`403` |global |no |HTTP status code to send when the request is denied (403 or 444). When using 444, BunkerWeb will close the connection. |
|
||||
|`SEND_ANONYMOUS_REPORT` |`yes` |global |no |Send anonymous report to BunkerWeb maintainers. |
|
||||
|
||||
### ModSecurity
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Management of the ModSecurity WAF.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------------|--------------|---------|--------|------------------------------------------|
|
||||
|`USE_MODSECURITY` |`yes` |multisite|no |Enable ModSecurity WAF. |
|
||||
|`USE_MODSECURITY_CRS` |`yes` |multisite|no |Enable OWASP Core Rule Set. |
|
||||
|`MODSECURITY_SEC_AUDIT_ENGINE` |`RelevantOnly`|multisite|no |SecAuditEngine directive of ModSecurity. |
|
||||
|`MODSECURITY_SEC_RULE_ENGINE` |`On` |multisite|no |SecRuleEngine directive of ModSecurity. |
|
||||
|`MODSECURITY_SEC_AUDIT_LOG_PARTS`|`ABCFHZ` |multisite|no |SecAuditLogParts directive of ModSecurity.|
|
||||
|
||||
### PHP
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Manage local or remote PHP-FPM.
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|-----------------|-------|---------|--------|------------------------------------------------------------|
|
||||
|`REMOTE_PHP` | |multisite|no |Hostname of the remote PHP-FPM instance. |
|
||||
|`REMOTE_PHP_PATH`| |multisite|no |Root folder containing files in the remote PHP-FPM instance.|
|
||||
|`LOCAL_PHP` | |multisite|no |Path to the PHP-FPM socket file. |
|
||||
|`LOCAL_PHP_PATH` | |multisite|no |Root folder containing files in the local PHP-FPM instance. |
|
||||
|
||||
### Real IP
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
Get real IP of clients when BunkerWeb is behind a reverse proxy / load balancer.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|--------------------|-----------------------------------------|---------|--------|--------------------------------------------------------------------------------------------------------|
|
||||
|`USE_REAL_IP` |`no` |multisite|no |Retrieve the real IP of client. |
|
||||
|`USE_PROXY_PROTOCOL`|`no` |multisite|no |Enable PROXY protocol communication. |
|
||||
|`REAL_IP_FROM` |`192.168.0.0/16 172.16.0.0/12 10.0.0.0/8`|multisite|no |List of trusted IPs / networks, separated with spaces, where proxied requests come from. |
|
||||
|`REAL_IP_FROM_URLS` | |global |no |List of URLs containing trusted IPs / networks, separated with spaces, where proxied requests come from.|
|
||||
|`REAL_IP_HEADER` |`X-Forwarded-For` |multisite|no |HTTP header containing the real IP or special value proxy_protocol for PROXY protocol. |
|
||||
|`REAL_IP_RECURSIVE` |`yes` |multisite|no |Perform a recursive search in the header container IP address. |
|
||||
|
||||
### Redirect
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Manage HTTP redirects.
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|-------------------------|-------|---------|--------|-------------------------------------------------|
|
||||
|`REDIRECT_TO` | |multisite|no |Redirect a whole site to another one. |
|
||||
|`REDIRECT_TO_REQUEST_URI`|`no` |multisite|no |Append the requested URI to the redirect address.|
|
||||
|`REDIRECT_TO_STATUS_CODE`|`301` |multisite|no |Status code to send to client when redirecting. |
|
||||
|
||||
### Redis
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Redis server configuration when using BunkerWeb in cluster mode.
|
||||
|
||||
| Setting |Default|Context|Multiple| Description |
|
||||
|-------------------------|-------|-------|--------|-------------------------------------------------------------------|
|
||||
|`USE_REDIS` |`no` |global |no |Activate Redis. |
|
||||
|`REDIS_HOST` | |global |no |Redis server IP or hostname. |
|
||||
|`REDIS_PORT` |`6379` |global |no |Redis server port. |
|
||||
|`REDIS_DATABASE` |`0` |global |no |Redis database number. |
|
||||
|`REDIS_SSL` |`no` |global |no |Use SSL/TLS connection with Redis server. |
|
||||
|`REDIS_TIMEOUT` |`1000` |global |no |Redis server timeout (in ms) for connect, read and write. |
|
||||
|`REDIS_KEEPALIVE_IDLE` |`30000`|global |no |Max idle time (in ms) before closing redis connection in the pool. |
|
||||
|`REDIS_KEEPALIVE_POOL` |`10` |global |no |Max number of redis connection(s) kept in the pool. |
|
||||
|`REDIS_USERNAME` | |global |no |Redis username used in AUTH command. |
|
||||
|`REDIS_PASSWORD` | |global |no |Redis password used in AUTH command. |
|
||||
|`REDIS_SENTINEL_HOSTS` | |global |no |Redis sentinel hosts with format host:[port] separated with spaces.|
|
||||
|`REDIS_SENTINEL_USERNAME`| |global |no |Redis sentinel username. |
|
||||
|`REDIS_SENTINEL_PASSWORD`| |global |no |Redis sentinel password. |
|
||||
|`REDIS_SENTINEL_MASTER` | |global |no |Redis sentinel master name. |
|
||||
|
||||
### Reverse proxy
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
Manage reverse proxy configurations.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------------------|----------------------------------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------|
|
||||
|`USE_REVERSE_PROXY` |`no` |multisite|no |Activate reverse proxy mode. |
|
||||
|`REVERSE_PROXY_INTERCEPT_ERRORS` |`yes` |multisite|no |Intercept and rewrite errors. |
|
||||
|`REVERSE_PROXY_HOST` | |multisite|yes |Full URL of the proxied resource (proxy_pass). |
|
||||
|`REVERSE_PROXY_URL` | |multisite|yes |Location URL that will be proxied. |
|
||||
|`REVERSE_PROXY_WS` |`no` |multisite|yes |Enable websocket on the proxied resource. |
|
||||
|`REVERSE_PROXY_HEADERS` | |multisite|yes |List of HTTP headers to send to proxied resource separated with semicolons (values for proxy_set_header directive). |
|
||||
|`REVERSE_PROXY_HEADERS_CLIENT` | |multisite|yes |List of HTTP headers to send to client separated with semicolons (values for add_header directive). |
|
||||
|`REVERSE_PROXY_BUFFERING` |`yes` |multisite|yes |Enable or disable buffering of responses from proxied resource. |
|
||||
|`REVERSE_PROXY_KEEPALIVE` |`no` |multisite|yes |Enable or disable keepalive connections with the proxied resource. |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST` | |multisite|yes |Enable authentication using an external provider (value of auth_request directive). |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL`| |multisite|yes |Redirect clients to sign-in URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401). |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST_SET` | |multisite|yes |List of variables to set from the authentication provider, separated with semicolons (values of auth_request_set directives).|
|
||||
|`USE_PROXY_CACHE` |`no` |multisite|no |Enable or disable caching of the proxied resources. |
|
||||
|`PROXY_CACHE_PATH_LEVELS` |`1:2` |global |no |Hierarchy levels of the cache. |
|
||||
|`PROXY_CACHE_PATH_ZONE_SIZE` |`10m` |global |no |Maximum size of cached metadata when caching proxied resources. |
|
||||
|`PROXY_CACHE_PATH_PARAMS` |`max_size=100m` |global |no |Additional parameters to add to the proxy_cache directive. |
|
||||
|`PROXY_CACHE_METHODS` |`GET HEAD` |multisite|no |HTTP methods that should trigger a cache operation. |
|
||||
|`PROXY_CACHE_MIN_USES` |`2` |multisite|no |The minimum number of requests before a response is cached. |
|
||||
|`PROXY_CACHE_KEY` |`$scheme$host$request_uri` |multisite|no |The key used to uniquely identify a cached response. |
|
||||
|`PROXY_CACHE_VALID` |`200=24h 301=1h 302=24h` |multisite|no |Define the caching time depending on the HTTP status code (list of status=time), separated with spaces. |
|
||||
|`PROXY_NO_CACHE` |`$http_pragma $http_authorization`|multisite|no |Conditions to disable caching of responses. |
|
||||
|`PROXY_CACHE_BYPASS` |`0` |multisite|no |Conditions to bypass caching of responses. |
|
||||
|`REVERSE_PROXY_CONNECT_TIMEOUT` |`60s` |multisite|yes |Timeout when connecting to the proxied resource. |
|
||||
|`REVERSE_PROXY_READ_TIMEOUT` |`60s` |multisite|yes |Timeout when reading from the proxied resource. |
|
||||
|`REVERSE_PROXY_SEND_TIMEOUT` |`60s` |multisite|yes |Timeout when sending to the proxied resource. |
|
||||
|`REVERSE_PROXY_INCLUDES` | |multisite|yes |Additional configuration to include in the location block, separated with spaces. |
|
||||
|
||||
### Reverse scan
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Scan clients ports to detect proxies or servers.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|----------------------|--------------------------|---------|--------|------------------------------------------------------------------|
|
||||
|`USE_REVERSE_SCAN` |`no` |multisite|no |Enable scanning of clients ports and deny access if one is opened.|
|
||||
|`REVERSE_SCAN_PORTS` |`22 80 443 3128 8000 8080`|multisite|no |List of port to scan when using reverse scan feature. |
|
||||
|`REVERSE_SCAN_TIMEOUT`|`500` |multisite|no |Specify the maximum timeout (in ms) when scanning a port. |
|
||||
|
||||
### Self-signed certificate
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Generate self-signed certificate.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|--------------------------|----------------------|---------|--------|-----------------------------------------|
|
||||
|`GENERATE_SELF_SIGNED_SSL`|`no` |multisite|no |Generate and use self-signed certificate.|
|
||||
|`SELF_SIGNED_SSL_EXPIRY` |`365` |multisite|no |Self-signed certificate expiry in days. |
|
||||
|`SELF_SIGNED_SSL_SUBJ` |`/CN=www.example.com/`|multisite|no |Self-signed certificate subject. |
|
||||
|
||||
### Sessions
|
||||
|
||||
STREAM support :white_check_mark:
|
||||
|
||||
Management of session used by other plugins.
|
||||
|
||||
| Setting |Default |Context|Multiple| Description |
|
||||
|---------------------------|--------|-------|--------|---------------------------------------------------------------------------------|
|
||||
|`SESSIONS_SECRET` |`random`|global |no |Secret used to encrypt sessions variables for storing data related to challenges.|
|
||||
|`SESSIONS_NAME` |`random`|global |no |Name of the cookie given to clients. |
|
||||
|`SESSIONS_IDLING_TIMEOUT` |`1800` |global |no |Maximum time (in seconds) of inactivity before the session is invalidated. |
|
||||
|`SESSIONS_ROLLING_TIMEOUT` |`3600` |global |no |Maximum time (in seconds) before a session must be renewed. |
|
||||
|`SESSIONS_ABSOLUTE_TIMEOUT`|`86400` |global |no |Maximum time (in seconds) before a session is destroyed. |
|
||||
|`SESSIONS_CHECK_IP` |`yes` |global |no |Destroy session if IP address is different than original one. |
|
||||
|`SESSIONS_CHECK_USER_AGENT`|`yes` |global |no |Destroy session if User-Agent is different than original one. |
|
||||
|
||||
### UI
|
||||
|
||||
STREAM support :x:
|
||||
|
||||
Integrate easily the BunkerWeb UI.
|
||||
|
||||
| Setting |Default| Context |Multiple| Description |
|
||||
|---------|-------|---------|--------|--------------------------------------------|
|
||||
|`USE_UI` |`no` |multisite|no |Use UI |
|
||||
|`UI_HOST`| |global |no |Address of the web UI used for initial setup|
|
||||
|
||||
### Whitelist
|
||||
|
||||
STREAM support :warning:
|
||||
|
||||
Allow access based on internal and external IP/network/rDNS/ASN whitelists.
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|----------------------------------------------------------------------------------|
|
||||
|`USE_WHITELIST` |`yes` |multisite|no |Activate whitelist feature. |
|
||||
|`WHITELIST_IP` |`20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247` |multisite|no |List of IP/network, separated with spaces, to put into the whitelist. |
|
||||
|`WHITELIST_IP_URLS` | |global |no |List of URLs, separated with spaces, containing good IP/network to whitelist. |
|
||||
|`WHITELIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS whitelist checks on global IP addresses. |
|
||||
|`WHITELIST_RDNS` |`.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com`|multisite|no |List of reverse DNS suffixes, separated with spaces, to whitelist. |
|
||||
|`WHITELIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.|
|
||||
|`WHITELIST_ASN` |`32934` |multisite|no |List of ASN numbers, separated with spaces, to whitelist. |
|
||||
|`WHITELIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to whitelist. |
|
||||
|`WHITELIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to whitelist. |
|
||||
|`WHITELIST_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing good User-Agent to whitelist. |
|
||||
|`WHITELIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to whitelist. |
|
||||
|`WHITELIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to whitelist. |
|
||||
|
||||
468
docs/troubleshooting.md
Normal file
468
docs/troubleshooting.md
Normal file
|
|
@ -0,0 +1,468 @@
|
|||
# Troubleshooting
|
||||
|
||||
!!! info "BunkerWeb Panel"
|
||||
If you are unable to resolve your problems, you can [contact us directly via our panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc). This centralises all requests relating to the BunkerWeb solution.
|
||||
|
||||
## Logs
|
||||
|
||||
When troubleshooting, logs are your best friends. We try our best to provide user-friendly logs to help you understand what's happening.
|
||||
|
||||
Please note that you can set `LOG_LEVEL` setting to `info` (default : `notice`) to increase the verbosity of BunkerWeb.
|
||||
|
||||
Here is how you can access the logs, depending on your integration :
|
||||
|
||||
=== "Docker"
|
||||
|
||||
!!! tip "List containers"
|
||||
To list the running containers, you can use the following command :
|
||||
```shell
|
||||
docker ps
|
||||
```
|
||||
|
||||
You can use the `docker logs` command (replace `mybunker` with the name of your container) :
|
||||
```shell
|
||||
docker logs mybunker
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (replace `mybunker` with the name of the services declared in the docker-compose.yml file) :
|
||||
```shell
|
||||
docker-compose logs mybunker
|
||||
```
|
||||
|
||||
=== "Docker autoconf"
|
||||
|
||||
!!! tip "List containers"
|
||||
To list the running containers, you can use the following command :
|
||||
```shell
|
||||
docker ps
|
||||
```
|
||||
|
||||
You can use the `docker logs` command (replace `mybunker` and `myautoconf` with the name of your containers) :
|
||||
```shell
|
||||
docker logs mybunker
|
||||
docker logs myautoconf
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (replace `mybunker` and `myautoconf` with the name of the services declared in the docker-compose.yml file) :
|
||||
```shell
|
||||
docker-compose logs mybunker
|
||||
docker-compose logs myautoconf
|
||||
```
|
||||
|
||||
=== "Swarm"
|
||||
|
||||
!!! tip "List services"
|
||||
To list the services, you can use the following command :
|
||||
```shell
|
||||
docker service ls
|
||||
```
|
||||
|
||||
You can use the `docker service logs` command (replace `mybunker` and `myautoconf` with the name of your services) :
|
||||
```shell
|
||||
docker service logs mybunker
|
||||
docker service logs myautoconf
|
||||
```
|
||||
|
||||
=== "Kubernetes"
|
||||
|
||||
!!! tip "List pods"
|
||||
To list the pods, you can use the following command :
|
||||
```shell
|
||||
kubectl get pods
|
||||
```
|
||||
You can use the `kubectl logs` command (replace `mybunker` and `myautoconf` with the name of your pods) :
|
||||
```shell
|
||||
kubectl logs mybunker
|
||||
kubectl logs myautoconf
|
||||
```
|
||||
|
||||
=== "Linux"
|
||||
|
||||
For errors related to BunkerWeb services (e.g. not starting), you can use `journalctl` :
|
||||
```shell
|
||||
journalctl -u bunkerweb --no-pager
|
||||
```
|
||||
|
||||
Common logs are located inside the `/var/log/bunkerweb` directory :
|
||||
```shell
|
||||
cat /var/log/bunkerweb/error.log
|
||||
cat /var/log/bunkerweb/access.log
|
||||
```
|
||||
|
||||
=== "Ansible"
|
||||
|
||||
For errors related to BunkerWeb services (e.g. not starting), you can use `journalctl` :
|
||||
```shell
|
||||
ansible -i inventory.yml all -a "journalctl -u bunkerweb --no-pager" --become
|
||||
```
|
||||
|
||||
Common logs are located inside the `/var/log/bunkerweb` directory :
|
||||
```shell
|
||||
ansible -i inventory.yml all -a "cat /var/log/bunkerweb/error.log" --become
|
||||
ansible -i inventory.yml all -a "cat /var/log/bunkerweb/access.log" --become
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
For errors related to BunkerWeb services (e.g. not starting), you can use `journalctl` :
|
||||
```shell
|
||||
journalctl -u bunkerweb --no-pager
|
||||
```
|
||||
|
||||
Common logs are located inside the `/var/log/bunkerweb` directory :
|
||||
```shell
|
||||
cat /var/log/bunkerweb/error.log
|
||||
cat /var/log/bunkerweb/access.log
|
||||
```
|
||||
|
||||
## Permissions
|
||||
|
||||
Don't forget that BunkerWeb runs as an unprivileged user for obvious security reasons. Double-check the permissions of files and folders used by BunkerWeb, especially if you use custom configurations (more info [here](quickstart-guide.md#custom-configurations)). You will need to set at least **RW** rights on files and **_RWX_** on folders.
|
||||
|
||||
## ModSecurity
|
||||
|
||||
The default BunkerWeb configuration of ModSecurity is to load the Core Rule Set in anomaly scoring mode with a paranoia level (PL) of 1 :
|
||||
|
||||
- Each matched rule will increase an anomaly score (so many rules can match a single request)
|
||||
- PL1 includes rules with fewer chances of false positives (but less security than PL4)
|
||||
- the default threshold for anomaly score is 5 for requests and 4 for responses
|
||||
|
||||
Let's take the following logs as an example of ModSecurity detection using default configuration (formatted for better readability) :
|
||||
|
||||
```log
|
||||
2022/04/26 12:01:10 [warn] 85#85: *11 ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `lfi-os-files.data' against variable `ARGS:id' (Value: `/etc/passwd' )
|
||||
[file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"]
|
||||
[line "78"]
|
||||
[id "930120"]
|
||||
[rev ""]
|
||||
[msg "OS File Access Attempt"]
|
||||
[data "Matched Data: etc/passwd found within ARGS:id: /etc/passwd"]
|
||||
[severity "2"]
|
||||
[ver "OWASP_CRS/3.3.2"]
|
||||
[maturity "0"]
|
||||
[accuracy "0"]
|
||||
[tag "application-multi"]
|
||||
[tag "language-multi"]
|
||||
[tag "platform-multi"]
|
||||
[tag "attack-lfi"]
|
||||
[tag "paranoia-level/1"]
|
||||
[tag "OWASP_CRS"]
|
||||
[tag "capec/1000/255/153/126"]
|
||||
[tag "PCI/6.5.4"]
|
||||
[hostname "172.17.0.2"]
|
||||
[uri "/"]
|
||||
[unique_id "165097447014.179282"]
|
||||
[ref "o1,10v9,11t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase"],
|
||||
client: 172.17.0.1, server: localhost, request: "GET /?id=/etc/passwd HTTP/1.1", host: "localhost"
|
||||
2022/04/26 12:01:10 [warn] 85#85: *11 ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `unix-shell.data' against variable `ARGS:id' (Value: `/etc/passwd' )
|
||||
[file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"]
|
||||
[line "480"]
|
||||
[id "932160"]
|
||||
[rev ""]
|
||||
[msg "Remote Command Execution: Unix Shell Code Found"]
|
||||
[data "Matched Data: etc/passwd found within ARGS:id: /etc/passwd"]
|
||||
[severity "2"]
|
||||
[ver "OWASP_CRS/3.3.2"]
|
||||
[maturity "0"]
|
||||
[accuracy "0"]
|
||||
[tag "application-multi"]
|
||||
[tag "language-shell"]
|
||||
[tag "platform-unix"]
|
||||
[tag "attack-rce"]
|
||||
[tag "paranoia-level/1"]
|
||||
[tag "OWASP_CRS"]
|
||||
[tag "capec/1000/152/248/88"]
|
||||
[tag "PCI/6.5.2"]
|
||||
[hostname "172.17.0.2"]
|
||||
[uri "/"]
|
||||
[unique_id "165097447014.179282"]
|
||||
[ref "o1,10v9,11t:urlDecodeUni,t:cmdLine,t:normalizePath,t:lowercase"],
|
||||
client: 172.17.0.1, server: localhost, request: "GET /?id=/etc/passwd HTTP/1.1", host: "localhost"
|
||||
2022/04/26 12:01:10 [error] 85#85: *11 [client 172.17.0.1] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `10' )
|
||||
[file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"]
|
||||
[line "80"]
|
||||
[id "949110"]
|
||||
[rev ""]
|
||||
[msg "Inbound Anomaly Score Exceeded (Total Score: 10)"]
|
||||
[data ""]
|
||||
[severity "2"]
|
||||
[ver "OWASP_CRS/3.3.2"]
|
||||
[maturity "0"]
|
||||
[accuracy "0"]
|
||||
[tag "application-multi"]
|
||||
[tag "language-multi"]
|
||||
[tag "platform-multi"]
|
||||
[tag "attack-generic"]
|
||||
[hostname "172.17.0.2"]
|
||||
[uri "/"]
|
||||
[unique_id "165097447014.179282"]
|
||||
[ref ""],
|
||||
client: 172.17.0.1, server: localhost, request: "GET /?id=/etc/passwd HTTP/1.1", host: "localhost"
|
||||
```
|
||||
|
||||
As we can see, there are 3 different logs :
|
||||
|
||||
1. Rule **930120** matched
|
||||
2. Rule **932160** matched
|
||||
3. Access denied (rule **949110**)
|
||||
|
||||
One important thing to understand is that rule **949110** is not a "real" one : it's the one that will deny the request because the anomaly threshold is reached (which is **10** in this example). You should never remove the **949110** rule !
|
||||
|
||||
If it's a false-positive, you should then focus on both **930120** and **932160** rules. ModSecurity and/or CRS tuning is out of the scope of this documentation but don't forget that you can apply custom configurations before and after the CRS is loaded (more info [here](quickstart-guide.md#custom-configurations)).
|
||||
|
||||
## Bad Behavior
|
||||
|
||||
A common false-positive case is when the client is banned because of the "bad behavior" feature which means that too many suspicious HTTP status codes were generated within a time period (more info [here](security-tuning.md#bad-behavior)). You should start by reviewing the settings and then edit them according to your web application(s) like removing a suspicious HTTP code, decreasing the count time, increasing the threshold, ...
|
||||
|
||||
## IP unban
|
||||
|
||||
You can manually unban an IP which can be useful when doing some tests but it needs the setting `USE_API` set to `yes` (which is not the default) so you can contact the internal API of BunkerWeb (replace `1.2.3.4` with the IP address to unban) :
|
||||
|
||||
=== "Docker"
|
||||
|
||||
You can use the `docker exec` command (replace `mybunker` with the name of your container) :
|
||||
```shell
|
||||
docker exec mybunker bwcli unban 1.2.3.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (replace `mybunker` with the name of the services declared in the docker-compose.yml file) :
|
||||
```shell
|
||||
docker-compose exec mybunker bwcli unban 1.2.3.4
|
||||
```
|
||||
|
||||
=== "Docker autoconf"
|
||||
|
||||
You can use the `docker exec` command (replace `myautoconf` with the name of your container) :
|
||||
```shell
|
||||
docker exec myautoconf bwcli unban 1.2.3.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (replace `myautoconf` with the name of the services declared in the docker-compose.yml file) :
|
||||
```shell
|
||||
docker-compose exec myautoconf bwcli unban 1.2.3.4
|
||||
```
|
||||
|
||||
=== "Swarm"
|
||||
|
||||
You can use the `docker exec` command (replace `myautoconf` with the name of your service) :
|
||||
```shell
|
||||
docker exec $(docker ps -q -f name=myautoconf) bwcli unban 1.2.3.4
|
||||
```
|
||||
|
||||
=== "Kubernetes"
|
||||
|
||||
You can use the `kubectl exec` command (replace `myautoconf` with the name of your pod) :
|
||||
```shell
|
||||
kubectl exec myautoconf bwcli unban 1.2.3.4
|
||||
```
|
||||
|
||||
=== "Linux"
|
||||
|
||||
You can use the `bwcli` command (as root) :
|
||||
```shell
|
||||
sudo bwcli unban 1.2.3.4
|
||||
```
|
||||
|
||||
=== "Ansible"
|
||||
|
||||
You can use the `bwcli` command :
|
||||
```shell
|
||||
ansible -i inventory.yml all -a "bwcli unban 1.2.3.4" --become
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
You can use the `bwcli` command (as root) :
|
||||
```shell
|
||||
sudo bwcli unban 1.2.3.4
|
||||
```
|
||||
|
||||
## Whitelisting
|
||||
|
||||
If you have bots that need to access your website, the recommended way to avoid any false positive is to whitelist them using the [whitelisting feature](security-tuning.md#blacklisting-and-whitelisting). We don't recommend using the `WHITELIST_URI*` or `WHITELIST_USER_AGENT*` settings unless they are set to secret and unpredictable values. Common use cases are :
|
||||
|
||||
- Healthcheck / status bot
|
||||
- Callback like IPN or webhook
|
||||
- Social media crawler
|
||||
|
||||
## Timezone
|
||||
|
||||
When using container-based integrations, the timezone of the container may not match the one of the host machine. To resolve that, you can set the `TZ` environment variable to the timezone of your choice on your containers (e.g. `TZ=Europe/Paris`). You will find the list of timezone identifiers [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List).
|
||||
|
||||
## Web UI
|
||||
|
||||
In case you lost your UI credentials or have 2FA issues, you can connect to the database to retrieve access.
|
||||
|
||||
**Access database**
|
||||
|
||||
=== "SQLite"
|
||||
|
||||
=== "Linux"
|
||||
|
||||
Install SQLite (Debian/Ubuntu) :
|
||||
|
||||
```shell
|
||||
sudo apt install sqlite3
|
||||
```
|
||||
|
||||
Install SQLite (Fedora/RedHat) :
|
||||
|
||||
```shell
|
||||
sudo dnf install sqlite
|
||||
```
|
||||
|
||||
=== "Docker"
|
||||
|
||||
Get a shell into your scheduler container :
|
||||
|
||||
!!! note "Docker arguments"
|
||||
- the `-u 0` option is to run the command as root (mandatory)
|
||||
- the `-it` options are to run the command interactively (mandatory)
|
||||
- `<bunkerweb_scheduler_container>` : the name or ID of your scheduler container
|
||||
|
||||
```shell
|
||||
docker exec -u 0 -it <bunkerweb_scheduler_container> bash
|
||||
```
|
||||
|
||||
Install SQLite :
|
||||
|
||||
```bash
|
||||
apk add sqlite
|
||||
```
|
||||
|
||||
Access your database :
|
||||
|
||||
!!! note "Database path"
|
||||
We assume that you are using the default database path. If you are using a custom path, you will need to adapt the command.
|
||||
|
||||
```bash
|
||||
sqlite3 /var/lib/bunkerweb/db.sqlite3
|
||||
```
|
||||
|
||||
You should see something like this :
|
||||
|
||||
```text
|
||||
SQLite version <VER> <DATE>
|
||||
Enter ".help" for usage hints.
|
||||
sqlite>
|
||||
```
|
||||
|
||||
=== "MariaDB / MySQL"
|
||||
|
||||
!!! note "MariaDB / MySQL only"
|
||||
The following steps are only valid for MariaDB / MySQL databases. If you are using another database, please refer to the documentation of your database.
|
||||
|
||||
!!! note "Credentials and database name"
|
||||
You will need to use the same credentials and database named used in the `DATABASE_URI` setting.
|
||||
|
||||
=== "Linux"
|
||||
|
||||
Access your local database :
|
||||
|
||||
```bash
|
||||
mysql -u <user> -p <database>
|
||||
```
|
||||
|
||||
Then enter your password of the database user and you should be able to access your database.
|
||||
|
||||
=== "Docker"
|
||||
|
||||
Access your database container :
|
||||
|
||||
!!! note "Docker arguments"
|
||||
- the `-u 0` option is to run the command as root (mandatory)
|
||||
- the `-it` options are to run the command interactively (mandatory)
|
||||
- `<bunkerweb_db_container>` : the name or ID of your database container
|
||||
- `<user>` : the database user
|
||||
- `<database>` : the database name
|
||||
|
||||
```shell
|
||||
docker exec -u 0 -it <bunkerweb_db_container> mysql -u <user> -p <database>
|
||||
```
|
||||
|
||||
Then enter your password of the database user and you should be able to access your database.
|
||||
|
||||
**Troubleshooting actions**
|
||||
|
||||
!!! info "Table schema"
|
||||
The schema of the `bw_ui_users` table is the following :
|
||||
|
||||
```sql
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT
|
||||
username VARCHAR(256) NOT NULL UNIQUE
|
||||
password VARCHAR(60) NOT NULL
|
||||
is_two_factor_enabled BOOLEAN NOT NULL DEFAULT 0
|
||||
secret_token VARCHAR(32) DEFAULT NULL
|
||||
method ("manual" or "ui") NOT NULL DEFAULT 'manual'
|
||||
```
|
||||
|
||||
=== "Retrieve username"
|
||||
|
||||
Execute the following command to extract data from the `bw_ui_users` table :
|
||||
|
||||
```sql
|
||||
SELECT * FROM bw_ui_users;
|
||||
```
|
||||
|
||||
You should see something like this :
|
||||
```text
|
||||
1|<username>|<password_hash>|1|<secret_totp_token>|(manual or ui)
|
||||
```
|
||||
|
||||
=== "Update password"
|
||||
|
||||
You first need to hash the new password using the bcrypt algorithm.
|
||||
|
||||
Install the Python bcrypt library :
|
||||
|
||||
```shell
|
||||
pip install bcrypt
|
||||
```
|
||||
|
||||
Generate your hash (replace `mypassword` with your own password) :
|
||||
|
||||
```shell
|
||||
python -c 'from bcrypt import hashpw, gensalt ; print(hashpw("mypassword".encode("utf-8"), gensalt(rounds=13)).decode())'
|
||||
```
|
||||
|
||||
You can update your username / password executing this command :
|
||||
|
||||
```sql
|
||||
UPDATE bw_ui_users SET username = <username>, password = <password_hash> WHERE id = 1;
|
||||
```
|
||||
|
||||
If you check again your `bw_ui_users` table following this command :
|
||||
|
||||
```sql
|
||||
SELECT * FROM bw_ui_users;
|
||||
```
|
||||
|
||||
You should see something like this :
|
||||
|
||||
```text
|
||||
1|<username>|<password_hash>|0||(manual or ui)
|
||||
```
|
||||
|
||||
You should now be able to use the new credentials to log into the web UI.
|
||||
|
||||
=== "Disable 2FA authentication"
|
||||
|
||||
You can deactivate 2FA by executing this command :
|
||||
|
||||
```sql
|
||||
UPDATE bw_ui_users SET is_two_factor_enabled = 0, secret_token = NULL WHERE id = 1;
|
||||
```
|
||||
|
||||
If you check again your `bw_ui_users` table by following this command :
|
||||
|
||||
```sql
|
||||
SELECT * FROM bw_ui_users;
|
||||
```
|
||||
|
||||
You should see something like this :
|
||||
|
||||
```text
|
||||
1|<username>|<password_hash>|0||(manual or ui)
|
||||
```
|
||||
|
||||
You should now be able to log into the web UI only using your username and password.
|
||||
1705
docs/web-ui.md
Normal file
1705
docs/web-ui.md
Normal file
File diff suppressed because it is too large
Load diff
78
examples/authelia/authelia/configuration.yml
Normal file
78
examples/authelia/authelia/configuration.yml
Normal file
|
|
@ -0,0 +1,78 @@
|
|||
---
|
||||
###############################################################
|
||||
# Authelia configuration #
|
||||
###############################################################
|
||||
|
||||
jwt_secret: a_very_important_secret
|
||||
default_redirection_url: https://auth.example.com
|
||||
|
||||
ntp:
|
||||
disable_failure: true
|
||||
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
|
||||
log:
|
||||
level: debug
|
||||
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
|
||||
|
||||
totp:
|
||||
issuer: authelia.com
|
||||
|
||||
# duo_api:
|
||||
# hostname: api-123456789.example.com
|
||||
# integration_key: ABCDEF
|
||||
# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
|
||||
# secret_key: 1234567890abcdefghifjkl
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users_database.yml
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
rules:
|
||||
# Rules applied to everyone
|
||||
- domain: auth.example.com
|
||||
policy: bypass
|
||||
- domain: app1.example.com
|
||||
policy: one_factor
|
||||
- domain: app2.example.com
|
||||
policy: two_factor
|
||||
|
||||
session:
|
||||
name: authelia_session
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
|
||||
secret: unsecure_session_secret
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
domain: example.com # Should match whatever your root protected domain is
|
||||
|
||||
redis:
|
||||
host: redis
|
||||
port: 6379
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
|
||||
# password: authelia
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 120
|
||||
ban_time: 300
|
||||
|
||||
storage:
|
||||
encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
|
||||
local:
|
||||
path: /config/db.sqlite3
|
||||
|
||||
notifier:
|
||||
filesystem:
|
||||
filename: /config/notification.txt
|
||||
#notifier:
|
||||
# smtp:
|
||||
# username: test
|
||||
# This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
|
||||
# password: password
|
||||
# host: mail.example.com
|
||||
# port: 25
|
||||
# sender: admin@example.com
|
||||
17
examples/authelia/authelia/users_database.yml
Normal file
17
examples/authelia/authelia/users_database.yml
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
###############################################################
|
||||
# Users Database #
|
||||
###############################################################
|
||||
|
||||
# This file can be used if you do not have an LDAP set up.
|
||||
|
||||
# List of users
|
||||
users:
|
||||
authelia:
|
||||
displayname: "Authelia User"
|
||||
# Password is authelia
|
||||
password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # yamllint disable-line rule:line-length
|
||||
email: authelia@authelia.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
81
examples/authelia/autoconf.yml
Normal file
81
examples/authelia/autoconf.yml
Normal file
|
|
@ -0,0 +1,81 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
# APPLICATIONS
|
||||
app1:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- app1
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=app1.example.com
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://app1
|
||||
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
|
||||
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
||||
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
||||
- bunkerweb.REVERSE_PROXY_URL_999=/authelia
|
||||
- bunkerweb.REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
|
||||
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- app2
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=app2.example.com
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://app2
|
||||
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
|
||||
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
||||
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
||||
- bunkerweb.REVERSE_PROXY_URL_999=/authelia
|
||||
- bunkerweb.REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
|
||||
|
||||
# AUTHELIA
|
||||
authelia:
|
||||
image: authelia/authelia:4
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- authelia
|
||||
volumes:
|
||||
- ./authelia:/config
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
disable: true
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=auth.example.com
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://authelia:9091
|
||||
- bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
|
||||
redis:
|
||||
image: redis:7-alpine
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- redis
|
||||
volumes:
|
||||
- ./redis:/data
|
||||
expose:
|
||||
- 6379
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
external: true
|
||||
name: bw-services
|
||||
116
examples/authelia/docker-compose.yml
Normal file
116
examples/authelia/docker-compose.yml
Normal file
|
|
@ -0,0 +1,116 @@
|
|||
version: "3.4"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.5.5
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE=yes"
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
environment:
|
||||
- MULTISITE=yes
|
||||
- SERVER_NAME=auth.example.com app1.example.com app2.example.com # replace with your domains
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
# Proxy to auth_request URI
|
||||
- REVERSE_PROXY_URL_999=/authelia
|
||||
- REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
|
||||
- REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
|
||||
# Authelia
|
||||
- auth.example.com_REVERSE_PROXY_URL=/
|
||||
- auth.example.com_REVERSE_PROXY_HOST=http://authelia:9091
|
||||
- auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
# Applications
|
||||
- app1.example.com_REVERSE_PROXY_URL=/
|
||||
- app1.example.com_REVERSE_PROXY_HOST=http://app1
|
||||
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
|
||||
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
||||
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
||||
- app1.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
||||
- app2.example.com_REVERSE_PROXY_URL=/
|
||||
- app2.example.com_REVERSE_PROXY_HOST=http://app2
|
||||
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
|
||||
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
||||
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
||||
- app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.5
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://bw-docker-proxy:2375
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
|
||||
bw-docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy:nightly
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
- LOG_LEVEL=warning
|
||||
networks:
|
||||
- bw-docker
|
||||
|
||||
# APPLICATIONS
|
||||
app1:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- bw-services
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
# AUTHELIA
|
||||
authelia:
|
||||
image: authelia/authelia:4
|
||||
container_name: authelia
|
||||
networks:
|
||||
- bw-services
|
||||
volumes:
|
||||
- ./authelia:/config
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
disable: true
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
|
||||
redis:
|
||||
image: redis:7-alpine
|
||||
container_name: redis
|
||||
networks:
|
||||
- bw-services
|
||||
volumes:
|
||||
- ./redis:/data
|
||||
expose:
|
||||
- 6379
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
name: bw-universe
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
bw-docker:
|
||||
303
examples/authelia/kubernetes.yml
Normal file
303
examples/authelia/kubernetes.yml
Normal file
|
|
@ -0,0 +1,303 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress
|
||||
annotations:
|
||||
bunkerweb.io/AUTO_LETS_ENCRYPT: "yes"
|
||||
bunkerweb.io/app1.example.com_REVERSE_PROXY_AUTH_REQUEST: "/authelia"
|
||||
bunkerweb.io/app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL: "https://auth.example.com/?rd=$scheme%3A%2F%2F$host$request_uri"
|
||||
bunkerweb.io/app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET: "$user $upstream_http_remote_user;$groups $upstream_http_remote_groups;$name $upstream_http_remote_name;$email $upstream_http_remote_email"
|
||||
bunkerweb.io/app1.example.com_REVERSE_PROXY_HEADERS: "Remote-User $user;Remote-Groups $groups;Remote-Name $name;Remote-Email $email"
|
||||
bunkerweb.io/app1.example.com_REVERSE_PROXY_URL_999: "/authelia"
|
||||
bunkerweb.io/app1.example.com_REVERSE_PROXY_HOST_999: "http://authelia:9091/api/verify"
|
||||
bunkerweb.io/app1.example.com_REVERSE_PROXY_HEADERS_999: "X-Original-URL $scheme://$http_host$request_uri;Content-Length ''"
|
||||
bunkerweb.io/app2.example.com_REVERSE_PROXY_AUTH_REQUEST: "/authelia"
|
||||
bunkerweb.io/app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL: "https://auth.example.com/?rd=$scheme%3A%2F%2F$host$request_uri"
|
||||
bunkerweb.io/app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET: "$user $upstream_http_remote_user;$groups $upstream_http_remote_groups;$name $upstream_http_remote_name;$email $upstream_http_remote_email"
|
||||
bunkerweb.io/app2.example.com_REVERSE_PROXY_HEADERS: "Remote-User $user;Remote-Groups $groups;Remote-Name $name;Remote-Email $email"
|
||||
bunkerweb.io/app2.example.com_REVERSE_PROXY_URL_999: "/authelia"
|
||||
bunkerweb.io/app2.example.com_REVERSE_PROXY_HOST_999: "http://authelia:9091/api/verify"
|
||||
bunkerweb.io/app2.example.com_REVERSE_PROXY_HEADERS_999: "X-Original-URL $scheme://$http_host$request_uri;Content-Length ''"
|
||||
bunkerweb.io/auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS: "no"
|
||||
spec:
|
||||
rules:
|
||||
- host: app1.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: svc-app1
|
||||
port:
|
||||
number: 80
|
||||
- host: app2.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: svc-app2
|
||||
port:
|
||||
number: 80
|
||||
- host: auth.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: svc-authelia
|
||||
port:
|
||||
number: 9091
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: app1
|
||||
labels:
|
||||
app: app1
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: app1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: app1
|
||||
spec:
|
||||
containers:
|
||||
- name: app1
|
||||
image: tutum/hello-world
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-app1
|
||||
spec:
|
||||
selector:
|
||||
app: app1
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: app2
|
||||
labels:
|
||||
app: app2
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: app2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: app2
|
||||
spec:
|
||||
containers:
|
||||
- name: app2
|
||||
image: tutum/hello-world
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-app2
|
||||
spec:
|
||||
selector:
|
||||
app: app2
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: cfg-authelia
|
||||
data:
|
||||
configuration.yml: |
|
||||
---
|
||||
###############################################################
|
||||
# Authelia configuration #
|
||||
###############################################################
|
||||
|
||||
jwt_secret: a_very_important_secret
|
||||
default_redirection_url: https://auth.example.com
|
||||
|
||||
ntp:
|
||||
disable_failure: true
|
||||
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
|
||||
log:
|
||||
level: debug
|
||||
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
|
||||
|
||||
totp:
|
||||
issuer: authelia.com
|
||||
|
||||
# duo_api:
|
||||
# hostname: api-123456789.example.com
|
||||
# integration_key: ABCDEF
|
||||
# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
|
||||
# secret_key: 1234567890abcdefghifjkl
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users_database.yml
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
rules:
|
||||
# Rules applied to everyone
|
||||
- domain: auth.example.com
|
||||
policy: bypass
|
||||
- domain: app1.example.com
|
||||
policy: one_factor
|
||||
- domain: app2.example.com
|
||||
policy: two_factor
|
||||
|
||||
session:
|
||||
name: authelia_session
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
|
||||
secret: unsecure_session_secret
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
domain: example.com # Should match whatever your root protected domain is
|
||||
|
||||
redis:
|
||||
host: svc-redis
|
||||
port: 6379
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
|
||||
# password: authelia
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 120
|
||||
ban_time: 300
|
||||
|
||||
storage:
|
||||
encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
|
||||
local:
|
||||
path: /config/db.sqlite3
|
||||
|
||||
notifier:
|
||||
filesystem:
|
||||
filename: /config/notification.txt
|
||||
#notifier:
|
||||
# smtp:
|
||||
# username: test
|
||||
# This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
|
||||
# password: password
|
||||
# host: mail.example.com
|
||||
# port: 25
|
||||
# sender: admin@example.com
|
||||
...
|
||||
users_database.yml: |
|
||||
---
|
||||
###############################################################
|
||||
# Users Database #
|
||||
###############################################################
|
||||
|
||||
# This file can be used if you do not have an LDAP set up.
|
||||
|
||||
# List of users
|
||||
users:
|
||||
authelia:
|
||||
displayname: "Authelia User"
|
||||
# Password is authelia
|
||||
password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # yamllint disable-line rule:line-length
|
||||
email: authelia@authelia.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
...
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: authelia
|
||||
labels:
|
||||
app: authelia
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: authelia
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: authelia
|
||||
spec:
|
||||
containers:
|
||||
- name: authelia
|
||||
image: authelia/authelia
|
||||
env:
|
||||
- name: TZ
|
||||
value: "Europe/Paris"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config/configuration.yml
|
||||
subPath: configuration.yml
|
||||
- name: config
|
||||
mountPath: /config/users_database.yml
|
||||
subPath: users_database.yml
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: cfg-authelia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-authelia
|
||||
spec:
|
||||
selector:
|
||||
app: authelia
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9091
|
||||
targetPort: 9091
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: redis
|
||||
labels:
|
||||
app: redis
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: redis
|
||||
spec:
|
||||
containers:
|
||||
- name: redis
|
||||
image: redis:alpine
|
||||
env:
|
||||
- name: TZ
|
||||
value: "Europe/Paris"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-redis
|
||||
spec:
|
||||
selector:
|
||||
app: redis
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
19
examples/authelia/setup-linux.sh
Executable file
19
examples/authelia/setup-linux.sh
Executable file
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ "$(id -u)" -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
curl https://github.com/authelia/authelia/releases/download/v4.36.2/authelia-v4.36.2-linux-amd64.tar.gz -Lo /tmp/authelia.tar.gz
|
||||
tar -xzf /tmp/authelia.tar.gz -C /tmp
|
||||
mv /tmp/authelia-linux-amd64 /usr/bin/authelia
|
||||
mv /tmp/authelia.service /etc/systemd/system
|
||||
mkdir /etc/authelia
|
||||
cp ./authelia/* /etc/authelia
|
||||
sed -i "s@/config/@/etc/authelia/@g" /etc/authelia/configuration.yml
|
||||
sed -i "s@redis:@@g" /etc/authelia/configuration.yml
|
||||
sed -i "s@host: redis@@g" /etc/authelia/configuration.yml
|
||||
sed -i "s@port: 6379@@g" /etc/authelia/configuration.yml
|
||||
systemctl daemon-reload
|
||||
systemctl start authelia
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue