Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #616 from bunkerity/dev

Browse source 
Merge branch "dev" into branch "ui"
This commit is contained in:
Théophile Diot 2023-09-05 11:55:26 +02:00 committed by GitHub
commit 4cff39f490
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
232 changed files with 1202 additions and 918 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/beta.yml vendored
View file

@ -132,7 +132,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
@ -177,7 +177,7 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
linux: [ubuntu, debian, fedora, rhel]
arch: [amd64, arm64]
include:
- release: beta

38
.github/workflows/container-build.yml vendored
View file

@ -32,10 +32,6 @@ on:
required: true
DOCKER_TOKEN:
required: true
PRIVATE_REGISTRY:
required: false
PRIVATE_REGISTRY_TOKEN:
required: false
ARM_SSH_KEY:
required: false
ARM_SSH_IP:
@ -49,7 +45,10 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Replace VERSION
if: inputs.RELEASE == 'testing'
run: ./misc/update-version.sh testing
- name: Setup SSH for ARM node
if: inputs.CACHE_SUFFIX == 'arm'
run: |
@ -75,36 +74,44 @@ jobs:
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to private repository
- name: Login to ghcr
if: inputs.PUSH == true
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Compute metadata
- name: Extract metadata
id: meta
uses: docker/metadata-action@v4
with:
images: bunkerity/${{ inputs.IMAGE }}
# Build cached image
- name: Build image
if: inputs.CACHE == true
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
context: .
file: ${{ inputs.DOCKERFILE }}
platforms: ${{ inputs.ARCH }}
load: true
tags: local/${{ inputs.IMAGE }}
cache-from: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }}
cache-to: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }},mode=min
cache-from: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }}
cache-to: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }},mode=min
labels: ${{ steps.meta.outputs.labels }}
# Build non-cached image
- name: Build image
if: inputs.CACHE != true
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
context: .
file: ${{ inputs.DOCKERFILE }}
platforms: ${{ inputs.ARCH }}
load: ${{ inputs.CACHE_SUFFIX != 'arm' }}
tags: local/${{ inputs.IMAGE }}
cache-to: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }}-${{ inputs.CACHE_SUFFIX }},mode=min
cache-to: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }}-${{ inputs.CACHE_SUFFIX }},mode=min
labels: ${{ steps.meta.outputs.labels }}
# Check OS vulnerabilities
- name: Check OS vulnerabilities
if: ${{ inputs.CACHE_SUFFIX != 'arm' }}
@ -121,6 +128,7 @@ jobs:
# Push image
- name: Push image
if: inputs.PUSH == true
run: docker tag local/${{ inputs.IMAGE }} ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:$TAG && docker push ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:$TAG
run: docker tag local/$IMAGE ghcr.io/bunkerity/$IMAGE-tests:$TAG && docker push ghcr.io/bunkerity/$IMAGE-tests:$TAG
env:
IMAGE: "${{ inputs.IMAGE }}"
TAG: "${{ inputs.RELEASE }}"

4
.github/workflows/create-arm.yml vendored
View file

@ -34,10 +34,10 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Create ARM VM
id: scw
uses: scaleway/action-scw@bbcfd65cd2af73456ce439088e0d42c1657c4c38
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
with:
args: instance server create zone=fr-par-2 type=AMP2-C48 root-volume=block:50GB
save-config: true

2
.github/workflows/dev-update-mmdb.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}

50
.github/workflows/dev.yml vendored
View file

@ -9,6 +9,9 @@ on:
jobs:
# Containers
build-containers:
permissions:
contents: read
packages: write
strategy:
matrix:
image: [bunkerweb, scheduler, autoconf, ui]
@ -31,8 +34,6 @@ jobs:
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# Python code security
code-security:
@ -47,7 +48,7 @@ jobs:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
@ -64,9 +65,6 @@ jobs:
uses: ./.github/workflows/tests-ui.yml
with:
RELEASE: dev
secrets:
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# Core tests
prepare-tests-core:
@ -74,7 +72,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -91,31 +89,43 @@ jobs:
with:
TEST: ${{ matrix.test }}
RELEASE: dev
secrets:
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# Push with dev tag
push-dev:
needs: [tests-core]
needs: [tests-ui, tests-core]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to private repository
- name: Login to ghcr
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push BW image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:dev bunkerity/bunkerweb:dev && docker push bunkerity/bunkerweb:dev
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
env:
FROM: "bunkerweb"
TO: "bunkerweb"
- name: Push scheduler image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:dev bunkerity/bunkerweb-scheduler:dev && docker push bunkerity/bunkerweb-scheduler:dev
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
env:
FROM: "scheduler"
TO: "bunkerweb-scheduler"
- name: Push UI image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:dev bunkerity/bunkerweb-ui:dev && docker push bunkerity/bunkerweb-ui:dev
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
env:
FROM: "ui"
TO: "bunkerweb-ui"
- name: Push autoconf image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:dev bunkerity/bunkerweb-autoconf:dev && docker push bunkerity/bunkerweb-autoconf:dev
run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
env:
FROM: "autoconf"
TO: "bunkerweb-autoconf"

2
.github/workflows/doc-to-pdf.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v4
with:

44
.github/workflows/linux-build.yml vendored
View file

@ -24,10 +24,6 @@ on:
required: true
DOCKER_TOKEN:
required: true
PRIVATE_REGISTRY:
required: true
PRIVATE_REGISTRY_TOKEN:
required: true
ARM_SSH_KEY:
required: false
ARM_SSH_IP:
@ -41,7 +37,10 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Replace VERSION
if: inputs.RELEASE == 'testing'
run: ./misc/update-version.sh testing
- name: Extract arch
run : |
echo "ARCH=${{ env.PLATFORMS }}" | sed 's/linux//g' | sed 's@/@@g' >> "$GITHUB_ENV"
@ -84,28 +83,28 @@ jobs:
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to private repository
- name: Login to ghcr
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# Build staging package image
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Build testing package image
- name: Build package image
if: inputs.RELEASE == 'staging'
uses: docker/build-push-action@v3
if: inputs.RELEASE == 'testing'
uses: docker/build-push-action@v4
with:
context: .
load: true
file: src/linux/Dockerfile-${{ inputs.LINUX }}
platforms: ${{ inputs.PLATFORMS }}
tags: local/bunkerweb-${{ inputs.LINUX }}:latest
cache-from: type=registry,ref=bunkerity/cache:${{ inputs.LINUX }}-staging
cache-to: type=registry,ref=bunkerity/cache:${{ inputs.LINUX }}-staging,mode=min
# Build non-staging package image
cache-from: type=gha,scope=${{ inputs.LINUX }}-testing
cache-to: type=gha,scope=${{ inputs.LINUX }}-testing,mode=min
# Build non-testing package image
- name: Build package image
if: inputs.RELEASE != 'staging'
uses: docker/build-push-action@v3
if: inputs.RELEASE != 'testing'
uses: docker/build-push-action@v4
with:
context: .
load: true
@ -133,12 +132,19 @@ jobs:
name: package-${{ inputs.LINUX }}-${{ env.LARCH }}
path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
# Build test image
- name: Extract metadata
if: inputs.TEST == true
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
- name: Build test image
if: inputs.TEST == true
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
context: .
file: tests/linux/Dockerfile-${{ inputs.LINUX }}
platforms: ${{ inputs.PLATFORMS }}
push: true
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
tags: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
labels: ${{ steps.meta.outputs.labels }}

5
.github/workflows/push-doc.yml vendored
View file

@ -18,10 +18,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}
- name: Replace VERSION
if: inputs.VERSION == 'testing'
run: ./misc/update-version.sh testing
- name: Setup git user
run: |
git config --global user.name "BunkerBot"

4
.github/workflows/push-docker.yml vendored
View file

@ -30,7 +30,7 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
@ -53,7 +53,7 @@ jobs:
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
# Build and push
- name: Build and push
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
context: .
file: ${{ inputs.DOCKERFILE }}

45
.github/workflows/push-github.yml vendored
View file

@ -15,21 +15,32 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checkout
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# Get PDF doc
- name: Get documentation
if: inputs.VERSION != 'testing'
uses: actions/download-artifact@v3
with:
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
# Create tag
- uses: rickstaa/action-create-tag@v1
name: Create tag
if: inputs.VERSION != 'testing'
with:
tag: "v${{ inputs.VERSION }}"
message: "v${{ inputs.VERSION }}"
force_push_tag: true
# Create tag
- uses: rickstaa/action-create-tag@v1
name: Create tag
if: inputs.VERSION == 'testing'
with:
tag: "${{ inputs.VERSION }}"
message: "${{ inputs.VERSION }}"
force_push_tag: true
# Extract changelog
- name: Extract changelog
if: inputs.VERSION != 'testing'
id: getchangelog
run: |
content=$(awk -v n=2 '/##/{n--}; n > 0' CHANGELOG.md | grep -v '# Changelog' | grep -v '##' | sed '/^$/d')
@ -39,16 +50,17 @@ jobs:
echo "::set-output name=content::$content"
# Create release
- name: Create release
if: inputs.VERSION != 'testing'
uses: softprops/action-gh-release@v1
with:
body: |
Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
Docker tags :
- `bunkerity/bunkerweb:${{ inputs.VERSION }}`
- `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
- `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
- `bunkerity/bunkerweb-ui:${{ inputs.VERSION }}`
- BunkerWeb : `bunkerity/bunkerweb:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb:${{ inputs.VERSION }}`
- Scheduler : `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
- Autoconf : `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
- UI : `bunkerity/bunkerweb-ui:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-ui:${{ inputs.VERSION }}`
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=${{ inputs.VERSION }}&filter=all&dist=
@ -60,4 +72,27 @@ jobs:
tag_name: v${{ inputs.VERSION }}
discussion_category_name: Announcements
files: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
# Create release
- name: Create release
if: inputs.VERSION == 'testing'
uses: softprops/action-gh-release@v1
with:
body: |
**The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.**
Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
Docker tags :
- BunkerWeb : `bunkerity/bunkerweb:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb:${{ inputs.VERSION }}`
- Scheduler : `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
- Autoconf : `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
- UI : `bunkerity/bunkerweb-ui:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-ui:${{ inputs.VERSION }}`
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=${{ inputs.VERSION }}&filter=all&dist=
Please note that when using Linux Debian or Ubuntu integration, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing the testing version of BunkerWeb.
draft: false
prerelease: ${{ inputs.PRERELEASE }}
name: Testing
tag_name: ${{ inputs.VERSION }}

6
.github/workflows/push-packagecloud.yml vendored
View file

@ -40,7 +40,7 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install ruby
uses: ruby/setup-ruby@v1
with:
@ -64,6 +64,10 @@ jobs:
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
# Update name
# - name: Rename package
# if: inputs.BW_VERSION == 'testing'
# run: sudo apt install -y rename && rename 's/[0-9]\.[0-9]\.[0-9]/testing/' /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
# Push package
- name: Push package to packagecloud
uses: danielmundi/upload-packagecloud@v1

4
.github/workflows/release.yml vendored
View file

@ -132,7 +132,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
@ -177,7 +177,7 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
linux: [ubuntu, debian, fedora, rhel]
arch: [amd64, arm64]
include:
- release: latest

4
.github/workflows/rm-arm.yml vendored
View file

@ -21,9 +21,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Delete ARM VM
uses: scaleway/action-scw@bbcfd65cd2af73456ce439088e0d42c1657c4c38
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
with:
args: instance server delete ${{ secrets.ARM_ID }} zone=fr-par-2 with-ip=true with-volumes=all force-shutdown=true
version: v2.13.0

19
.github/workflows/staging-create-infra.yml vendored
View file

@ -9,6 +9,10 @@ on:
secrets:
CICD_SECRETS:
required: true
SECRET_KEY:
required: true
K8S_IP:
required: true
jobs:
create:
@ -19,7 +23,7 @@ jobs:
run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config
if: inputs.TYPE != 'k8s'
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install terraform
uses: hashicorp/setup-terraform@v2
- name: Install kubectl
@ -35,16 +39,23 @@ jobs:
run: pip install ansible
if: inputs.TYPE != 'k8s'
- name: Install ansible libs
run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner && ansible-galaxy collection install --timeout 120 community.general
run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner,1.18.1 && ansible-galaxy collection install --timeout 120 community.general
if: inputs.TYPE != 'k8s'
# Create infra
- run: ./tests/create.sh ${{ inputs.TYPE }}
env:
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
- run: tar -cvf terraform.tar /tmp/${{ inputs.TYPE }}
K8S_IP: ${{ secrets.K8S_IP }}
- run: |
tar -cf terraform.tar /tmp/${{ inputs.TYPE }}
echo "$SECRET_KEY" > /tmp/.secret_key
openssl enc -in terraform.tar -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out terraform.tar.enc
rm -f /tmp/.secret_key
if: always()
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
- uses: actions/upload-artifact@v3
if: always()
with:
name: tf-${{ inputs.TYPE }}
path: terraform.tar
path: terraform.tar.enc

13
.github/workflows/staging-delete-infra.yml vendored
View file

@ -9,22 +9,31 @@ on:
secrets:
CICD_SECRETS:
required: true
SECRET_KEY:
required: true
jobs:
delete:
if: ${{ always() }}
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install terraform
uses: hashicorp/setup-terraform@v2
- uses: actions/download-artifact@v3
with:
name: tf-${{ inputs.TYPE }}
path: /tmp
- run: tar xvf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub
- run: |
echo "$SECRET_KEY" > /tmp/.secret_key
openssl enc -d -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
rm -f /tmp/.secret_key
tar xf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
- uses: azure/setup-kubectl@v3
if: inputs.TYPE == 'k8s'
# Remove infra

56
.github/workflows/staging-tests.yml vendored
View file

@ -25,21 +25,18 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
- name: Login to private repository
uses: actions/checkout@v4
- name: Login to ghcr
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
- name: Pull BW image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:staging local/bunkerweb-tests:latest
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- run: docker pull ghcr.io/bunkerity/bunkerweb-tests:testing && docker tag ghcr.io/bunkerity/bunkerweb-tests:testing local/bunkerweb-tests:latest
if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
- name: Pull Scheduler image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:staging local/scheduler-tests:latest
- run: docker pull ghcr.io/bunkerity/scheduler-tests:testing && docker tag ghcr.io/bunkerity/scheduler-tests:testing local/scheduler-tests:latest
if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
- name: Pull Autoconf image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:staging local/autoconf-tests:latest
- run: docker pull ghcr.io/bunkerity/autoconf-tests:testing && docker tag ghcr.io/bunkerity/autoconf-tests:testing local/autoconf-tests:latest
if: contains(fromJSON('["autoconf", "swarm"]'), inputs.TYPE)
- name: Push images to local repo
run: docker tag local/bunkerweb-tests:latest 192.168.42.100:5000/bunkerweb-tests:latest && docker push 192.168.42.100:5000/bunkerweb-tests:latest && docker tag local/scheduler-tests:latest 192.168.42.100:5000/scheduler-tests:latest && docker push 192.168.42.100:5000/scheduler-tests:latest && docker tag local/autoconf-tests:latest 192.168.42.100:5000/autoconf-tests:latest && docker push 192.168.42.100:5000/autoconf-tests:latest
@ -51,7 +48,23 @@ jobs:
name: tf-k8s
path: /tmp
if: inputs.TYPE == 'k8s'
- run: tar xvf /tmp/terraform.tar -C /
- run: |
echo "$SECRET_KEY" > /tmp/.secret_key
openssl enc -d -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
rm -f /tmp/.secret_key
tar xf /tmp/terraform.tar -C /
mkdir /tmp/reg
cp tests/terraform/k8s-reg.tf /tmp/reg
cp tests/terraform/providers.tf /tmp/reg
cd /tmp/reg
export TF_VAR_k8s_reg_user=${REG_USER}
export TF_VAR_k8s_reg_token=${REG_TOKEN}
terraform init
terraform apply -auto-approve
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
REG_USER: ${{ github.actor }}
REG_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: inputs.TYPE == 'k8s'
- uses: azure/setup-kubectl@v3
if: inputs.TYPE == 'k8s'
@ -59,19 +72,16 @@ jobs:
if: inputs.TYPE == 'k8s'
- name: Pull BW linux ubuntu test image
if: inputs.TYPE == 'linux'
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ubuntu-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ubuntu-tests:staging local/ubuntu:latest
run: docker pull ghcr.io/bunkerity/ubuntu-tests:testing && docker tag ghcr.io/bunkerity/ubuntu-tests:testing local/ubuntu:latest
- name: Pull BW linux debian test image
if: inputs.TYPE == 'linux'
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/debian-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/debian-tests:staging local/debian:latest
# - name: Pull BW linux centos test image
# if: inputs.TYPE == 'linux'
# run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/centos-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/centos-tests:staging local/centos:latest
run: docker pull ghcr.io/bunkerity/debian-tests:testing && docker tag ghcr.io/bunkerity/debian-tests:testing local/debian:latest
- name: Pull BW linux fedora test image
if: inputs.TYPE == 'linux'
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/fedora-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/fedora-tests:staging local/fedora:latest
run: docker pull ghcr.io/bunkerity/fedora-tests:testing && docker tag ghcr.io/bunkerity/fedora-tests:testing local/fedora:latest
- name: Pull BW linux rhel test image
if: inputs.TYPE == 'linux'
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/rhel-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/rhel-tests:staging local/rhel:latest
run: docker pull ghcr.io/bunkerity/rhel-tests:testing && docker tag ghcr.io/bunkerity/rhel-tests:testing local/rhel:latest
# Do tests
- name: Run tests
if: inputs.TYPE == 'docker'
@ -99,7 +109,7 @@ jobs:
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
KUBECONFIG: "/tmp/k8s/kubeconfig"
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
IMAGE_TAG: "staging"
IMAGE_TAG: "testing"
- name: Run Linux ubuntu tests
if: inputs.TYPE == 'linux'
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu"
@ -112,12 +122,6 @@ jobs:
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
# - name: Run Linux centos tests
# if: inputs.TYPE == 'linux'
# run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "centos"
# env:
# TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
# ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
- name: Run Linux fedora tests
if: inputs.TYPE == 'linux'
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "fedora"

140
.github/workflows/staging.yml vendored
View file

@ -10,6 +10,9 @@ jobs:
# Build Docker images
build-containers:
permissions:
contents: read
packages: write
strategy:
matrix:
image: [bunkerweb, scheduler, autoconf, ui]
@ -24,7 +27,7 @@ jobs:
dockerfile: src/ui/Dockerfile
uses: ./.github/workflows/container-build.yml
with:
RELEASE: staging
RELEASE: testing
ARCH: linux/amd64
CACHE: true
PUSH: true
@ -33,11 +36,12 @@ jobs:
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# Build Linux packages
build-packages:
permissions:
contents: read
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
@ -52,7 +56,7 @@ jobs:
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: staging
RELEASE: testing
LINUX: ${{ matrix.linux }}
PACKAGE: ${{ matrix.package }}
TEST: true
@ -60,8 +64,6 @@ jobs:
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# Code security
code-security:
@ -76,7 +78,7 @@ jobs:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
@ -98,6 +100,8 @@ jobs:
TYPE: ${{ matrix.type }}
secrets:
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
SECRET_KEY: ${{ secrets.SECRET_KEY }}
K8S_IP: ${{ secrets.K8S_IP }}
# Perform tests
staging-tests:
@ -125,16 +129,13 @@ jobs:
needs: [create-infras]
uses: ./.github/workflows/tests-ui.yml
with:
RELEASE: staging
secrets:
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
RELEASE: testing
prepare-tests-core:
needs: [create-infras]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -150,10 +151,7 @@ jobs:
uses: ./.github/workflows/test-core.yml
with:
TEST: ${{ matrix.test }}
RELEASE: staging
secrets:
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
RELEASE: testing
# Delete infrastructures
delete-infras:
@ -166,4 +164,112 @@ jobs:
with:
TYPE: ${{ matrix.type }}
secrets:
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
SECRET_KEY: ${{ secrets.SECRET_KEY }}
# Push Docker images
push-images:
needs: [staging-tests, tests-ui, tests-core]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push BW image
run: docker pull ghcr.io/bunkerweb-tests:testing && docker tag ghcr.io/bunkerweb-tests:testing bunkerity/bunkerweb:testing && docker push bunkerity/bunkerweb:testing && docker tag bunkerity/bunkerweb:testing ghcr.io/bunkerity/bunkerweb:testing && docker push ghcr.io/bunkerity/bunkerweb:testing
- name: Push scheduler image
run: docker pull ghcr.io/scheduler-tests:testing && docker tag ghcr.io/scheduler-tests:testing bunkerity/bunkerweb-scheduler:testing && docker push bunkerity/bunkerweb-scheduler:testing && docker tag bunkerity/bunkerweb-scheduler:testing ghcr.io/bunkerity/bunkerweb-scheduler:testing && docker push ghcr.io/bunkerity/bunkerweb-scheduler:testing
- name: Push UI image
run: docker pull ghcr.io/ui-tests:testing && docker tag ghcr.io/ui-tests:testing bunkerity/bunkerweb-ui:testing && docker push bunkerity/bunkerweb-ui:testing && docker tag bunkerity/bunkerweb-ui:testing ghcr.io/bunkerity/bunkerweb-ui:testing && docker push ghcr.io/bunkerity/bunkerweb-ui:testing
- name: Push autoconf image
run: docker pull ghcr.io/autoconf-tests:testing && docker tag ghcr.io/autoconf-tests:testing bunkerity/bunkerweb-autoconf:testing && docker push bunkerity/bunkerweb-autoconf:testing && docker tag bunkerity/bunkerweb-autoconf:testing ghcr.io/bunkerity/bunkerweb-autoconf:testing && docker push ghcr.io/bunkerity/bunkerweb-autoconf:testing
# Push Linux packages
push-packages:
needs: [staging-tests, tests-ui, tests-core]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
arch: [amd64]
include:
- release: testing
repo: bunkerweb
- linux: ubuntu
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
separator: _
suffix: ""
version: bullseye
package: deb
- linux: fedora
separator: "-"
suffix: "1."
version: 38
package: rpm
- linux: el
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
arch: amd64
package_arch: x86_64
- linux: el
arch: amd64
package_arch: x86_64
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}
SUFFIX: ${{ matrix.suffix }}
REPO: ${{ matrix.repo }}
LINUX: ${{ matrix.linux }}
VERSION: ${{ matrix.version }}
PACKAGE: ${{ matrix.package }}
BW_VERSION: ${{ matrix.release }}
PACKAGE_ARCH: ${{ matrix.package_arch }}
ARCH: ${{ matrix.arch }}
secrets:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
# Push doc
push-doc:
needs: [push-images, push-packages]
permissions:
contents: write
uses: ./.github/workflows/push-doc.yml
with:
VERSION: testing
ALIAS: unstable
secrets:
BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
# Push on GH
push-gh:
needs: [push-doc]
permissions:
contents: write
discussions: write
uses: ./.github/workflows/push-github.yml
with:
VERSION: testing
PRERELEASE: true

29
.github/workflows/test-core.yml vendored
View file

@ -9,33 +9,28 @@ on:
RELEASE:
required: true
type: string
secrets:
PRIVATE_REGISTRY:
required: true
PRIVATE_REGISTRY_TOKEN:
required: true
jobs:
test:
runs-on: ubuntu-latest
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
- name: Login to private repository
uses: actions/checkout@v4
- name: Login to ghcr
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull BW image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
- name: Pull Scheduler image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
# Temp fix "is not connected to the network" until compose v2.19.1 is available
- name: Downgrade compose
run: |
sudo apt update
sudo apt install -y --allow-downgrades moby-compose=2.18.1+azure-ubuntu22.04u2
run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
# # Temp fix "is not connected to the network" until compose v2.19.1 is available
# - name: Downgrade compose
# run: |
# sudo apt update
# sudo apt install -y --allow-downgrades moby-compose=2.18.1+azure-ubuntu22.04u2
# Run test
- name: Run test
run: |

21
.github/workflows/tests-ui.yml vendored
View file

@ -6,30 +6,25 @@ on:
RELEASE:
required: true
type: string
secrets:
PRIVATE_REGISTRY:
required: true
PRIVATE_REGISTRY_TOKEN:
required: true
jobs:
tests:
runs-on: ubuntu-latest
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
- name: Login to private repository
uses: actions/checkout@v4
- name: Login to ghcr
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull BW image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
- name: Pull Scheduler image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
- name: Pull UI image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:${{ inputs.RELEASE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests:${{ inputs.RELEASE }} ui-tests
run: docker pull ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} ui-tests
# Do tests
- name: Run tests
run: ./tests/ui/tests.sh

7
CHANGELOG.md
View file

@ -1,5 +1,12 @@
# Changelog
## v1.5.2 -
- [BUGFIX] Fix UI fetching only default values from the database (fixes no thrash button too)
- [BUGFIX] Fix infinite loop when using autoconf
- [MISC] Push Docker images to GitHub packages (ghcr.io repository)
- [MISC] Improved CI/CD
## v1.5.1 - 2023/08/08
- [BUGFIX] New version checker in logs displays "404 not found"

22
docs/integrations.md
View file

@ -24,6 +24,12 @@ Whether you're conducting tests, developing applications, or deploying BunkerWeb
docker pull bunkerity/bunkerweb:1.5.1
```
Docker images are also available on [GitHub packages](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) and can be downloaded using the `ghcr.io` repository address :
```shell
docker pull ghcr.io/bunkerity/bunkerweb:1.5.1
```
Alternatively, if you prefer a more hands-on approach, you have the option to build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb). Building the image from source gives you greater control and customization over the deployment process. However, please note that this method may take some time to complete, depending on your hardware configuration.
While the image is being built, you can take a moment to relax and enjoy a cup of coffee ☕, as the process may require some patience. Once the image is successfully built, you can proceed to deploy and utilize BunkerWeb within your Docker environment. This method allows you to tailor the image to your specific requirements and ensures a more personalized deployment of BunkerWeb.
@ -164,7 +170,7 @@ services:
- DOCKER_HOST=tcp://bw-docker:2375
...
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
@ -222,7 +228,7 @@ services:
- bw-docker
...
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
networks:
- bw-docker
...
@ -273,7 +279,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -372,7 +378,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -513,7 +519,7 @@ services:
- "node.role == worker"
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -969,6 +975,9 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
sudo apt install -y nginx=1.24.0-1~$(lsb_release -cs)
```
!!! warning "Testing version"
If you use the `testing` version, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing BunkerWeb.
And finally install BunkerWeb 1.5.1 :
```shell
@ -1003,6 +1012,9 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
sudo apt install -y nginx=1.24.0-1~jammy
```
!!! warning "Testing version"
If you use the `testing` version, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing BunkerWeb.
And finally install BunkerWeb 1.5.1 :
```shell

10
docs/quickstart-guide.md
View file

@ -65,7 +65,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -419,7 +419,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -1185,7 +1185,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -1848,7 +1848,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -1939,7 +1939,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

4
docs/requirements.txt
View file

@ -1,6 +1,6 @@
mkdocs==1.5.2
mkdocs-material==9.1.21
mkdocs-material==9.2.5
pytablewriter==1.0.0
mike==1.1.2
jinja2<3.1.0
mkdocs-print-site-plugin==2.3.5
mkdocs-print-site-plugin==2.3.6

4
docs/robots.txt Normal file
View file

@ -0,0 +1,4 @@
User-agent: *
Allow: /latest/
Sitemap: https://docs.bunkerweb.io/sitemap.xml

12
docs/security-tuning.md
View file

@ -127,7 +127,7 @@ Here is some examples of possible values for `CORS_ALLOW_ORIGIN` setting :
## HTTPS / SSL/TLS
Besides the HTTPS configuration, the following settings related to HTTPS can be set :
Besides the HTTPS / SSL/TLS configuration, the following settings related to HTTPS / SSL/TLS can be set :
| Setting | Default | Description |
| :---------------------------: | :---------------: | :----------------------------------------------------------------------------------------------------------- |
@ -141,13 +141,13 @@ Besides the HTTPS configuration, the following settings related to HTTPS can be
STREAM support :white_check_mark:
BunkerWeb comes with automatic Let's Encrypt certificate generation and renewal. This is the easiest way of getting HTTPS working out of the box for public-facing web applications. Please note that you will need to set up proper DNS A record(s) for each of your domains pointing to your public IP(s) where BunkerWeb is accessible.
BunkerWeb comes with automatic Let's Encrypt certificate generation and renewal. This is the easiest way of getting HTTPS / SSL/TLS working out of the box for public-facing web applications. Please note that you will need to set up proper DNS A record(s) for each of your domains pointing to your public IP(s) where BunkerWeb is accessible.
Here is the list of related settings :
| Setting | Default | Description |
| :------------------------: | :----------------------: | :----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `AUTO_LETS_ENCRYPT` | `no` | When set to `yes`, HTTPS will be enabled with automatic certificate generation and renewal from Let's Encrypt. |
| `AUTO_LETS_ENCRYPT` | `no` | When set to `yes`, HTTPS / SSL/TLS will be enabled with automatic certificate generation and renewal from Let's Encrypt. |
| `EMAIL_LETS_ENCRYPT` | `contact@{FIRST_SERVER}` | Email to use when generating certificates. Let's Encrypt will send notifications to that email like certificate expiration. |
| `USE_LETS_ENCRYPT_STAGING` | `no` | When set to `yes`, the staging server of Let's Encrypt will be used instead of the production one. Useful when doing tests to avoid being "blocked" due to limits. |
@ -161,7 +161,7 @@ If you want to use your own certificates, here is the list of related settings :
| Setting |Default| Context |Multiple| Description |
|-----------------|-------|---------|--------|--------------------------------------------------------------------------------|
|`USE_CUSTOM_SSL` |`no` |multisite|no |Use custom HTTPS certificate. |
|`USE_CUSTOM_SSL` |`no` |multisite|no |Use custom HTTPS / SSL/TLS certificate. |
|`CUSTOM_SSL_CERT`| |multisite|no |Full path of the certificate or bundle file (must be readable by the scheduler).|
|`CUSTOM_SSL_KEY` | |multisite|no |Full path of the key file (must be readable by the scheduler). |
@ -174,11 +174,11 @@ When using stream mode, you will need to use the `LISTEN_STREAM_PORT_SSL` settin
STREAM support :white_check_mark:
If you want to quickly test HTTPS for staging/dev environment you can configure BunkerWeb to generate self-signed certificates, here is the list of related settings :
If you want to quickly test HTTPS / SSL/TLS for staging/dev environment you can configure BunkerWeb to generate self-signed certificates, here is the list of related settings :
| Setting | Default | Description |
| :------------------------: | :--------------------: | :------------------------------------------------------------------------------------------------------------------------- |
| `GENERATE_SELF_SIGNED_SSL` | `no` | When set to `yes`, HTTPS will be enabled with automatic self-signed certificate generation and renewal from Let's Encrypt. |
| `GENERATE_SELF_SIGNED_SSL` | `no` | When set to `yes`, HTTPS / SSL/TLS will be enabled with automatic self-signed certificate generation and renewal from Let's Encrypt. |
| `SELF_SIGNED_SSL_EXPIRY` | `365` | Number of days for the certificate expiration (**-days** value used with **openssl**). |
| `SELF_SIGNED_SSL_SUBJ` | `/CN=www.example.com/` | Certificate subject to use (**-subj** value used with **openssl**). |

6
docs/web-ui.md
View file

@ -105,7 +105,7 @@ Because the web UI is a web application, the recommended installation procedure
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -232,7 +232,7 @@ Because the web UI is a web application, the recommended installation procedure
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -364,7 +364,7 @@ Because the web UI is a web application, the recommended installation procedure
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/authelia/docker-compose.yml
View file

@ -56,7 +56,7 @@ services:
- bw-data:/data
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/authentik/docker-compose.yml
View file

@ -65,7 +65,7 @@ services:
- bw-data:/data
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/behind-reverse-proxy/docker-compose.yml
View file

@ -36,7 +36,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/bigbluebutton/docker-compose.yml
View file

@ -62,7 +62,7 @@ services:
bw-docker:
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/certbot-dns-cloudflare/docker-compose.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/certbot-dns-digitalocean/docker-compose.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/certbot-dns-google/docker-compose.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/certbot-dns-ovh/docker-compose.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/certbot-dns-route53/docker-compose.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/cors/docker-compose.yml
View file

@ -50,7 +50,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/docker-configs/docker-compose.yml
View file

@ -65,7 +65,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/drupal/docker-compose.yml
View file

@ -40,7 +40,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/ghost/docker-compose.yml
View file

@ -36,7 +36,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/gogs/docker-compose.yml
View file

@ -40,7 +40,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/hardened/docker-compose.yml
View file

@ -51,7 +51,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/joomla/docker-compose.yml
View file

@ -40,7 +40,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/load-balancer/docker-compose.yml
View file

@ -43,7 +43,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/magento/docker-compose.yml
View file

@ -41,7 +41,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/mattermost/docker-compose.yml
View file

@ -56,7 +56,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/mongo-express/docker-compose.yml
View file

@ -39,7 +39,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/moodle/docker-compose.yml
View file

@ -37,7 +37,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/nextcloud/docker-compose.yml
View file

@ -66,7 +66,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/passbolt/docker-compose.yml
View file

@ -38,7 +38,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/php-cookie-flags/docker-compose.yml
View file

@ -43,7 +43,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/php-multisite/docker-compose.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/php-singlesite/docker-compose.yml
View file

@ -42,7 +42,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/prestashop/docker-compose.yml
View file

@ -40,7 +40,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/proxy-protocol/docker-compose.yml
View file

@ -39,7 +39,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/radarr/docker-compose.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/redmine/docker-compose.yml
View file

@ -36,7 +36,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/reverse-proxy-multisite/docker-compose.yml
View file

@ -39,7 +39,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

10
examples/reverse-proxy-multisite/setup-linux.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
mkdir /var/www/html/{app1.example.com,app2.example.com}
echo "hello" > /var/www/html/app1.example.com/index.html
echo "hello" > /var/www/html/app2.example.com/index.html

2
examples/reverse-proxy-multisite/tests.json
View file

@ -1,6 +1,6 @@
{
"name": "reverse-proxy-multisite",
"kinds": ["docker", "autoconf", "swarm", "kubernetes", "linux"],
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
"timeout": 60,
"delay": 90,
"tests": [

14
examples/reverse-proxy-multisite/variables.env
View file

@ -1,14 +0,0 @@
HTTP_PORT=80
HTTPS_PORT=443
DNS_RESOLVERS=8.8.8.8 8.8.4.4
# Replace with your domain
SERVER_NAME=app1.example.com app2.example.com
MULTISITE=yes
DISABLE_DEFAULT_SERVER=yes
AUTO_LETS_ENCRYPT=yes
USE_CLIENT_CACHE=yes
USE_GZIP=yes
app1.example.com_LOCAL_PHP=/run/php/php-fpm.sock
app1.example.com_LOCAL_PHP_PATH=/var/www/html/app1.example.com
app2.example.com_LOCAL_PHP=/run/php/php-fpm.sock
app2.example.com_LOCAL_PHP_PATH=/var/www/html/app2.example.com

2
examples/reverse-proxy-singlesite/docker-compose.yml
View file

@ -44,7 +44,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

12
examples/reverse-proxy-singlesite/setup-linux.sh
View file

@ -1,12 +0,0 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
mkdir /var/www/html/{app1,app2}
echo "hello" > /var/www/html/app1/index.html
echo "hello" > /var/www/html/app2/index.html
cp -r bw-data/configs/* /etc/bunkerweb/configs
chown -R nginx:nginx /etc/bunkerweb/configs

2
examples/reverse-proxy-singlesite/tests.json
View file

@ -1,6 +1,6 @@
{
"name": "reverse-proxy-singlesite",
"kinds": ["docker", "autoconf", "swarm", "linux"],
"kinds": ["docker", "autoconf", "swarm"],
"delay": 120,
"timeout": 60,
"no_copy_container": true,

11
examples/reverse-proxy-singlesite/variables.env
View file

@ -1,11 +0,0 @@
HTTP_PORT=80
HTTPS_PORT=443
DNS_RESOLVERS=8.8.8.8 8.8.4.4
# Replace with your domain
SERVER_NAME=www.example.com
DISABLE_DEFAULT_SERVER=yes
AUTO_LETS_ENCRYPT=yes
USE_CLIENT_CACHE=yes
USE_GZIP=yes
LOCAL_PHP=/run/php/php-fpm.sock
LOCAL_PHP_PATH=/var/www/html

2
examples/reverse-proxy-websocket/docker-compose.yml
View file

@ -37,7 +37,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/stream-multisite/docker-compose.yml
View file

@ -45,7 +45,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/syslog/docker-compose.yml
View file

@ -45,7 +45,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/tomcat/docker-compose.yml
View file

@ -35,7 +35,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/tor-hidden-service/docker-compose.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/web-ui/docker-compose.yml
View file

@ -53,7 +53,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/wordpress/docker-compose.yml
View file

@ -37,7 +37,7 @@ services:
- bw-docker
bw-docker-proxy:
image: tecnativa/docker-socket-proxy:0.1
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/autoconf.mariadb.ui.yml
View file

@ -45,7 +45,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/autoconf.mariadb.yml
View file

@ -45,7 +45,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/autoconf.mysql.ui.yml
View file

@ -45,7 +45,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/autoconf.mysql.yml
View file

@ -45,7 +45,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/autoconf.postgres.ui.yml
View file

@ -45,7 +45,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/autoconf.postgres.yml
View file

@ -45,7 +45,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/autoconf.ui.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/autoconf.yml
View file

@ -46,7 +46,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/docker.mariadb.ui.yml
View file

@ -38,7 +38,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/docker.mariadb.yml
View file

@ -29,7 +29,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/docker.mysql.ui.yml
View file

@ -38,7 +38,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/docker.mysql.yml
View file

@ -29,7 +29,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/docker.postgres.ui.yml
View file

@ -39,7 +39,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/docker.postgres.yml
View file

@ -29,7 +29,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/docker.ui.yml
View file

@ -35,7 +35,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/docker.yml
View file

@ -29,7 +29,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/swarm.mariadb.ui.yml
View file

@ -42,7 +42,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/swarm.mariadb.yml
View file

@ -46,7 +46,7 @@ services:
- "node.role == worker"
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/swarm.mysql.ui.yml
View file

@ -42,7 +42,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/swarm.mysql.yml
View file

@ -42,7 +42,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/swarm.postgres.ui.yml
View file

@ -42,7 +42,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/integrations/swarm.postgres.yml
View file

@ -42,7 +42,7 @@ services:
- bw-docker
bw-docker:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
misc/update-version.sh
View file

@ -26,6 +26,6 @@ for test in tests/core/* ; do
sed -i "s@${OLD_VERSION}@${NEW_VERSION}@g" ${test}/docker-compose.yml
done
# linux
sed -i "s@${OLD_VERSION}@${NEW_VERSION}@g" src/linux/scripts*.sh
sed -i "s@${OLD_VERSION}@${NEW_VERSION}@g" src/linux/scripts/*.sh
# db
sed -i "s@${OLD_VERSION}@${NEW_VERSION}@g" src/common/db/model.py

4
mkdocs.yml
View file

@ -68,4 +68,6 @@ extra:
plugins:
- search
- print-site
- print-site
- mike:
canonical_version: latest

141
src/autoconf/Config.py
View file

@ -3,6 +3,7 @@
from os import getenv
from time import sleep
from typing import Optional
from copy import deepcopy
from ConfigCaller import ConfigCaller # type: ignore
from Database import Database # type: ignore
@ -15,7 +16,18 @@ class Config(ConfigCaller):
self.__logger = setup_logger("Config", getenv("LOG_LEVEL", "INFO"))
self.__instances = []
self.__services = []
self.__configs = []
self._supported_config_types = [
"http",
"stream",
"server-http",
"server-stream",
"default-server-http",
"modsec",
"modsec-crs",
]
self.__configs = {
config_type: {} for config_type in self._supported_config_types
}
self.__config = {}
self._db = Database(self.__logger)
@ -34,43 +46,65 @@ class Config(ConfigCaller):
env_instances["SERVER_NAME"] = env_instances["SERVER_NAME"].strip()
return self._full_env(env_instances, env_services)
def update_needed(self, instances, services, configs=None) -> bool:
def update_needed(self, instances, services, configs={}) -> bool:
if instances != self.__instances:
return True
elif services != self.__services:
return True
elif not configs is None and configs != self.__configs:
elif configs != self.__configs:
return True
return False
def apply(self, instances, services, configs=None) -> bool:
def apply(self, instances, services, configs={}, first=False) -> bool:
success = True
# update values
self.__instances = instances
self.__services = services
self.__configs = configs
self.__config = self.__get_full_env()
# update types
updates = {
"instances": False,
"services": False,
"configs": False,
"config": False,
}
changes = []
if instances != self.__instances or first:
self.__instances = instances
updates["instances"] = True
changes.append("instances")
if services != self.__services or first:
self.__services = services
updates["services"] = True
if configs != self.__configs or first:
self.__configs = configs
updates["configs"] = True
changes.append("custom_configs")
if updates["instances"] or updates["services"]:
old_env = deepcopy(self.__config)
new_env = self.__get_full_env()
if old_env != new_env or first:
self.__config = new_env
updates["config"] = True
changes.append("config")
custom_configs = []
for config_type in self.__configs:
for file, data in self.__configs[config_type].items():
site = None
name = file
if "/" in file:
exploded = file.split("/")
site = exploded[0]
name = exploded[1]
custom_configs.append(
{
"value": data,
"exploded": [
site,
config_type,
name.replace(".conf", ""),
],
}
)
if updates["configs"]:
for config_type in self.__configs:
for file, data in self.__configs[config_type].items():
site = None
name = file
if "/" in file:
exploded = file.split("/")
site = exploded[0]
name = exploded[1]
custom_configs.append(
{
"value": data,
"exploded": [
site,
config_type,
name.replace(".conf", ""),
],
}
)
while not self._db.is_initialized():
self.__logger.warning(
@ -78,25 +112,48 @@ class Config(ConfigCaller):
)
sleep(5)
# wait until changes are applied
while True:
curr_changes = self._db.check_changes()
if isinstance(curr_changes, str):
self.__logger.error(
f"An error occurred when checking for changes in the database : {curr_changes}"
)
elif not any(curr_changes.values()):
break
else:
self.__logger.warning(
"Scheduler is already applying a configuration, retrying in 5 seconds ...",
)
sleep(5)
# update instances in database
err = self._db.update_instances(self.__instances)
if err:
self.__logger.error(f"Failed to update instances: {err}")
if updates["instances"]:
err = self._db.update_instances(self.__instances, changed=False)
if err:
self.__logger.error(f"Failed to update instances: {err}")
# save config to database
err = self._db.save_config(self.__config, "autoconf")
if err:
success = False
self.__logger.error(
f"Can't save config in database: {err}, config may not work as expected",
)
if updates["config"]:
err = self._db.save_config(self.__config, "autoconf", changed=False)
if err:
success = False
self.__logger.error(
f"Can't save config in database: {err}, config may not work as expected",
)
# save custom configs to database
err = self._db.save_custom_configs(custom_configs, "autoconf")
if err:
success = False
if updates["configs"]:
err = self._db.save_custom_configs(
custom_configs, "autoconf", changed=False
)
if err:
success = False
self.__logger.error(
f"Can't save autoconf custom configs in database: {err}, custom configs may not work as expected",
)
# update changes in db
ret = self._db.checked_changes(changes, value=True)
if ret:
self.__logger.error(
f"Can't save autoconf custom configs in database: {err}, custom configs may not work as expected",
f"An error occurred when setting the changes to checked in the database : {ret}"
)
return success

14
src/autoconf/Controller.py
View file

@ -16,18 +16,10 @@ class Controller(Config):
ctrl_type: Union[Literal["docker"], Literal["swarm"], Literal["kubernetes"]],
):
super().__init__()
self._loaded = False
self._type = ctrl_type
self._instances = []
self._services = []
self._supported_config_types = [
"http",
"stream",
"server-http",
"server-stream",
"default-server-http",
"modsec",
"modsec-crs",
]
self._configs = {
config_type: {} for config_type in self._supported_config_types
}
@ -83,12 +75,14 @@ class Controller(Config):
pass
def _set_autoconf_load_db(self):
if not self._db.is_autoconf_loaded():
if not self._loaded:
ret = self._db.set_autoconf_load(True)
if ret:
self._logger.warning(
f"Can't set autoconf loaded metadata to true in database: {ret}",
)
else:
self._loaded = True
def get_services(self):
services = []

7
src/autoconf/DockerController.py
View file

@ -106,7 +106,12 @@ class DockerController(Controller):
return configs
def apply_config(self) -> bool:
return self.apply(self._instances, self._services, configs=self._configs)
return self.apply(
self._instances,
self._services,
configs=self._configs,
first=not self._loaded,
)
def process_events(self):
self._set_autoconf_load_db()

6
src/autoconf/Dockerfile
View file

@ -1,4 +1,4 @@
FROM python:3.11.4-alpine AS builder
FROM python:3.11.5-alpine AS builder
# Copy python requirements
COPY src/common/gen/requirements.txt /tmp/req/requirements.txt
@ -33,7 +33,7 @@ COPY src/common/helpers /usr/share/bunkerweb/helpers
COPY src/common/settings.json /usr/share/bunkerweb/settings.json
COPY src/common/utils /usr/share/bunkerweb/utils
FROM python:3.11.4-alpine
FROM python:3.11.5-alpine
# Set default umask to prevent huge recursive chmod increasing the final image size
RUN umask 027
@ -61,7 +61,7 @@ RUN apk add --no-cache bash && \
chmod 750 /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/bin/bwcli /usr/share/bunkerweb/autoconf/main.py /usr/share/bunkerweb/deps/python/bin/*
# Fix CVEs
RUN apk add "libcrypto3>=3.1.1-r2" "libssl3>=3.1.1-r2"
# There are no CVE to fix for the moment
VOLUME /data /etc/nginx

7
src/autoconf/IngressController.py
View file

@ -298,7 +298,12 @@ class IngressController(Controller):
sleep(10)
def apply_config(self) -> bool:
return self.apply(self._instances, self._services, configs=self._configs)
return self.apply(
self._instances,
self._services,
configs=self._configs,
first=not self._loaded,
)
def process_events(self):
self._set_autoconf_load_db()

Some files were not shown because too many files have changed in this diff Show more