Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1005 from bunkerity/dev

Browse source 
Merge branch "dev" into branch "staging"
This commit is contained in:
Théophile Diot 2024-03-24 11:10:33 +00:00 committed by GitHub
commit 4d758ee5a5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
46 changed files with 346 additions and 269 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.prettierignore
View file

@ -18,4 +18,3 @@ src/ui/static/js/utils/purify/*
src/ui/templates/*
src/common/core/*/ui/*
datepicker-foundation.css
examples/*

54
docs/quickstart-guide.md
View file

@ -32,7 +32,7 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
@ -48,7 +48,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
networks:
- bw-universe
- bw-services
@ -102,7 +102,7 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -111,7 +111,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp:8080"
networks:
bw-services:
@ -128,7 +128,7 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -141,7 +141,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp:8080"
networks:
bw-services:
@ -174,7 +174,7 @@ You will find more settings about reverse proxy in the [settings section](settin
spec:
containers:
- name: app
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
---
@ -376,17 +376,17 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
myapp3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
@ -403,9 +403,9 @@ You will find more settings about reverse proxy in the [settings section](settin
- SERVER_NAME=app1.example.com app2.example.com app3.example.com
- USE_REVERSE_PROXY=yes # Will be applied to all server config
- REVERSE_PROXY_URL=/ # Will be applied to all server config
- app1.example.com_REVERSE_PROXY_HOST=http://myapp1
- app2.example.com_REVERSE_PROXY_HOST=http://myapp2
- app3.example.com_REVERSE_PROXY_HOST=http://myapp3
- app1.example.com_REVERSE_PROXY_HOST=http://myapp1:8080
- app2.example.com_REVERSE_PROXY_HOST=http://myapp2:8080
- app3.example.com_REVERSE_PROXY_HOST=http://myapp3:8080
networks:
- bw-universe
- bw-services
@ -458,7 +458,7 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -467,10 +467,10 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app1.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1:8080"
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -479,10 +479,10 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app2.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2:8080"
myapp3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -491,7 +491,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app3.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3:8080"
networks:
bw-services:
@ -508,7 +508,7 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -521,10 +521,10 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app1.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1:8080"
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -537,10 +537,10 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app2.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2:8080"
myapp3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -553,7 +553,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app3.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3:8080"
networks:
bw-services:
@ -586,7 +586,7 @@ You will find more settings about reverse proxy in the [settings section](settin
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
---
@ -1546,7 +1546,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
labels:
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_hello-world=

18
docs/security-tuning.md
View file

@ -547,13 +547,27 @@ You can deploy complex authentication (e.g. SSO), by using the auth request sett
### Monitoring <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
TODO
The monitoring plugin lets you collect and retrieve metrics about BunkerWeb. By enabling it, your instance(s) will start collecting various data related to attacks, requests and performance. You can then retrieve them by calling the `/monitoring` API endpoint on regular basis or by using other plugins like the Prometheus exporter one.
List of features :
- Enable collection of various BunkerWeb metrics
- Retrieve metrics from the API
- Use in combination with other plugins (e.g. Prometheus exporter)
- Dedicate UI page to monitor your instance(s)
List of settings :
| Setting |Default|Context|Multiple| Description |
|------------------------------|-------|-------|--------|---------------------------------------------|
|`USE_MONITORING` |`yes` |global |no |Enable monitoring of BunkerWeb. |
|`MONITORING_METRICS_DICT_SIZE`|`10M` |global |no |Size of the dict to store monitoring metrics.|
### Prometheus exporter <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
The Prometheus exporter plugin adds a [Prometheus exporter](https://prometheus.io/docs/instrumenting/exporters/) on your BunkerWeb instance(s). When enabled, you can configure your Prometheus instance(s) to scrape a specific endpoint on Bunkerweb and gather internal metrics.
We also provide a [Grafana dashboard](https://grafana.com/grafana/dashboards/20755) that you can import into your own instance and connect to your own Prometheus datasource.
We also provide a [Grafana dashboard](https://grafana.com/grafana/dashboards/20755-bunkerweb/) that you can import into your own instance and connect to your own Prometheus datasource.
**Please note that the use of Prometheus exporter plugin requires to enable the Monitoring plugin (`USE_MONITORING=yes`)**

8
examples/authelia/autoconf.yml
View file

@ -3,7 +3,7 @@ version: "3"
services:
# APPLICATIONS
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -12,7 +12,7 @@ services:
- bunkerweb.SERVER_NAME=app1.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app1
- bunkerweb.REVERSE_PROXY_HOST=http://app1:8080
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
@ -22,7 +22,7 @@ services:
- bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -31,7 +31,7 @@ services:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app2
- bunkerweb.REVERSE_PROXY_HOST=http://app2:8080
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email

8
examples/authelia/docker-compose.yml
View file

@ -31,13 +31,13 @@ services:
- auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
# Applications
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
- app1.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
@ -67,11 +67,11 @@ services:
# APPLICATIONS
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

8
examples/authelia/kubernetes.yml
View file

@ -70,7 +70,7 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
---
apiVersion: v1
kind: Service
@ -82,7 +82,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -102,7 +102,7 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
---
apiVersion: v1
kind: Service
@ -114,7 +114,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: ConfigMap

8
examples/authelia/swarm.yml
View file

@ -3,7 +3,7 @@ version: "3"
services:
# APPLICATIONS
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -14,7 +14,7 @@ services:
- bunkerweb.SERVER_NAME=app1.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app1
- bunkerweb.REVERSE_PROXY_HOST=http://app1:8080
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
@ -24,7 +24,7 @@ services:
- bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -35,7 +35,7 @@ services:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app2
- bunkerweb.REVERSE_PROXY_HOST=http://app2:8080
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email

8
examples/authentik/docker-compose.yml
View file

@ -38,14 +38,14 @@ services:
- auth.example.com_COOKIE_FLAGS=* SameSite=Lax
# Applications
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/outpost.goauthentik.io/auth/nginx
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/outpost.goauthentik.io/start?rd=$$scheme%3A%2F%2F$$host$$request_uri
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$auth_cookie $$upstream_http_set_cookie;$$authentik_username $$upstream_http_x_authentik_username;$$authentik_groups $$upstream_http_x_authentik_groups;$$authentik_email $$upstream_http_x_authentik_email;$$authentik_name $$upstream_http_x_authentik_name;$$authentik_uid $$upstream_http_x_authentik_uid
- app1.example.com_REVERSE_PROXY_HEADERS_CLIENT=Set-Cookie $$auth_cookie
- app1.example.com_REVERSE_PROXY_HEADERS=X-authentik-username $$authentik_username;X-authentik-groups $$authentik_groups;X-authentik-email $$authentik_email;X-authentik-name $$authentik_name;X-authentik-uid $$authentik_uid
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/outpost.goauthentik.io/auth/nginx
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/outpost.goauthentik.io/start?rd=$$scheme%3A%2F%2F$$host$$request_uri
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$auth_cookie $$upstream_http_set_cookie;$$authentik_username $$upstream_http_x_authentik_username;$$authentik_groups $$upstream_http_x_authentik_groups;$$authentik_email $$upstream_http_x_authentik_email;$$authentik_name $$upstream_http_x_authentik_name;$$authentik_uid $$upstream_http_x_authentik_uid
@ -76,11 +76,11 @@ services:
# APPLICATIONS
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

12
examples/autoconf-configs/autoconf.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -11,7 +11,7 @@ services:
- "bunkerweb.SERVER_NAME=app1.example.com" # replace with your domain
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1:8080"
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_example=
location /hello {
@ -22,7 +22,7 @@ services:
}
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -31,7 +31,7 @@ services:
- "bunkerweb.SERVER_NAME=app2.example.com" # replace with your domain
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2:8080"
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_example=
location /hello {
@ -42,7 +42,7 @@ services:
}
myapp3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -51,7 +51,7 @@ services:
- "bunkerweb.SERVER_NAME=app3.example.com" # replace with your domain
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3:8080"
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_example=
location /hello {

4
examples/behind-reverse-proxy/docker-compose.yml
View file

@ -12,7 +12,7 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
# real IP settings
- USE_REAL_IP=yes
- REAL_IP_FROM=10.10.10.0/24
@ -55,7 +55,7 @@ services:
- net-proxy
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

12
examples/certbot-dns-cloudflare/docker-compose.yml
View file

@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

12
examples/certbot-dns-digitalocean/docker-compose.yml
View file

@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

12
examples/certbot-dns-google/docker-compose.yml
View file

@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

12
examples/certbot-dns-ovh/docker-compose.yml
View file

@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

12
examples/certbot-dns-route53/docker-compose.yml
View file

@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

8
examples/docker-configs/docker-compose.yml
View file

@ -17,9 +17,9 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://myapp1
- app1.example.com_REVERSE_PROXY_HOST=http://myapp1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://myapp2
- app2.example.com_REVERSE_PROXY_HOST=http://myapp2:8080
# global config applied at server context
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -75,12 +75,12 @@ services:
- bw-docker
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

4
examples/hardened/docker-compose.yml
View file

@ -30,7 +30,7 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
- REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
@ -61,7 +61,7 @@ services:
- bw-docker
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

18
examples/kubernetes-configs/kubernetes.yml
View file

@ -122,9 +122,9 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -144,9 +144,9 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -166,9 +166,9 @@ spec:
spec:
containers:
- name: app3
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: v1
kind: Service
@ -180,7 +180,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -192,7 +192,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -204,4 +204,4 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080

18
examples/kubernetes-ingress/kubernetes.yml
View file

@ -55,9 +55,9 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -77,9 +77,9 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -99,9 +99,9 @@ spec:
spec:
containers:
- name: app3
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: v1
kind: Service
@ -113,7 +113,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -125,7 +125,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -137,4 +137,4 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080

18
examples/kubernetes-tls/kubernetes.yml
View file

@ -79,9 +79,9 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -101,9 +101,9 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -123,9 +123,9 @@ spec:
spec:
containers:
- name: app3
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: v1
kind: Service
@ -137,7 +137,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -149,7 +149,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -161,4 +161,4 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080

12
examples/load-balancer/docker-compose.yml
View file

@ -20,9 +20,9 @@ services:
- |
CUSTOM_CONF_HTTP_upstream=
upstream app {
server app1:80;
server app2:80;
server app3:80;
server app1:8080;
server app2:8080;
server app3:8080;
}
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
@ -53,17 +53,17 @@ services:
- bw-docker
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

6
examples/proxy-protocol/docker-compose.yml
View file

@ -13,7 +13,7 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
# proxy protocol settings
- USE_PROXY_PROTOCOL=yes
- USE_REAL_IP=yes
@ -49,7 +49,7 @@ services:
- bw-docker
myproxy:
image: haproxy:2.7-alpine
image: haproxy:2.9-alpine
ports:
- 80:8080
- 443:8443
@ -59,7 +59,7 @@ services:
- net-proxy
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

8
examples/reverse-proxy-multisite/autoconf.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -11,10 +11,10 @@ services:
- bunkerweb.SERVER_NAME=app1.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app1
- bunkerweb.REVERSE_PROXY_HOST=http://app1:8080
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -23,7 +23,7 @@ services:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app2
- bunkerweb.REVERSE_PROXY_HOST=http://app2:8080
networks:
bw-services:

8
examples/reverse-proxy-multisite/docker-compose.yml
View file

@ -17,9 +17,9 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -49,12 +49,12 @@ services:
- bw-docker
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

8
examples/reverse-proxy-multisite/kubernetes.yml
View file

@ -45,7 +45,7 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
---
apiVersion: v1
kind: Service
@ -57,7 +57,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -77,7 +77,7 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
---
apiVersion: v1
kind: Service
@ -89,4 +89,4 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080

8
examples/reverse-proxy-multisite/swarm.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -13,10 +13,10 @@ services:
- bunkerweb.SERVER_NAME=app1.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app1
- bunkerweb.REVERSE_PROXY_HOST=http://app1:8080
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -27,7 +27,7 @@ services:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app2
- bunkerweb.REVERSE_PROXY_HOST=http://app2:8080
networks:
bw-services:

8
examples/reverse-proxy-singlesite/autoconf.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -11,7 +11,7 @@ services:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL_1=~ ^/app1/(.*)$$
- bunkerweb.REVERSE_PROXY_HOST_1=http://app1/$$1
- bunkerweb.REVERSE_PROXY_HOST_1=http://app1:8080/$$1
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_redirects=
port_in_redirect off;
@ -20,7 +20,7 @@ services:
}
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -29,7 +29,7 @@ services:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL_2=~ ^/app2/(.*)$$
- bunkerweb.REVERSE_PROXY_HOST_2=http://app2/$$1
- bunkerweb.REVERSE_PROXY_HOST_2=http://app2:8080/$$1
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_redirects=
port_in_redirect off;

8
examples/reverse-proxy-singlesite/docker-compose.yml
View file

@ -16,9 +16,9 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL_1=~ ^/app1/(.*)$$
- REVERSE_PROXY_HOST_1=http://app1/$$1
- REVERSE_PROXY_HOST_1=http://app1:8080/$$1
- REVERSE_PROXY_URL_2=~ ^/app2/(.*)$$
- REVERSE_PROXY_HOST_2=http://app2/$$1
- REVERSE_PROXY_HOST_2=http://app2:8080/$$1
- |
CUSTOM_CONF_SERVER_HTTP_redirects=
port_in_redirect off;
@ -54,12 +54,12 @@ services:
- bw-docker
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

8
examples/reverse-proxy-singlesite/swarm.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -13,10 +13,10 @@ services:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL_1=~ ^/app1/(.*)$$
- bunkerweb.REVERSE_PROXY_HOST_1=http://app1/$$1
- bunkerweb.REVERSE_PROXY_HOST_1=http://app1:8080/$$1
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -27,7 +27,7 @@ services:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL_2=~ ^/app2/(.*)$$
- bunkerweb.REVERSE_PROXY_HOST_2=http://app2/$$1
- bunkerweb.REVERSE_PROXY_HOST_2=http://app2:8080/$$1
networks:
bw-services:

12
examples/swarm-configs/swarm.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -13,10 +13,10 @@ services:
- "bunkerweb.SERVER_NAME=app1.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1:8080"
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -27,10 +27,10 @@ services:
- "bunkerweb.SERVER_NAME=app2.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2:8080"
myapp3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -41,7 +41,7 @@ services:
- "bunkerweb.SERVER_NAME=app3.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3:8080"
networks:
bw-services:

4
examples/syslog/docker-compose.yml
View file

@ -21,7 +21,7 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -65,7 +65,7 @@ services:
ipv4_address: 10.10.10.254
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

4
examples/tor-hidden-service/docker-compose.yml
View file

@ -26,7 +26,7 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -56,7 +56,7 @@ services:
- bw-docker
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

35
src/common/core/letsencrypt/jobs/certbot-new.py
View file

@ -1,8 +1,10 @@
#!/usr/bin/env python3
from itertools import chain
from os import environ, getenv, sep
from os.path import join
from pathlib import Path
from shutil import rmtree
from subprocess import DEVNULL, STDOUT, Popen, run, PIPE
from sys import exit as sys_exit, path as sys_path
from traceback import format_exc
@ -21,7 +23,7 @@ status = 0
CERTBOT_BIN = join(sep, "usr", "share", "bunkerweb", "deps", "python", "bin", "certbot")
LETS_ENCRYPT_PATH = Path(sep, "var", "cache", "bunkerweb", "letsencrypt")
DATA_PATH = Path(sep, "var", "cache", "bunkerweb", "letsencrypt", "etc")
LETS_ENCRYPT_JOBS_PATH = Path(sep, "usr", "share", "bunkerweb", "core", "letsencrypt", "jobs")
LETS_ENCRYPT_WORK_DIR = join(sep, "var", "lib", "bunkerweb", "letsencrypt")
LETS_ENCRYPT_LOGS_DIR = join(sep, "var", "log", "bunkerweb")
@ -33,7 +35,7 @@ def certbot_new(domains: str, email: str, use_letsencrypt_staging: bool = False)
CERTBOT_BIN,
"certonly",
"--config-dir",
LETS_ENCRYPT_PATH.joinpath("etc").as_posix(),
DATA_PATH.as_posix(),
"--work-dir",
LETS_ENCRYPT_WORK_DIR,
"--logs-dir",
@ -97,22 +99,22 @@ try:
domains_to_ask = []
# Multisite case
if is_multisite:
domains_sever_names = {}
domains_server_names = {}
for first_server in server_names:
if not first_server or getenv(f"{first_server}_AUTO_LETS_ENCRYPT", getenv("AUTO_LETS_ENCRYPT", "no")) != "yes":
continue
domains_sever_names[first_server] = getenv(f"{first_server}_SERVER_NAME", first_server)
domains_server_names[first_server] = getenv(f"{first_server}_SERVER_NAME", first_server)
# Singlesite case
else:
domains_sever_names = {server_names[0]: all_domains}
domains_server_names = {server_names[0]: all_domains}
proc = run(
[
CERTBOT_BIN,
"certificates",
"--config-dir",
LETS_ENCRYPT_PATH.joinpath("etc").as_posix(),
DATA_PATH.as_posix(),
"--work-dir",
LETS_ENCRYPT_WORK_DIR,
"--logs-dir",
@ -127,11 +129,15 @@ try:
)
stdout = proc.stdout
generated_domains = set()
if proc.returncode != 0:
LOGGER.error(f"Error while checking certificates :\n{proc.stdout}")
domains_to_ask = server_names
else:
for first_server, domains in domains_sever_names.items():
for first_server, domains in domains_server_names.items():
generated_domains.update(domains.split(" "))
current_domains = search(rf"Domains: {first_server}(?P<domains>.*)$", stdout, MULTILINE)
if not current_domains:
domains_to_ask.append(first_server)
@ -142,7 +148,7 @@ try:
continue
LOGGER.info(f"Certificates already exists for domain(s) {domains}")
for first_server, domains in domains_sever_names.items():
for first_server, domains in domains_server_names.items():
if first_server not in domains_to_ask:
continue
@ -161,9 +167,18 @@ try:
status = 1 if status == 0 else status
LOGGER.info(f"Certificate generation succeeded for domain(s) : {domains}")
# Remove old certificates
for elem in chain(DATA_PATH.glob("archive/*"), DATA_PATH.glob("live/*"), DATA_PATH.glob("renewal/*")):
if elem.name.replace(".conf", "") not in generated_domains:
LOGGER.debug(f"Removing old certificate {elem}")
if elem.is_dir():
rmtree(elem, ignore_errors=True)
else:
elem.unlink(missing_ok=True)
# Save Let's Encrypt data to db cache
if LETS_ENCRYPT_PATH.is_dir() and list(LETS_ENCRYPT_PATH.iterdir()):
cached, err = JOB.cache_dir(LETS_ENCRYPT_PATH, job_name="certbot-renew")
if DATA_PATH.is_dir() and list(DATA_PATH.iterdir()):
cached, err = JOB.cache_dir(DATA_PATH, job_name="certbot-renew")
if not cached:
LOGGER.error(f"Error while saving Let's Encrypt data to db cache : {err}")
else:

8
src/common/core/letsencrypt/jobs/certbot-renew.py
View file

@ -27,7 +27,7 @@ status = 0
CERTBOT_BIN = join(sep, "usr", "share", "bunkerweb", "deps", "python", "bin", "certbot")
LETS_ENCRYPT_PATH = Path(sep, "var", "cache", "bunkerweb", "letsencrypt")
DATA_PATH = Path(sep, "var", "cache", "bunkerweb", "letsencrypt", "etc")
LETS_ENCRYPT_WORK_DIR = join(sep, "var", "lib", "bunkerweb", "letsencrypt")
LETS_ENCRYPT_LOGS_DIR = join(sep, "var", "log", "bunkerweb")
@ -54,7 +54,7 @@ try:
"renew",
"--no-random-sleep-on-renew",
"--config-dir",
LETS_ENCRYPT_PATH.joinpath("etc").as_posix(),
DATA_PATH.as_posix(),
"--work-dir",
LETS_ENCRYPT_WORK_DIR,
"--logs-dir",
@ -75,8 +75,8 @@ try:
LOGGER.error("Certificates renewal failed")
# Save Let's Encrypt data to db cache
if LETS_ENCRYPT_PATH.is_dir() and list(LETS_ENCRYPT_PATH.iterdir()):
cached, err = JOB.cache_dir(LETS_ENCRYPT_PATH)
if DATA_PATH.is_dir() and list(DATA_PATH.iterdir()):
cached, err = JOB.cache_dir(DATA_PATH)
if not cached:
LOGGER.error(f"Error while saving Let's Encrypt data to db cache : {err}")
else:

22
src/common/db/Database.py
View file

@ -962,7 +962,21 @@ class Database:
def save_custom_configs(
self,
custom_configs: List[Dict[str, Union[str, bytes, Tuple[str, List[str]]]]],
custom_configs: List[
Dict[
Literal[
"service_id",
"type",
"name",
"data",
"value",
"checksum",
"method",
"exploded",
],
Union[str, bytes, List[str]],
]
],
method: str,
changed: Optional[bool] = True,
) -> str:
@ -976,11 +990,7 @@ class Database:
endl = "\n"
for custom_config in custom_configs:
if method != "ui":
config = {
"data": custom_config["value"],
"method": method,
}
assert isinstance(custom_config["exploded"], tuple) and len(custom_config["exploded"]) == 3, "Invalid exploded custom config"
config = {"data": custom_config["value"], "method": method}
if custom_config["exploded"][0]:
if not session.query(Services).with_entities(Services.id).filter_by(id=custom_config["exploded"][0]).first():

28
src/ui/main.py
View file

@ -818,22 +818,19 @@ def instances():
):
return redirect_flash_error("Missing operation parameter on /instances.", "instances")
app.config["RELOADING"] = True
app.config["LAST_RELOAD"] = time()
Thread(
target=manage_bunkerweb,
name="Reloading instances",
args=("instances", request.form["INSTANCE_ID"]),
kwargs={"operation": request.form["operation"]},
).start()
manage_bunkerweb("instances", request.form["INSTANCE_ID"], operation=request.form["operation"])
return redirect(
url_for(
"loading",
next=url_for("instances"),
message=(f"{request.form['operation'].title()}ing" if request.form["operation"] != "stop" else "Stopping") + " instance",
)
)
for f in app.config["TO_FLASH"]:
if f["type"] == "error":
flash(f["content"], "error")
else:
flash(f["content"])
app.config["TO_FLASH"].clear()
sleep(3)
return redirect(url_for("instances"))
# Display instances
instances = app.config["INSTANCES"].get_instances()
@ -1584,7 +1581,6 @@ def custom_plugin(plugin: str):
# Get prerender from action.py
pre_render = run_action(plugin, "pre_render")
return render_template(
Environment(loader=FileSystemLoader(join(sep, "usr", "share", "bunkerweb", "ui", "templates") + "/")).from_string(page.decode("utf-8")),
username=current_user.get_id(),

2
src/ui/static/css/dashboard.css
View file

File diff suppressed because one or more lines are too long

38
src/ui/styles.css
View file

@ -230,16 +230,44 @@
/*--------------- END HOME PAGE ----------------*/
/*---------------------------------------------*/
/*---------------------------------------------*/
/*--------------- CARD------------------------*/
/*---------------------------------------------*/
.card-detail-container {
@apply grid grid-cols-1 gap-2 mt-4 mb-6 ml-1;
}
.card-detail-item {
@apply flex flex-col items-center sm:flex-row col-span-1 py-1 sm:py-0;
}
.card-detail-item-title {
@apply transition duration-300 ease-in-out font-bold mb-0 font-sans text-sm leading-normal uppercase dark:text-gray-500;
}
.card-detail-item-subtitle {
@apply break-all transition duration-300 ease-in-out pl-2 col-span-1 mb-0 font-sans text-sm font-semibold leading-normal uppercase dark:text-gray-100;
}
/*---------------------------------------------*/
/*--------------- END CARD --------------------*/
/*---------------------------------------------*/
/*---------------------------------------------*/
/*--------------- CORE PLUGINS ----------------*/
/*---------------------------------------------*/
.core-layout {
@apply col-span-12 grid grid-cols-12 gap-4;
@apply col-span-12 grid grid-cols-12;
}
.core-card {
@apply h-fit transition hover:scale-102 col-span-12 md:col-span-6 2xl:col-span-4 3xl:col-span-3 p-4 relative min-w-0 break-words dark:brightness-110 bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border;
@apply ml-2 mr-2 mb-2 mt-2 h-fit transition hover:scale-102 col-span-12 md:col-span-6 2xl:col-span-4 3xl:col-span-3 p-4 relative min-w-0 break-words dark:brightness-110 bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border;
}
.core-card-lg {
@apply ml-2 mr-2 mb-2 mt-2 h-fit transition hover:scale-102 col-span-12 md:col-span-6 p-4 relative min-w-0 break-words dark:brightness-110 bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border;
}
.core-card-wrap {
@ -279,7 +307,7 @@
}
.core-card-status {
@apply col-span-12 md:col-span-6 2xl:col-span-3 3xl:col-span-2 w-fit h-fit transition hover:scale-102 p-4 relative min-w-0 break-words dark:brightness-110 bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border;
@apply ml-2 mr-2 mb-2 mt-2 col-span-12 md:col-span-6 2xl:col-span-3 3xl:col-span-2 w-fit h-fit transition hover:scale-102 p-4 relative min-w-0 break-words dark:brightness-110 bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border;
}
.core-card-status-container {
@ -311,7 +339,7 @@
}
.core-card-list {
@apply h-fit content-start col-span-12 md:col-span-6 w-full overflow-hidden grid grid-cols-12 max-h-100 sm:max-h-125 col-span-12 p-4 relative break-words dark:brightness-110 bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border;
@apply ml-2 mr-2 mb-2 mt-2 h-fit content-start md:col-span-6 overflow-hidden grid grid-cols-12 max-h-100 sm:max-h-125 col-span-12 p-4 relative break-words dark:brightness-110 bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border;
}
.w-small.core-card-list {
@ -367,7 +395,7 @@
}
.core-card-metrics {
@apply h-fit sm:max-h-28 hover:scale-102 transition col-span-12 md:col-span-6 2xl:col-span-4 flex p-4 justify-between w-full shadow-md break-words dark:brightness-110 bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border;
@apply ml-2 mr-2 mb-2 mt-2 h-fit sm:max-h-28 hover:scale-102 transition col-span-12 md:col-span-6 2xl:col-span-4 flex p-4 justify-between break-words dark:brightness-110 bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border;
}
.core-card-metrics-name {

11
src/ui/templates/bans.html vendored
View file

@ -47,16 +47,21 @@
] %}
<div class="{% if bans|length == 0 %}hidden{% endif %} h-fit col-span-12 md:col-span-4 3xl:col-span-3 p-4 relative min-w-0 break-words bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border">
<h5 class="mb-2 font-bold dark:text-white/90">INFO</h5>
<div role="grid" class="card-detail-container">
{% for info in bans_info %}
<div class="mx-1 flex items-center my-4">
<p class="transition duration-300 ease-in-out font-bold mb-0 font-sans text-sm leading-normal uppercase dark:text-gray-500 ">
<div role="row"
class="card-detail-item">
<p role="gridcell"
class="card-detail-item-title">
{{ info['name'] }}
</p>
<p class="transition duration-300 ease-in-out pl-2 col-span-1 mb-0 font-sans text-sm font-semibold leading-normal uppercase dark:text-gray-200">
<p role="gridcell"
class="card-detail-item-subtitle">
{{ info['data'] }}
</p>
</div>
{% endfor %}
</div>
</div>
<!-- end info -->
<!-- filter -->

21
src/ui/templates/configs.html vendored
View file

@ -14,17 +14,22 @@
] %}
<div class="h-fit col-span-12 md:col-span-4 3xl:col-span-3 p-4 relative min-w-0 break-words bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border">
<h5 class="mb-2 font-bold dark:text-white/90">INFO</h5>
<div role="grid" class="card-detail-container">
{% for info in configs_info %}
<div class="mx-1 flex items-center my-4">
<p class="transition duration-300 ease-in-out font-bold mb-0 font-sans text-sm leading-normal uppercase dark:text-gray-500 ">
{{ info['name'] }}
</p>
<p data-info-{{ info['id'] }} class="transition duration-300 ease-in-out pl-2 col-span-1 mb-0 font-sans text-sm font-semibold leading-normal uppercase dark:text-gray-200">
{{ info['data'] }}
</p>
</div>
<div role="row"
class="card-detail-item">
<p role="gridcell"
class="card-detail-item-title">
{{ info['name'] }}
</p>
<p data-info-{{ info['id'] }} role="gridcell"
class="card-detail-item-subtitle">
{{ info['data'] }}
</p>
</div>
{% endfor %}
</div>
</div>
<!-- end info -->
<!-- filter -->
{% set filters = [

8
src/ui/templates/instances.html vendored
View file

@ -23,18 +23,18 @@
</div>
<!-- end state and title-->
<!-- detail list -->
<div role="grid" class="grid grid-cols-1 gap-2 mt-4 mb-6 ml-1">
<div role="grid" class="card-detail-container">
{% set instance_details = [{"name" : "TYPE", "value" : instance['_type']},{"name" : "HOSTNAME", "value" : instance['hostname']}] %}
<!-- detail -->
{% for detail in instance_details %}
<div role="row"
class="flex flex-col items-center sm:flex-row col-span-1 py-1 sm:py-0">
class="card-detail-item">
<p role="gridcell"
class="transition duration-300 ease-in-out font-bold mb-0 font-sans text-sm leading-normal uppercase dark:text-gray-500">
class="card-detail-item-title">
{{ detail['name'] }}
</p>
<p role="gridcell"
class="transition duration-300 ease-in-out pl-2 col-span-1 mb-0 font-sans text-sm font-semibold leading-normal uppercase dark:text-gray-100">
class="card-detail-item-subtitle">
{{ detail['value'] }}
</p>
</div>

11
src/ui/templates/jobs.html vendored
View file

@ -13,16 +13,21 @@
] %}
<div class="h-fit col-span-12 md:col-span-4 3xl:col-span-3 p-4 relative min-w-0 break-words bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border">
<h5 class="mb-2 font-bold dark:text-white/90">INFO</h5>
<div role="grid" class="card-detail-container">
{% for info in jobs_info %}
<div class="mx-1 flex items-center my-4">
<p class="transition duration-300 ease-in-out font-bold mb-0 font-sans text-sm leading-normal uppercase dark:text-gray-500 ">
<div role="row"
class="card-detail-item">
<p role="gridcell"
class="card-detail-item-title">
{{ info['name'] }}
</p>
<p class="transition duration-300 ease-in-out pl-2 col-span-1 mb-0 font-sans text-sm font-semibold leading-normal uppercase dark:text-gray-200">
<p role="gridcell"
class="card-detail-item-subtitle">
{{ info['data'] }}
</p>
</div>
{% endfor %}
</div>
</div>
<!-- end info -->
<!-- filter -->

14
src/ui/templates/plugins.html vendored
View file

@ -11,16 +11,22 @@
] %}
<div class="h-fit p-4 col-span-12 md:col-span-5 2xl:col-span-4 relative min-w-0 break-words bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border">
<h5 class="col-span-12 mb-4 font-bold dark:text-white/90">INFO</h5>
<div role="grid" class="card-detail-container">
{% for info in plugins_info %}
<div class="mx-1 flex items-center my-4">
<p class="transition duration-300 ease-in-out font-bold mb-0 font-sans text-sm leading-normal uppercase dark:text-gray-500 ">
<div role="row"
class="card-detail-item">
<p role="gridcell"
class="card-detail-item-title">
{{ info['name'] }}
</p>
<p class="transition duration-300 ease-in-out pl-2 col-span-1 mb-0 font-sans text-sm font-semibold leading-normal uppercase dark:text-gray-200">
<p role="gridcell"
class="card-detail-item-subtitle">
{{ info['data'] }}
</p>
</div>
{% endfor %}
{% endfor %}
</div>
</div>
<!-- end info -->
<!-- upload layout -->

13
src/ui/templates/reports.html vendored
View file

@ -40,16 +40,21 @@
] %}
<div class=" h-fit col-span-12 md:col-span-4 3xl:col-span-3 p-4 relative min-w-0 break-words bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border">
<h5 class="mb-2 font-bold dark:text-white/90">INFO</h5>
<div role="grid" class="card-detail-container">
{% for info in reports_info %}
<div class="mx-1 flex items-center my-4">
<p class="transition duration-300 ease-in-out font-bold mb-0 font-sans text-sm leading-normal uppercase dark:text-gray-500 ">
<div role="row"
class="card-detail-item">
<p role="gridcell"
class="card-detail-item-title">
{{ info['name'] }}
</p>
<p class="transition duration-300 ease-in-out pl-2 col-span-1 mb-0 font-sans text-sm font-semibold leading-normal uppercase dark:text-gray-200">
<p role="gridcell"
class="card-detail-item-subtitle">
{{ info['data'] }}
</p>
</div>
{% endfor %}
{% endfor %}
</div>
</div>
<!-- end info -->
<!-- filter -->

15
src/ui/templates/services.html vendored
View file

@ -46,16 +46,21 @@
] %}
<div class="h-fit col-span-12 md:col-span-4 3xl:col-span-3 p-4 relative min-w-0 break-words bg-white shadow-xl dark:bg-slate-850 dark:shadow-dark-xl rounded-2xl bg-clip-border">
<h5 class="mb-2 font-bold dark:text-white/90">INFO</h5>
{% for info in services_info %}
<div class="mx-1 flex items-center my-4">
<p class="transition duration-300 ease-in-out font-bold mb-0 font-sans text-sm leading-normal uppercase dark:text-gray-500 ">
<div role="grid" class="card-detail-container">
{% for info in services_info %}
<div role="row"
class="card-detail-item">
<p role="gridcell"
class="card-detail-item-title">
{{ info['name'] }}
</p>
<p class="transition duration-300 ease-in-out pl-2 col-span-1 mb-0 font-sans text-sm font-semibold leading-normal uppercase dark:text-gray-200">
<p role="gridcell"
class="card-detail-item-subtitle">
{{ info['data'] }}
</p>
</div>
{% endfor %}
{% endfor %}
</div>
</div>
<!-- end info -->
<!-- filter -->

40
tests/ui/instances_page.py
View file

@ -1,11 +1,11 @@
from logging import info as log_info, exception as log_exception, warning as log_warning
from selenium.webdriver.common.by import By
from selenium.common.exceptions import TimeoutException
from selenium.common.exceptions import TimeoutException, WebDriverException
from wizard import DRIVER
from base import TEST_TYPE
from utils import access_page, assert_alert_message, safe_get_element, wait_for_service
from utils import access_page, assert_button_click, safe_get_element, wait_for_service
exit_code = 0
@ -27,15 +27,13 @@ try:
try:
access_page(DRIVER, f"//form[starts-with(@id, 'form-instance-')]//button[@value='{action}']", "instances", False)
log_info(f"Instance was {action}ed successfully, checking the message ...")
assert_alert_message(DRIVER, f"has been {action}ed")
log_info(f"Instance was {action}ed successfully ...")
no_errors = False
except:
if retries >= 3:
exit(1)
retries += 1
log_warning("Message list doesn't contain the expected message or is empty, retrying...")
log_warning("Error while reloading, retrying...")
if TEST_TYPE == "linux":
wait_for_service()
@ -43,29 +41,15 @@ try:
log_info("Trying to stop instance ...")
action = "stop"
while no_errors:
log_info(f"Trying to {action} BunkerWeb instance ...")
log_info(f"Trying to {action} BunkerWeb instance ...")
try:
form = safe_get_element(DRIVER, By.XPATH, "//form[starts-with(@id, 'form-instance-')]")
except TimeoutException:
log_exception("No instance form found, exiting ...")
exit(1)
try:
access_page(DRIVER, f"//form[starts-with(@id, 'form-instance-')]//button[@value='{action}']", "instances", False)
log_info(f"Instance was {action}ed successfully, checking the message ...")
assert_alert_message(DRIVER, f"has been {action}ed")
no_errors = False
except:
if retries >= 3:
exit(1)
retries += 1
log_warning("Message list doesn't contain the expected message or is empty, retrying...")
if TEST_TYPE == "linux":
wait_for_service()
try:
assert_button_click(DRIVER, f"//form[starts-with(@id, 'form-instance-')]//button[@value='{action}']")
safe_get_element(DRIVER, By.XPATH, "//form[starts-with(@id, 'form-instance-')]")
log_exception("Instance was not stopped successfully, exiting ...")
exit(1)
except (TimeoutException, WebDriverException):
log_info(f"Instance was {action}ed successfully ...")
log_info("✅ Instances page tests finished successfully")
except SystemExit as e: