Merge branch 'dev' into staging

2026-05-24 09:28:37 +00:00 · 2024-05-30 19:38:35 +02:00 · 2024-05-30 19:38:35 +02:00 · 50df65a2fd
commit 50df65a2fd
parent c2f504b757 0d8e689d30
8 changed files with 37 additions and 23 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,8 @@
 - [BUGFIX] Fix potential errors when upgrading from a previous version
 - [BUGFIX] Fix rare bug on the web UI when editing the SERVER_NAME setting of a service
 - [BUGFIX] Fix potential race conditions between the autoconf and the scheduler waiting for each other indefinitely
+- [BUGFIX] Fix Let's Encrypt certificate renewal when a certificate date changes by forcing the renewal
+- [BUGFIX] Fix issues with k8s integration and the save_config.py script
 - [FEATURE] Add nightly build of the OWASP coreruleset that are automatically downloaded and updated
 - [FEATURE] Enhance security on error pages, default server page and loading page by adding a custom `Content-Security-Policy` header with nonces and removing the `Server` header
 - [FEATURE] Add new DATABASE_URI_READONLY setting to allow setting up a fallback read-only database URI in case the main database URI is not available
@ -15,6 +17,8 @@
 - [UI] Force HTTPS on setup wizard
 - [UI] Fallback to self-signed certificate when UI is installed with setup wizard and let's encrypt is not used
 - [UI] Add OVERRIDE_ADMIN_CREDS environment variable to allow overriding the default admin credentials even if an admin user already exists
+- [UI] Optimize the way the UI handles the requests and the responses
+- [MISC] Update logger format and datefmt for better readability
 - [DEPS] Updated NGINX version to v1.26.0
 - [DEPS] Updated stream-lua-nginx-module version to the latest commit to incorporate the latest changes and fixes for NGINX v1.26.0
 - [DEPS] Updated coreruleset-v4 version to v4.3.0
--- a/src/autoconf/Config.py
+++ b/src/autoconf/Config.py
@ -120,7 +120,7 @@ class Config(ConfigCaller):
                        }
                    )

-        err = self.try_database_readonly()
+        err = self._try_database_readonly()
        if err:
            return False

@ -169,31 +169,31 @@ class Config(ConfigCaller):
        return success

    def _try_database_readonly(self) -> bool:
-        if not self.db.readonly:
+        if not self._db.readonly:
            try:
-                self.db.test_write()
+                self._db.test_write()
            except BaseException:
-                self.db.readonly = True
+                self._db.readonly = True
                return True

-        if self.db.database_uri and self.db.readonly:
+        if self._db.database_uri and self._db.readonly:
            try:
-                self.db.retry_connection(pool_timeout=1)
-                self.db.retry_connection(log=False)
-                self.db.readonly = False
+                self._db.retry_connection(pool_timeout=1)
+                self._db.retry_connection(log=False)
+                self._db.readonly = False
                self.__logger.info("The database is no longer read-only, defaulting to read-write mode")
            except BaseException:
                try:
-                    self.db.retry_connection(readonly=True, pool_timeout=1)
-                    self.db.retry_connection(readonly=True, log=False)
+                    self._db.retry_connection(readonly=True, pool_timeout=1)
+                    self._db.retry_connection(readonly=True, log=False)
                except BaseException:
-                    if self.db.database_uri_readonly:
+                    if self._db.database_uri_readonly:
                        with suppress(BaseException):
-                            self.db.retry_connection(fallback=True, pool_timeout=1)
-                            self.db.retry_connection(fallback=True, log=False)
-                self.db.readonly = True
+                            self._db.retry_connection(fallback=True, pool_timeout=1)
+                            self._db.retry_connection(fallback=True, log=False)
+                self._db.readonly = True

-            if self.db.readonly:
+            if self._db.readonly:
                self.__logger.error("Database is in read-only mode, configuration will not be saved")

-        return self.db.readonly
+        return self._db.readonly
--- a/src/common/db/Database.py
+++ b/src/common/db/Database.py
@ -1086,7 +1086,7 @@ class Database:

        if db_version and db_version != bunkerweb_version:
            for table_name, data in old_data.items():
-                if table_name == "bw_metadata" or not data:
+                if not data:
                    continue

                self.logger.warning(f'Restoring data for table "{table_name}"')
@ -1105,6 +1105,15 @@ class Database:

                    with self.__db_session() as session:
                        try:
+                            if table_name == "bw_metadata":
+                                existing_row = session.query(Metadata).filter_by(id=1).first()
+                                if not existing_row:
+                                    session.add(Metadata(**row))
+                                    session.commit()
+                                    continue
+                                session.query(Metadata).filter_by(id=1).update(row)
+                                continue
+
                            # Check if the row already exists in the table
                            existing_row = session.query(Base.metadata.tables[table_name]).filter_by(**row).first()
                            if not existing_row:
--- a/src/linux/Dockerfile-rhel
+++ b/src/linux/Dockerfile-rhel
@ -1,4 +1,4 @@
-FROM redhat/ubi8:8.10@sha256:a424544997de1960a93466b57d12f1f3fac62be0f4cd35482435bae305a6ca27 as builder
+FROM redhat/ubi8:8.10@sha256:f4292f415f60632a0ff9c0646c4fa859d8b2e1e88a16faa90c6decd1951aea88 as builder

 ENV OS=rhel
 ENV NGINX_VERSION 1.26.0
@ -65,7 +65,7 @@ COPY src/scheduler scheduler
 COPY src/ui ui
 COPY src/VERSION VERSION

-FROM redhat/ubi8:8.10@sha256:a424544997de1960a93466b57d12f1f3fac62be0f4cd35482435bae305a6ca27
+FROM redhat/ubi8:8.10@sha256:f4292f415f60632a0ff9c0646c4fa859d8b2e1e88a16faa90c6decd1951aea88

 # Set default umask to prevent huge recursive chmod increasing the final image size
 RUN umask 027
--- a/src/linux/Dockerfile-rhel9
+++ b/src/linux/Dockerfile-rhel9
@ -1,4 +1,4 @@
-FROM redhat/ubi9:9.4@sha256:ed84f34cd929ea6b0c247b6daef54dd79602804a32480a052951021caf429494 as builder
+FROM redhat/ubi9:9.4@sha256:d7158916ab85c7463d33f89d45d26c70d064aaa28debe219fa088b8110194663 as builder

 ENV OS=rhel
 ENV NGINX_VERSION 1.26.0
@ -68,7 +68,7 @@ COPY src/scheduler scheduler
 COPY src/ui ui
 COPY src/VERSION VERSION

-FROM redhat/ubi9:9.4@sha256:ed84f34cd929ea6b0c247b6daef54dd79602804a32480a052951021caf429494
+FROM redhat/ubi9:9.4@sha256:d7158916ab85c7463d33f89d45d26c70d064aaa28debe219fa088b8110194663

 # Set default umask to prevent huge recursive chmod increasing the final image size
 RUN umask 027
--- a/src/ui/gunicorn.conf.py
+++ b/src/ui/gunicorn.conf.py
@ -134,3 +134,4 @@ def when_ready(server):
 def on_exit(server):
    RUN_DIR.joinpath("ui.pid").unlink(missing_ok=True)
    TMP_DIR.joinpath("ui.healthy").unlink(missing_ok=True)
+    TMP_DIR.joinpath(".flask_secret").unlink(missing_ok=True)
--- a/tests/linux/Dockerfile-rhel
+++ b/tests/linux/Dockerfile-rhel
@ -1,4 +1,4 @@
-FROM redhat/ubi8-init:8.10-2@sha256:26aec3f78f127e39cb45e7eebd1dafc17071246d78dc51be4cfcb205ffc89caa
+FROM redhat/ubi8-init:8.10-2.1716501369@sha256:3c716a2207328b0f799e52ed8a9442859c7d6209028a9218d4307386ff5452df

 ENV NGINX_VERSION 1.26.0

--- a/tests/linux/Dockerfile-rhel9
+++ b/tests/linux/Dockerfile-rhel9
@ -1,4 +1,4 @@
-FROM redhat/ubi9-init:9.4-6.1714668826@sha256:dfae07a6c86c27ac5f33e1c3953906171eb4b65756d8e9817bd47d1b05854d90
+FROM redhat/ubi9-init:9.4-6.1716477011@sha256:df8e043878f3f459d6fcf3e9abce3f9f6e1526a3695bf0ac487d780e031ac8ab

 ENV NGINX_VERSION 1.26.0