From 5a8f812560835824b6b9b2eff424e55074bcbec9 Mon Sep 17 00:00:00 2001 From: TheophileDiot Date: Mon, 14 Nov 2022 17:31:21 +0100 Subject: [PATCH] Merge branch 'dev' (softly) --- src/autoconf/DockerController.py | 30 +++---- src/autoconf/Dockerfile | 2 +- src/autoconf/IngressController.py | 20 +++-- src/autoconf/SwarmController.py | 29 +++---- src/bw/Dockerfile | 2 +- src/bw/lua/api.lua | 38 ++++++++ src/bw/lua/datastore.lua | 10 ++- src/common/cli/CLI.py | 15 ++++ src/common/cli/main.py | 19 +++- .../core/bunkernet/jobs/bunkernet-data.py | 2 +- .../core/bunkernet/jobs/bunkernet-register.py | 18 ++-- .../core/letsencrypt/jobs/certbot-deploy.py | 5 +- .../core/letsencrypt/jobs/certbot-renew.py | 10 --- src/common/utils/ApiCaller.py | 5 +- src/linux/Dockerfile-fedora | 1 - src/linux/Dockerfile-rhel | 87 +++++++++++++++++++ src/linux/bunkerweb.service | 1 + src/linux/fpm-rhel | 13 +++ src/scheduler/Dockerfile | 2 +- src/ui/Dockerfile | 2 +- src/ui/src/Config.py | 4 +- 21 files changed, 244 insertions(+), 71 deletions(-) create mode 100644 src/linux/Dockerfile-rhel create mode 100644 src/linux/fpm-rhel diff --git a/src/autoconf/DockerController.py b/src/autoconf/DockerController.py index 232dd07bd..e5d7911fb 100644 --- a/src/autoconf/DockerController.py +++ b/src/autoconf/DockerController.py @@ -111,23 +111,21 @@ class DockerController(Controller, ConfigCaller): return ret def process_events(self): - for event in self.__client.events(decode=True, filters={"type": "container"}): - self._instances = self.get_instances() - self._services = self.get_services() - self._configs = self.get_configs() - if not self._config.update_needed( - self._instances, self._services, configs=self._configs - ): - continue - self.__logger.info( - "Catched docker event, deploying new configuration ...", - ) + for _ in self.__client.events(decode=True, filters={"type": "container"}): try: + self._instances = self.get_instances() + self._services = self.get_services() + self._configs = self.get_configs() + if not self._config.update_needed( + self._instances, self._services, configs=self._configs + ): + continue + self.__logger.info( + "Catched Docker event, deploying new configuration ..." + ) ret = self.apply_config() if not ret: - self.__logger.error( - "Error while deploying new configuration", - ) + self.__logger.error("Error while deploying new configuration") else: self.__logger.info( "Successfully deployed new configuration 🚀", @@ -136,10 +134,10 @@ class DockerController(Controller, ConfigCaller): if not self._config._db.is_autoconf_loaded(): ret = self._config._db.set_autoconf_load(True) if ret: - self.__logger.error( + self.__logger.warning( f"Can't set autoconf loaded metadata to true in database: {ret}", ) except: self.__logger.error( - f"Exception while deploying new configuration :\n{format_exc()}", + f"Exception while processing events :\n{format_exc()}" ) diff --git a/src/autoconf/Dockerfile b/src/autoconf/Dockerfile index e20bbae1b..6c22b03d3 100644 --- a/src/autoconf/Dockerfile +++ b/src/autoconf/Dockerfile @@ -39,7 +39,7 @@ RUN apk add --no-cache bash && \ chown root:nginx /usr/bin/bwcli # Fix CVEs -RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" +RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" VOLUME /data /etc/nginx diff --git a/src/autoconf/IngressController.py b/src/autoconf/IngressController.py index e6ad785ba..e0692725c 100644 --- a/src/autoconf/IngressController.py +++ b/src/autoconf/IngressController.py @@ -1,4 +1,5 @@ from os import getenv +from time import sleep from traceback import format_exc from kubernetes import client, config, watch from kubernetes.client.exceptions import ApiException @@ -224,8 +225,9 @@ class IngressController(Controller, ConfigCaller): raise Exception(f"unsupported watch_type {watch_type}") while True: locked = False + error = False try: - for event in w.stream(what): + for _ in w.stream(what): self.__internal_lock.acquire() locked = True self._instances = self.get_instances() @@ -246,6 +248,7 @@ class IngressController(Controller, ConfigCaller): self.__logger.error( "Error while deploying new configuration ...", ) + error = True else: self.__logger.info( "Successfully deployed new configuration 🚀", @@ -254,28 +257,33 @@ class IngressController(Controller, ConfigCaller): if not self._config._db.is_autoconf_loaded(): ret = self._config._db.set_autoconf_load(True) if ret: - self.__logger.error( + self.__logger.warning( f"Can't set autoconf loaded metadata to true in database: {ret}", ) except: self.__logger.error( f"Exception while deploying new configuration :\n{format_exc()}", ) - self.__internal_lock.release() - locked = False + error = True except ApiException as e: if e.status != 410: self.__logger.error( f"Exception while reading k8s event (type = {watch_type}) :\n{format_exc()}", ) sys_exit(1) - if locked: - self.__internal_lock.release() except: self.__logger.error( f"Unknown exception while reading k8s event (type = {watch_type}) :\n{format_exc()}", ) sys_exit(2) + finally : + if locked: + self.__internal_lock.release() + locked = False + + if error is True: + self.__logger.warning("Got exception, retrying in 10 seconds ...") + sleep(10) def apply_config(self): ret = self._config.apply(self._instances, self._services, configs=self._configs) diff --git a/src/autoconf/SwarmController.py b/src/autoconf/SwarmController.py index 1dc928e60..d36375b26 100644 --- a/src/autoconf/SwarmController.py +++ b/src/autoconf/SwarmController.py @@ -110,23 +110,20 @@ class SwarmController(Controller, ConfigCaller): def __event(self, event_type): for event in self.__client.events(decode=True, filters={"type": event_type}): self.__internal_lock.acquire() - self._instances = self.get_instances() - self._services = self.get_services() - self._configs = self.get_configs() - if not self._config.update_needed( - self._instances, self._services, configs=self._configs - ): - self.__internal_lock.release() - continue - self.__logger.info( - "Catched Swarm event, deploying new configuration ...", - ) try: + self._instances = self.get_instances() + self._services = self.get_services() + self._configs = self.get_configs() + if not self._config.update_needed( + self._instances, self._services, configs=self._configs + ): + continue + self.__logger.info( + "Catched Swarm event, deploying new configuration ..." + ) ret = self.apply_config() if not ret: - self.__logger.error( - "Error while deploying new configuration ...", - ) + self.__logger.error("Error while deploying new configuration") else: self.__logger.info( "Successfully deployed new configuration 🚀", @@ -135,12 +132,12 @@ class SwarmController(Controller, ConfigCaller): if not self._config._db.is_autoconf_loaded(): ret = self._config._db.set_autoconf_load(True) if ret: - self.__logger.error( + self.__logger.warning( f"Can't set autoconf loaded metadata to true in database: {ret}", ) except: self.__logger.error( - f"Exception while deploying new configuration :\n{format_exc()}", + f"Exception while processing events :\n{format_exc()}" ) self.__internal_lock.release() diff --git a/src/bw/Dockerfile b/src/bw/Dockerfile index 478ff5c94..d79d870af 100644 --- a/src/bw/Dockerfile +++ b/src/bw/Dockerfile @@ -75,7 +75,7 @@ RUN apk add --no-cache bash python3 && \ chmod 660 /usr/share/bunkerweb/INTEGRATION # Fix CVEs -RUN apk add "freetype>=2.10.4-r3" "curl>=7.79.1-r2" "libcurl>=7.79.1-r2" "openssl>=1.1.1q-r0" "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" +RUN apk add "freetype>=2.10.4-r3" "curl>=7.79.1-r2" "libcurl>=7.79.1-r2" "openssl>=1.1.1q-r0" "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" VOLUME /data /etc/nginx diff --git a/src/bw/lua/api.lua b/src/bw/lua/api.lua index 145d1e617..68bce8d72 100644 --- a/src/bw/lua/api.lua +++ b/src/bw/lua/api.lua @@ -103,6 +103,44 @@ api.global.POST["^/unban$"] = function(api) return api:response(ngx.HTTP_OK, "success", "ip " .. ip["ip"] .. " unbanned") end +api.global.POST["^/ban$"] = function(api) + ngx.req.read_body() + local data = ngx.req.get_body_data() + if not data then + local data_file = ngx.req.get_body_file() + if data_file then + local file = io.open(data_file) + data = file:read("*a") + file:close() + end + end + local ok, ip = pcall(cjson.decode, data) + if not ok then + return api:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't decode JSON : " .. env) + end + datastore:set("bans_ip_" .. ip["ip"], "manual", ip["exp"]) + return api:response(ngx.HTTP_OK, "success", "ip " .. ip["ip"] .. " banned") +end + +api.global.GET["^/bans$"] = function(api) + local data = {} + for i, k in ipairs(datastore:keys()) do + if k:find("^bans_ip_") then + local ret, reason = datastore:get(k) + if not ret then + return api:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't access " .. k .. " from datastore : " + reason) + end + local ret, exp = datastore:exp(k) + if not ret then + return api:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't access exp " .. k .. " from datastore : " + exp) + end + local ban = { ip = k:sub(9, #k), reason = reason, exp = exp } + table.insert(data, ban) + end + end + return api:response(ngx.HTTP_OK, "success", data) +end + api.is_allowed_ip = function(self) local data, err = datastore:get("api_whitelist_ip") if not data then diff --git a/src/bw/lua/datastore.lua b/src/bw/lua/datastore.lua index c623a8f17..f983b129f 100644 --- a/src/bw/lua/datastore.lua +++ b/src/bw/lua/datastore.lua @@ -1,4 +1,4 @@ -local datastore = {dict = ngx.shared.datastore } +local datastore = { dict = ngx.shared.datastore } datastore.get = function(self, key) local value, err = self.dict:get(key) @@ -22,6 +22,14 @@ datastore.delete = function(self, key) return true, "success" end +datastore.exp = function(self, key) + local ttl, err = self.dict:ttl(key) + if not ttl then + return false, err + end + return true, ttl +end + datastore.delete_all = function(self, pattern) local keys = self.dict:get_keys(0) for i, key in ipairs(keys) do diff --git a/src/common/cli/CLI.py b/src/common/cli/CLI.py index 895026362..314504349 100644 --- a/src/common/cli/CLI.py +++ b/src/common/cli/CLI.py @@ -117,3 +117,18 @@ class CLI(ApiCaller): if self._send_to_apis("POST", "/unban", data={"ip": ip}): return True, f"IP {ip} has been unbanned" return False, "error" + + def ban(self, ip, exp): + if self._send_to_apis("POST", "/ban", data={"ip": ip, "exp": exp}): + return True, f"IP {ip} has been banned" + return False, "error" + + def bans(self): + ret, resp = self._send_to_apis("GET", "/bans", response=True) + if ret: + bans = resp["bans"] + cli_str = "List of bans :\n" + for ban in bans: + cli_str += f"- {ban['ip']} for {ban['exp']}s : {ban['reason']}\n" + return True, cli_str + return False, "error" diff --git a/src/common/cli/main.py b/src/common/cli/main.py index 8d12e7848..4328fbc1e 100644 --- a/src/common/cli/main.py +++ b/src/common/cli/main.py @@ -27,6 +27,19 @@ if __name__ == "__main__": ) parser_unban.add_argument("ip", type=str, help="IP address to unban") + # Ban subparser + parser_ban = subparsers.add_parser("ban", help="add a ban to the cache") + parser_ban.add_argument("ip", type=str, help="IP address to ban") + parser_ban.add_argument( + "exp", + type=int, + help="banning time in seconds (default : 86400)", + default=86400, + ) + + # Bans subparser + parser_bans = subparsers.add_parser("bans", help="list current bans") + # Parse args args = parser.parse_args() @@ -37,6 +50,10 @@ if __name__ == "__main__": ret, err = False, "unknown command" if args.command == "unban": ret, err = cli.unban(args.ip) + elif args.command == "ban": + ret, err = cli.ban(args.ip, args.exp) + elif args.command == "bans": + ret, err = cli.bans() if not ret: logger.error(f"CLI command status : ❌ (fail)\n{err}") @@ -50,5 +67,3 @@ if __name__ == "__main__": except: logger.error(f"Error while executing bwcli :\n{format_exc()}") sys_exit(1) - - sys_exit(0) diff --git a/src/common/core/bunkernet/jobs/bunkernet-data.py b/src/common/core/bunkernet/jobs/bunkernet-data.py index e6c3e6cfb..8c2b96038 100755 --- a/src/common/core/bunkernet/jobs/bunkernet-data.py +++ b/src/common/core/bunkernet/jobs/bunkernet-data.py @@ -113,7 +113,7 @@ try: checksum=new_hash, ) if err: - logger.warning(f"Couldn't update db cache: {err}") + logger.warning(f"Couldn't update db ip.list cache: {err}") logger.info("Successfully saved BunkerNet data") diff --git a/src/common/core/bunkernet/jobs/bunkernet-register.py b/src/common/core/bunkernet/jobs/bunkernet-register.py index ca7167a54..78fa25750 100755 --- a/src/common/core/bunkernet/jobs/bunkernet-register.py +++ b/src/common/core/bunkernet/jobs/bunkernet-register.py @@ -117,15 +117,15 @@ try: with open("/var/cache/bunkerweb/bunkernet/instance.id", "w") as f: f.write(bunkernet_id) - # Update db - err = db.update_job_cache( - "bunkernet-register", - None, - "instance.id", - f"{bunkernet_id}".encode("utf-8"), - ) - if err: - logger.warning(f"Couldn't update db cache: {err}") + # Update db + err = db.update_job_cache( + "bunkernet-register", + None, + "instance.id", + f"{bunkernet_id}".encode("utf-8"), + ) + if err: + logger.warning(f"Couldn't update db cache: {err}") else: logger.error("Connectivity with BunkerWeb failed ...") status = 2 diff --git a/src/common/core/letsencrypt/jobs/certbot-deploy.py b/src/common/core/letsencrypt/jobs/certbot-deploy.py index 41218c966..3d2b6305f 100755 --- a/src/common/core/letsencrypt/jobs/certbot-deploy.py +++ b/src/common/core/letsencrypt/jobs/certbot-deploy.py @@ -1,10 +1,9 @@ #!/usr/bin/python3 -from asyncio import run from io import BytesIO from os import environ, getenv from os.path import exists -from subprocess import DEVNULL, STDOUT +from subprocess import run, DEVNULL, STDOUT from sys import exit as sys_exit, path as sys_path from tarfile import open as tar_open from traceback import format_exc @@ -34,6 +33,8 @@ try: with open("/usr/share/bunkerweb/INTEGRATION", "r") as f: bw_integration = f.read().strip() token = getenv("CERTBOT_TOKEN") + + logger.info(f"Certificates renewal for {getenv('RENEWED_DOMAINS')} successful") # Cluster case if bw_integration in ("Swarm", "Kubernetes", "Autoconf"): diff --git a/src/common/core/letsencrypt/jobs/certbot-renew.py b/src/common/core/letsencrypt/jobs/certbot-renew.py index 237bc8a2c..9e7951f1e 100755 --- a/src/common/core/letsencrypt/jobs/certbot-renew.py +++ b/src/common/core/letsencrypt/jobs/certbot-renew.py @@ -28,7 +28,6 @@ logger = setup_logger("LETS-ENCRYPT", getenv("LOG_LEVEL", "INFO")) status = 0 try: - if getenv("MULTISITE") == "yes": for first_server in getenv("SERVER_NAME").split(" "): if first_server == "": @@ -46,11 +45,6 @@ try: logger.error( f"Certificates renewal for {first_server} failed", ) - else: - logger.info( - f"Certificates renewal for {first_server} successful", - ) - elif getenv("AUTO_LETS_ENCRYPT") == "yes" and getenv("SERVER_NAME") != "": first_server = getenv("SERVER_NAME").split(" ")[0] if exists(f"/etc/letsencrypt/live/{first_server}/cert.pem"): @@ -60,10 +54,6 @@ try: logger.error( f"Certificates renewal for {first_server} failed", ) - else: - logger.info( - f"Certificates renewal for {first_server} successful", - ) except: status = 2 diff --git a/src/common/utils/ApiCaller.py b/src/common/utils/ApiCaller.py index eaf8698f2..a359bf3ad 100644 --- a/src/common/utils/ApiCaller.py +++ b/src/common/utils/ApiCaller.py @@ -100,7 +100,7 @@ class ApiCaller: def _get_apis(self): return self.__apis - def _send_to_apis(self, method, url, files=None, data=None): + def _send_to_apis(self, method, url, files=None, data=None, response=False): ret = True for api in self.__apis: if files is not None: @@ -122,6 +122,9 @@ class ApiCaller: self.__logger.info( f"Successfully sent API request to {api.get_endpoint()}{url}", ) + + if response: + return ret, resp.json() return ret def _send_files(self, path, url): diff --git a/src/linux/Dockerfile-fedora b/src/linux/Dockerfile-fedora index 52f609f91..6e0ace85c 100644 --- a/src/linux/Dockerfile-fedora +++ b/src/linux/Dockerfile-fedora @@ -56,7 +56,6 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \ mkdir /var/cache/bunkerweb/ && \ mkdir /etc/bunkerweb/plugins && \ mkdir /var/tmp/bunkerweb/ && \ - #mkdir /var/www/html && \ echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \ find /usr/share/bunkerweb -path /usr/share/bunkerweb/deps -prune -o -type f -exec chmod 0740 {} \; && \ find /usr/share/bunkerweb -path /usr/share/bunkerweb/deps -prune -o -type d -exec chmod 0750 {} \; && \ diff --git a/src/linux/Dockerfile-rhel b/src/linux/Dockerfile-rhel new file mode 100644 index 000000000..b8ebc0f35 --- /dev/null +++ b/src/linux/Dockerfile-rhel @@ -0,0 +1,87 @@ +FROM redhat/ubi8:8.6 + +ENV OS=rhel +ENV NGINX_VERSION 1.20.2 + +# RHEL subscription +RUN subscription-manager register --username=username --password=password --auto-attach + +# Install fpm +RUN dnf install -y ruby ruby-devel make gcc redhat-rpm-config rpm-build wget && \ + wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ + rpm -Uvh epel-release*rpm && \ + dnf module -y reset ruby && dnf module -y enable ruby:2.6 && dnf module -y install ruby:2.6/common && \ + gem install fpm + +# Nginx +COPY linux/nginx.repo /etc/yum.repos.d/nginx.repo +RUN dnf install yum-utils -y && \ + dnf install nginx-1.20.2 -y + +# Copy dependencies sources folder +COPY src/common/deps /tmp/bunkerweb/deps +COPY src/scheduler/requirements.txt /tmp/req/requirements.txt +COPY src/ui/requirements.txt /tmp/req/requirements.txt.1 +COPY src/common/gen/requirements.txt /tmp/req/requirements.txt.2 +COPY src/common/db/requirements.txt /tmp/req/requirements.txt.3 + +RUN mkdir -p /usr/share/bunkerweb/deps && \ + cat /tmp/req/requirements.txt /tmp/req/requirements.txt.1 /tmp/req/requirements.txt.2 /tmp/req/requirements.txt.3 > /tmp/bunkerweb/deps/requirements.txt && \ + rm -rf /tmp/req + +# Compile and install dependencies +RUN dnf install -y python39-pip brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 libxslt bash gd gd-devel gcc-c++ kernel-devel curl znc-modtcl libmpc-devel gmp-devel gawk mpfr-devel libtool pcre-devel automake autoconf readline-devel gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel lmdb-libs && \ + mkdir -p /usr/share/bunkerweb/deps && \ + chmod +x /tmp/bunkerweb/deps/install.sh && \ + bash /tmp/bunkerweb/deps/install.sh && \ + mkdir /usr/share/bunkerweb/deps/python && \ + pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt + +# Copy BW files +# can't exclude deps from . so we are copying everything by hand +COPY src/bw/loading /usr/share/bunkerweb/loading +COPY src/bw/lua /usr/share/bunkerweb/lua +COPY src/bw/misc /usr/share/bunkerweb/misc +COPY src/common/api /usr/share/bunkerweb/api +COPY src/common/cli /usr/share/bunkerweb/cli +COPY src/common/confs /usr/share/bunkerweb/confs +COPY src/common/core /usr/share/bunkerweb/core +COPY src/common/db /usr/share/bunkerweb/db +COPY src/common/gen /usr/share/bunkerweb/gen +COPY src/common/helpers /usr/share/bunkerweb/helpers +COPY src/common/settings.json /usr/share/bunkerweb/settings.json +COPY src/common/utils /usr/share/bunkerweb/utils +COPY src/scheduler /usr/share/bunkerweb/scheduler +COPY src/ui /usr/share/bunkerweb/ui +COPY src/VERSION /usr/share/bunkerweb/VERSION + +# Setup BW +RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \ + chmod 755 /usr/bin/bwcli && \ + mkdir /etc/bunkerweb/configs && \ + mkdir /var/cache/bunkerweb/ && \ + mkdir /etc/bunkerweb/plugins && \ + mkdir /var/tmp/bunkerweb/ && \ + echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \ + find /usr/share/bunkerweb -path /usr/share/bunkerweb/deps -prune -o -type f -exec chmod 0740 {} \; && \ + find /usr/share/bunkerweb -path /usr/share/bunkerweb/deps -prune -o -type d -exec chmod 0750 {} \; && \ + chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ && \ + chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/ui/main.py && \ + find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \ + pip install --no-cache-dir --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/ui/deps/requirements.txt && \ + chmod 755 /usr/share/bunkerweb + +# Copy Linux files +COPY src/linux/variables.env /etc/bunkerweb/variables.env +COPY src/linux/ui.env /etc/bunkerweb/ui.env +COPY src/linux/scripts /usr/share/bunkerweb/scripts +COPY src/linux/fpm.sh /usr/share/fpm.sh +RUN chmod +x /usr/share/bunkerweb/scripts/*.sh /usr/share/fpm.sh +COPY src/linux/fpm-rhel /usr/share/.fpm +COPY src/linux/bunkerweb.service /usr/share/bunkerweb.service +COPY src/linux/bunkerweb-ui.service /usr/share/bunkerweb-ui.service + +# Generate RPM at startup +VOLUME /data +WORKDIR /usr/share/ +ENTRYPOINT ["/usr/share/fpm.sh", "rpm"] \ No newline at end of file diff --git a/src/linux/bunkerweb.service b/src/linux/bunkerweb.service index 1a9608b0e..5e598d193 100644 --- a/src/linux/bunkerweb.service +++ b/src/linux/bunkerweb.service @@ -4,6 +4,7 @@ Documentation=https://docs.bunkerweb.io After=network.target [Service] +Restart=always User=root PIDFile=/var/tmp/bunkerweb/scheduler.pid ExecStart=/usr/share/bunkerweb/scripts/start.sh start diff --git a/src/linux/fpm-rhel b/src/linux/fpm-rhel new file mode 100644 index 000000000..26452e295 --- /dev/null +++ b/src/linux/fpm-rhel @@ -0,0 +1,13 @@ +-s dir +--name bunkerweb +--license agpl3 +--version %VERSION% +--architecture x86_64 +--depends bash --depends epel-release --depends python39 --depends 'nginx = 1:1.20.2-1.el8.ngx' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends GeoIP-devel --depends file-libs --depends net-tools --depends gd --depends sudo +--description "BunkerWeb %VERSION% for Rhel 8" +--url "https://www.bunkerweb.io" +--maintainer "Bunkerity " +--after-install /usr/share/bunkerweb/scripts/postinstall.sh +--before-remove /usr/share/bunkerweb/scripts/beforeRemove.sh +--after-remove /usr/share/bunkerweb/scripts/afterRemove.sh +/usr/share/bunkerweb/=/usr/share/bunkerweb/ bunkerweb.service=/etc/systemd/system/bunkerweb.service bunkerweb-ui.service=/etc/systemd/system/bunkerweb-ui.service /usr/bin/bwcli=/usr/bin/bwcli \ No newline at end of file diff --git a/src/scheduler/Dockerfile b/src/scheduler/Dockerfile index 00626fbe5..01f403f3b 100644 --- a/src/scheduler/Dockerfile +++ b/src/scheduler/Dockerfile @@ -58,7 +58,7 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \ chmod 660 /usr/share/bunkerweb/INTEGRATION # Fix CVEs -RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" +RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" VOLUME /data /etc/nginx diff --git a/src/ui/Dockerfile b/src/ui/Dockerfile index cc30e5718..e9b2f6077 100755 --- a/src/ui/Dockerfile +++ b/src/ui/Dockerfile @@ -48,7 +48,7 @@ RUN apk add --no-cache bash file && \ chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/deps/python/bin/* # Fix CVEs -RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" +RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "libtirpc>=1.3.2-r1" "libtirpc-conf>=1.3.2-r1" "zlib>=1.2.12-r2" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" VOLUME /data /etc/nginx diff --git a/src/ui/src/Config.py b/src/ui/src/Config.py index b3bbcdb9b..5f1963340 100644 --- a/src/ui/src/Config.py +++ b/src/ui/src/Config.py @@ -24,14 +24,14 @@ class Config: self.__logger.warning( "Database is not initialized, retrying in 5s ...", ) - sleep(3) + sleep(5) env = self.__db.get_config() while not self.__db.is_first_config_saved() or not env: self.__logger.warning( "Database doesn't have any config saved yet, retrying in 5s ...", ) - sleep(3) + sleep(5) env = self.__db.get_config() self.reload_plugins()