Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add support for Rocky Linux 9.3

Browse source
This commit is contained in:
Théophile Diot 2024-02-05 10:44:38 +01:00
parent 09d6dc90ee
commit 6779ee14c9
No known key found for this signature in database
GPG key ID: 248FEA4BAE400D06
18 changed files with 670 additions and 123 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
.github/workflows/beta.yml vendored
View file

@ -94,7 +94,7 @@ jobs:
needs: [create-arm]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, rhel, rockylinux]
platforms: [linux/amd64, linux/arm64]
include:
- release: beta
@ -106,6 +106,8 @@ jobs:
package: rpm
- linux: rhel
package: rpm
- linux: rockylinux
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: ${{ matrix.release }}
@ -177,55 +179,46 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, rhel, rockylinux]
arch: [amd64, arm64]
include:
- release: beta
repo: bunkerweb
- linux: ubuntu
arch: arm64
package_arch: arm64
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
arch: arm64
package_arch: arm64
separator: _
suffix: ""
version: bookworm
package: deb
- linux: fedora
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 39
package: rpm
- linux: el
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
- linux: rockylinux
arch: amd64
package_arch: x86_64
- linux: el
arch: amd64
package_arch: x86_64
- linux: ubuntu
arch: arm64
package_arch: arm64
- linux: debian
arch: arm64
package_arch: arm64
- linux: fedora
arch: arm64
package_arch: aarch64
- linux: el
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 9
package: rpm
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

29
.github/workflows/dev.yml vendored
View file

@ -43,7 +43,7 @@ jobs:
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, rhel, rockylinux]
include:
- linux: ubuntu
package: deb
@ -53,6 +53,8 @@ jobs:
package: rpm
- linux: rhel
package: rpm
- linux: rockylinux
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: dev
@ -162,43 +164,46 @@ jobs:
needs: [tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
linux: [ubuntu, debian, fedora, el, rockylinux]
arch: [amd64]
include:
- release: dev
repo: bunkerweb
- linux: ubuntu
arch: arm64
package_arch: arm64
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
arch: arm64
package_arch: arm64
separator: _
suffix: ""
version: bookworm
package: deb
- linux: fedora
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 39
package: rpm
- linux: el
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
arch: amd64
package_arch: x86_64
- linux: el
- linux: rockylinux
arch: amd64
package_arch: x86_64
separator: "-"
suffix: "1."
version: 9
package: rpm
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

39
.github/workflows/release.yml vendored
View file

@ -104,7 +104,7 @@ jobs:
needs: [create-arm]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, rhel, rockylinux]
platforms: [linux/amd64, linux/arm64]
include:
- release: latest
@ -189,55 +189,46 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
linux: [ubuntu, debian, fedora, el, rockylinux]
arch: [amd64, arm64]
include:
- release: latest
repo: bunkerweb
- linux: ubuntu
arch: arm64
package_arch: arm64
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
arch: arm64
package_arch: arm64
separator: _
suffix: ""
version: bookworm
package: deb
- linux: fedora
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 39
package: rpm
- linux: el
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
- linux: rockylinux
arch: amd64
package_arch: x86_64
- linux: el
arch: amd64
package_arch: x86_64
- linux: ubuntu
arch: arm64
package_arch: arm64
- linux: debian
arch: arm64
package_arch: arm64
- linux: fedora
arch: arm64
package_arch: aarch64
- linux: el
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 9
package: rpm
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

9
.github/workflows/staging-tests.yml vendored
View file

@ -84,6 +84,9 @@ jobs:
- name: Pull BW linux rhel test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/rhel-tests:testing && docker tag ghcr.io/bunkerity/rhel-tests:testing local/rhel:latest
- name: Pull BW linux rockylinux test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/rockylinux-tests:testing && docker tag ghcr.io/bunkerity/rockylinux-tests:testing local/rockylinux:latest
# Do tests
- name: Run tests
if: inputs.TYPE == 'docker'
@ -136,3 +139,9 @@ jobs:
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
- name: Run Linux rockylinux tests
if: inputs.TYPE == 'linux'
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "rockylinux"
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}

29
.github/workflows/staging.yml vendored
View file

@ -43,7 +43,7 @@ jobs:
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, rhel, rockylinux]
include:
- linux: ubuntu
package: deb
@ -53,6 +53,8 @@ jobs:
package: rpm
- linux: rhel
package: rpm
- linux: rockylinux
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: testing
@ -197,43 +199,46 @@ jobs:
needs: [staging-tests, tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
linux: [ubuntu, debian, fedora, el, rockylinux]
arch: [amd64]
include:
- release: testing
repo: bunkerweb
- linux: ubuntu
arch: arm64
package_arch: arm64
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
arch: arm64
package_arch: arm64
separator: _
suffix: ""
version: bookworm
package: deb
- linux: fedora
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 39
package: rpm
- linux: el
arch: arm64
package_arch: aarch64
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
arch: amd64
package_arch: x86_64
- linux: el
- linux: rockylinux
arch: amd64
package_arch: x86_64
separator: "-"
suffix: "1."
version: 9
package: rpm
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

1
CHANGELOG.md
View file

@ -2,6 +2,7 @@
## v1.5.6 - YYYY/MM/DD
- [LINUX] Support Rocky Linux 9.3
- [BUGFIX] Fix issues with the antibot feature ([#866](https://github.com/bunkerity/bunkerweb/issues/866), [#870](https://github.com/bunkerity/bunkerweb/issues/870))
- [UI] Add bans management page in the web UI
- [UI] Add blocked requests page in the web UI

84
README.md
View file

@ -1,5 +1,5 @@
<p align="center">
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/misc/logo.png" height=100 width=350 />
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/misc/logo.png" height=100 width=350 />
</p>
<p align="center">
@ -26,7 +26,7 @@
&#124;
👨‍💻 <a href="https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github">Demo</a>
&#124;
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/examples">Examples</a>
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/examples">Examples</a>
&#124;
💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
&#124;
@ -42,14 +42,14 @@
# BunkerWeb
<p align="center">
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/intro-overview.svg" />
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/intro-overview.svg" />
</p>
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.6/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github).
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.6/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.6/plugins/?utm_campaign=self&utm_source=github).
## Why BunkerWeb ?
@ -74,7 +74,7 @@ A non-exhaustive list of security features :
- **Block known bad IPs** with external blacklists and DNSBL
- And much more ...
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation.
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.6/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation.
## Demo
@ -113,10 +113,10 @@ Community and social networks :
# Concepts
<p align="center">
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/concepts.svg" />
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/concepts.svg" />
</p>
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.5/concepts/?utm_campaign=self&utm_source=github).
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.6/concepts/?utm_campaign=self&utm_source=github).
## Integrations
@ -124,13 +124,13 @@ The first concept is the integration of BunkerWeb into the target environment. W
The following integrations are officially supported :
- [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker)
- [Docker autoconf](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
- [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm)
- [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes)
- [Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux)
- [Ansible](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible)
- [Vagrant](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant)
- [Docker](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker)
- [Docker autoconf](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
- [Swarm](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#swarm)
- [Kubernetes](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#kubernetes)
- [Linux](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#linux)
- [Ansible](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#ansible)
- [Vagrant](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#vagrant)
## Settings
@ -162,7 +162,7 @@ When multisite mode is enabled, BunkerWeb will serve and protect multiple web ap
## Custom configurations
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.6/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.
Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block).
@ -171,7 +171,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall
## Database
<p align="center">
<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/bunkerweb_db.svg" />
<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/bunkerweb_db.svg" />
</p>
State of the current configuration of BunkerWeb is stored in a backend database which contains the following data :
@ -200,7 +200,7 @@ In other words, the scheduler is the brain of BunkerWeb.
## Docker
<p align="center">
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-docker.svg" />
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/integration-docker.svg" />
</p>
We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity).
@ -211,46 +211,46 @@ Docker integration key concepts are :
- **Scheduler** container to store configuration and execute jobs
- **Networks** to expose ports for clients and connect to upstream web services
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.
## Docker autoconf
<p align="center">
<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-autoconf.svg" />
<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/integration-autoconf.svg" />
</p>
The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container.
Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
## Swarm
<p align="center">
<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-swarm.svg" />
<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/integration-swarm.svg" />
</p>
To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
## Kubernetes
<p align="center">
<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-kubernetes.svg" />
<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/integration-kubernetes.svg" />
</p>
The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations.
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
## Linux
<p align="center">
<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-linux.svg" />
<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/integration-linux.svg" />
</p>
List of supported Linux distros :
@ -259,15 +259,16 @@ List of supported Linux distros :
- Ubuntu 22.04 "Jammy"
- Fedora 39
- RHEL 8.9
- Rocky Linux 9.3
Repositories of Linux packages for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb), they provide a bash script to automatically add and trust the repository (but you can also follow the [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer).
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
## Ansible
<p align="center">
<img alt="Ansible banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-ansible.svg" />
<img alt="Ansible banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/integration-ansible.svg" />
</p>
List of supported Linux distros :
@ -276,12 +277,13 @@ List of supported Linux distros :
- Ubuntu 22.04 "Jammy"
- Fedora 39
- RHEL 8.9
- Rocky Linux 9.3
[Ansible](https://www.ansible.com/) is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/bunkerity/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible) of the documentation.
You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#ansible) of the documentation.
## Vagrant
@ -290,11 +292,11 @@ We maintain ready to use Vagrant boxes hosted on Vagrant cloud for the following
- virtualbox
- libvirt
You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant) of the documentation.
You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.6/integrations/?utm_campaign=self&utm_source=github#vagrant) of the documentation.
# Quickstart guide
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.5/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases :
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.6/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases :
- Protecting a single HTTP application
- Protecting multiple HTTP application
@ -305,9 +307,9 @@ Once you have setup BunkerWeb with the integration of your choice, you can follo
# Security tuning
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.6/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.6/security-tuning/?utm_campaign=self&utm_source=github) of the documentation.
# Settings
@ -317,13 +319,13 @@ As a general rule when multisite mode is enabled, if you want to apply settings
When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
Check the [settings section](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
Check the [settings section](https://docs.bunkerweb.io/1.5.6/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
# Web UI
<p align="center">
<a href="https://www.youtube.com/watch?v=Ao20SfvQyr4">
<img src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/user_interface_demo.png" height="300" />
<img src="https://github.com/bunkerity/bunkerweb/raw/v1.5.6/docs/assets/img/user_interface_demo.png" height="300" />
</a>
</p>
@ -337,7 +339,7 @@ The "Web UI" is a web application that helps you manage your BunkerWeb instance
- Monitor jobs execution
- View the logs and search pattern
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.6/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
# Plugins
@ -355,7 +357,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
| **VirusTotal** | 1.3 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.3 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.6/plugins/?utm_campaign=self&utm_source=github) of the documentation.
# Support
@ -378,15 +380,15 @@ Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues)
# License
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/LICENSE.md).
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.6/LICENSE.md).
# Contribute
If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/CONTRIBUTING.md) to get started.
If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.6/CONTRIBUTING.md) to get started.
# Security policy
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/SECURITY.md) for more information.
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.6/SECURITY.md) for more information.
# Stargazers over time

45
docs/integrations.md
View file

@ -950,6 +950,7 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch
- Ubuntu 22.04 "Jammy"
- Fedora 39
- Red Hat Enterprise Linux (RHEL) 8.9
- Rocky Linux 9.3
Please ensure that you have **NGINX 1.24.0 installed before installing BunkerWeb**. For all distributions, except Fedora, it is mandatory to use prebuilt packages from the [official NGINX repository](https://nginx.org/en/linux_packages.html). Compiling NGINX from source or using packages from different repositories will not work with the official prebuilt packages of BunkerWeb. However, you have the option to build BunkerWeb from source.
@ -1097,6 +1098,49 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
sudo dnf versionlock add bunkerweb
```
=== "Rocky Linux"
The first step is to add NGINX official repository. Create the following file at `/etc/yum.repos.d/nginx.repo` :
```conf
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
```
You should now be able to install NGINX 1.24.0 :
```shell
sudo dnf install nginx-1.24.0
```
And finally install BunkerWeb 1.5.6 :
```shell
dnf install -y epel-release && \
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo dnf install -y bunkerweb-1.5.6
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
```shell
sudo dnf versionlock add nginx && \
sudo dnf versionlock add bunkerweb
```
The configuration of BunkerWeb is done by editing the `/etc/bunkerweb/variables.env` file :
```conf
@ -1125,6 +1169,7 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch
- Ubuntu 22.04 "Jammy"
- Fedora 39
- Red Hat Enterprise Linux (RHEL) 8.9
- Rocky Linux 9.3
To simplify the deployment and configuration process, [Ansible](https://docs.ansible.com/ansible/latest/index.html) can be used as an IT automation tool. Ansible enables you to configure systems, deploy software, and perform advanced IT tasks such as continuous deployments or zero downtime rolling updates.

2
docs/troubleshooting.md
View file

@ -309,7 +309,7 @@ In case you lost your UI credentials or have 2FA issues, you can connect to the
sudo apt install sqlite3
```
Install SQLite (Fedora/RedHat) :
Install SQLite (Fedora/RedHat/Rocky Linux) :
```shell
sudo dnf install sqlite

97
src/linux/Dockerfile-rockylinux Normal file
View file

@ -0,0 +1,97 @@
FROM rockylinux:9.3@sha256:c944604c0c759f5d164ffbdf0bbab2fac582b739938937403c067ab634a0518a
ENV OS=rockylinux
ENV NGINX_VERSION 1.24.0
# Install Nginx, fpm and dependencies
RUN dnf install -y epel-release ruby ruby-devel make gcc redhat-rpm-config rpm-build wget \
yum-utils && \
dnf module -y reset ruby && dnf module -y enable ruby:3.1 && dnf module -y install ruby:3.1/common && \
gem install fpm && \
dnf install -y --skip-broken --setopt=install_weak_deps=False readline-devel python39 python39-devel python39-setuptools brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 yajl yajl-devel libxslt bash gd gd-devel gcc-c++ curl znc-modtcl gawk libtool pcre-devel automake autoconf gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel && \
wget https://nginx.org/packages/rhel/9/$(uname -m)/RPMS/nginx-${NGINX_VERSION}-1.el9.ngx.$(uname -m).rpm && \
dnf install nginx-${NGINX_VERSION}-1.el9.ngx.$(uname -m).rpm -y && \
rm -rf nginx-${NGINX_VERSION}-1.el9.ngx.$(uname -m).rpm
WORKDIR /tmp/bunkerweb/deps
# Copy dependencies sources folder
COPY src/deps/misc misc
COPY src/deps/src src
COPY src/deps/deps.json deps.json
COPY src/deps/install.sh install.sh
# Compile and install dependencies
RUN mkdir -p /usr/share/bunkerweb/deps/python && \
chmod +x install.sh && \
bash install.sh
# Copy dependencies sources folder
COPY src/deps/requirements.txt /tmp/requirements-deps.txt
COPY src/scheduler/requirements.txt /tmp/req/requirements.txt
COPY src/ui/requirements.txt /tmp/req/requirements.txt.1
COPY src/common/gen/requirements.txt /tmp/req/requirements.txt.2
COPY src/common/db/requirements.txt /tmp/req/requirements.txt.3
WORKDIR /usr/share/bunkerweb
RUN mkdir -p deps/python && \
cat /tmp/req/requirements.txt* > deps/requirements.txt && \
rm -rf /tmp/req
# Compile and install dependencies
RUN export MAKEFLAGS="-j$(nproc)" && \
python3 -m ensurepip --upgrade && \
python3 -m pip install --no-cache-dir --ignore-installed --require-hashes -r /tmp/requirements-deps.txt && \
python3 -m pip install --no-cache-dir --require-hashes --target deps/python -r deps/requirements.txt
# Copy BW files
# can't exclude deps from . so we are copying everything by hand
COPY src/bw/loading loading
COPY src/bw/lua lua
COPY src/bw/misc misc
COPY src/common/api api
COPY src/common/cli cli
COPY src/common/confs confs
COPY src/common/core core
COPY src/common/db db
COPY src/common/gen gen
COPY src/common/helpers helpers
COPY src/common/settings.json settings.json
COPY src/common/utils utils
COPY src/scheduler scheduler
COPY src/ui ui
COPY src/VERSION VERSION
# Setup BW
RUN cp helpers/bwcli /usr/bin/ && \
chmod 755 /usr/bin/bwcli && \
mkdir -p /etc/bunkerweb/configs && \
mkdir -p /var/cache/bunkerweb/ && \
mkdir -p /etc/bunkerweb/plugins && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/run/bunkerweb/ && \
mkdir -p /var/log/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > INTEGRATION && \
mkdir -p /etc/bunkerweb/plugins && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
find /usr/share/bunkerweb -path deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path deps -prune -o -type d -exec chmod 0750 {} \; && \
chmod -R 770 /var/cache/bunkerweb/ /var/lib/bunkerweb/ /etc/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ /var/log/bunkerweb/ && \
chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py deps/python/bin/* helpers/*.sh /var/www/ && \
find core/*/jobs/* -type f -exec chmod 750 {} \; && \
chmod 755 /usr/share/bunkerweb
# Copy Linux files
COPY src/linux/scripts scripts
COPY src/linux/fpm.sh /usr/share/fpm.sh
RUN chmod +x scripts/*.sh /usr/share/fpm.sh
COPY src/linux/fpm-rockylinux /usr/share/.fpm
COPY src/linux/*.service /lib/systemd/system/
# Generate RPM at startup
VOLUME /data
WORKDIR /usr/share/
ENTRYPOINT [ "./fpm.sh", "rpm" ]

13
src/linux/fpm-rockylinux Normal file
View file

@ -0,0 +1,13 @@
-s dir
--name bunkerweb
--license agpl3
--version %VERSION%
--architecture %ARCH%
--depends bash --depends python39 --depends 'nginx >= 1:1.24.0' --depends 'nginx < 1:1.25.0' --depends libcurl-devel --depends libxml2 --depends yajl --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof --depends libmaxminddb --depends libpq --depends libcap --depends openssl
--description "BunkerWeb %VERSION% for Rocky Linux 9"
--url "https://www.bunkerweb.io"
--maintainer "Bunkerity <contact at bunkerity dot com>"
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/log/bunkerweb/=/var/log/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb/=/var/lib/bunkerweb

2
src/linux/package.sh
View file

@ -38,7 +38,7 @@ if [ -f "src/VERSION" ] ; then
version="$(tr -d '\n' < src/VERSION)"
fi
type="deb"
if [ "$linux" = "fedora" ] || [ "$linux" = "centos" ] || [ "$linux" = "rhel" ] ; then
if [ "$linux" = "fedora" ] || [ "$linux" = "centos" ] || [ "$linux" = "rhel" ] || [ "$linux" = "rockylinux" ] ; then
type="rpm"
fi
do_and_check_cmd docker run --rm -v "${package_dir}:/data" "local/bunkerweb-${linux}:latest" "$type"

2
src/linux/scripts/afterRemoveRPM.sh
View file

@ -118,7 +118,7 @@ else
OS=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
fi
if ! [[ "$OS" =~ (centos|fedora|redhat) ]]; then
if ! [[ "$OS" =~ (centos|fedora|redhat|rockylinux) ]]; then
echo "❌ Unsupported Operating System"
exit 1
fi

2
src/linux/scripts/beforeInstall.sh
View file

@ -29,7 +29,7 @@ if [ -f /etc/os-release ]; then
echo " Copy /var/tmp/ui.env to /etc/bunkerweb/ui.env"
do_and_check_cmd cp -f /var/tmp/ui.env /etc/bunkerweb/ui.env
fi
elif [[ "$OS" == "Red Hat Enterprise Linux" || "$OS" == "Fedora" ]]; then
elif [[ "$OS" == "Red Hat Enterprise Linux" || "$OS" == "Fedora" || "$OS" == "Rocky Linux" ]]; then
# Get the version of the package
VERSION=$(rpm -q --queryformat '%{VERSION}' bunkerweb)
if [ "$(printf '%s\n' "$VERSION" "$(echo '1.5.6' | tr -d ' ')" | sort -V | head -n 1)" = "$VERSION" ] && [ -f /var/tmp/variables.env ] && [ -f /var/tmp/ui.env ]; then

6
tests/LinuxTest.py
View file

@ -11,7 +11,7 @@ class LinuxTest(Test):
def __init__(self, name, timeout, tests, distro, domains={}):
super().__init__(name, "linux", timeout, tests, delay=20)
self._domains = domains
if distro not in ("ubuntu", "debian", "fedora", "centos", "rhel"):
if distro not in ("ubuntu", "debian", "fedora", "centos", "rhel", "rockylinux"):
raise Exception(f"unknown distro {distro}")
self.__distro = distro
@ -26,7 +26,7 @@ class LinuxTest(Test):
raise Exception("docker run failed (linux stack)")
if distro in ("ubuntu", "debian"):
cmd = "echo force-bad-version >> /etc/dpkg/dpkg.cfg ; apt install -y /opt/\\$(ls /opt | grep deb)"
elif distro in ("centos", "fedora", "rhel"):
elif distro in ("centos", "fedora", "rhel", "rockylinux"):
cmd = "dnf install -y /opt/\\$(ls /opt | grep rpm)"
proc = LinuxTest.docker_exec(distro, cmd)
if proc.returncode != 0:
@ -53,7 +53,7 @@ class LinuxTest(Test):
"/etc/php/8.2/fpm/pool.d/www.conf",
)
LinuxTest.docker_exec(distro, "systemctl stop php8.2-fpm ; systemctl start php8.2-fpm")
elif distro in ("centos", "fedora", "rhel"):
elif distro in ("centos", "fedora", "rhel", "rockylinux"):
LinuxTest.docker_exec(distro, "dnf install -y php-fpm unzip")
LinuxTest.docker_cp(distro, "./tests/www-rpm.conf", "/etc/php-fpm.d/www.conf")
LinuxTest.docker_exec(

372
tests/Upgrade.py
View file

@ -2095,6 +2095,376 @@ elif distro == "rhel":
if "KO" in test_results.values():
sys.exit(1)
elif distro == "rockylinux":
test_results = {
"Installation test": None,
"Reloading test": None,
"Removing test": None,
"Upgrading test": None,
}
subprocess.run(
[
"sudo",
"docker",
"build",
"-t",
"rockylinux-image",
"-f",
"src/linux/Dockerfile-rockylinux",
".",
]
)
subprocess.run(
[
"sudo",
"docker",
"run",
"-it",
"--name",
"rockylinux-container",
"-v",
"deb:/data",
"rockylinux-image",
]
)
subprocess.run(
[
"docker",
"run",
"-d",
"--name",
"systemd-rockylinux",
"-v",
"deb:/data",
"--privileged",
"-v",
"/sys/fs/cgroup:/sys/fs/cgroup",
"rockylinux:9.3",
]
)
# Installing test
print("Installing bunkerweb...")
bash_script = """
dnf install yum-utils wget sudo -y
wget https://nginx.org/packages/rhel/9/x86_64/RPMS/nginx-1.24.0-1.el9.ngx.x86_64.rpm
dnf install nginx-1.24.0-1.el9.ngx.x86_64.rpm -y
dnf install /data/bunkerweb.rpm -y
"""
with tempfile.NamedTemporaryFile(mode="w") as f:
f.write(bash_script)
f.flush()
subprocess.run(["docker", "cp", f.name, "systemd-rockylinux:/data/install_nginx.sh"])
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"/data/install_nginx.sh",
]
)
if result.returncode != 0:
bunkerweb_logs = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"systemctl status bunkerweb.service",
],
capture_output=True,
)
print("Logs from bunkerweb:", bunkerweb_logs.stdout.decode())
bunkerweb_ui_logs = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"systemctl status bunkerweb-ui.service",
],
capture_output=True,
)
print("Logs from bunkerweb-ui:", bunkerweb_ui_logs.stdout.decode())
sys.exit(result.returncode)
exit(result.returncode)
else:
print("✔️ Installation successful ✔️")
# Checking Installation test
try:
if result.returncode == 0:
test_results["Installation test"] = "OK"
else:
test_results["Installation test"] = "KO"
sys.exit(1)
except:
test_results["Installation test"] = "KO"
sys.exit(1)
# Reloading test
print("Reloading bunkerweb...")
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"echo 'HTTPS_PORT=8443' >> /etc/bunkerweb/variables.env",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"echo 'new_value=1' >> /etc/bunkerweb/ui.env",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"systemctl reload bunkerweb",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"systemctl reload bunkerweb-ui",
]
)
bunkerweb_state = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"systemctl is-active bunkerweb.service",
],
capture_output=True,
)
if bunkerweb_state.stdout.decode().strip() != "active":
bunkerweb_logs = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"journalctl -u bunkerweb.service",
],
capture_output=True,
)
print("❌ bunkerweb.service is not running. Logs:", bunkerweb_logs.stdout.decode())
bunkerweb_ui_state = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"systemctl is-active bunkerweb-ui.service",
],
capture_output=True,
)
if bunkerweb_ui_state.stdout.decode().strip() != "active":
bunkerweb_ui_logs = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"journalctl -u bunkerweb-ui.service",
],
capture_output=True,
)
print(
"❌ bunkerweb-ui.service is not running. Logs:",
bunkerweb_ui_logs.stdout.decode(),
)
else:
print("✔️ bunkerweb.service and bunkerweb-ui.service are running ✔️")
# Checking Reloading test
try:
if bunkerweb_state.stdout.decode().strip() == "active":
test_results["Reloading test"] = "OK"
else:
test_results["Reloading test"] = "KO"
except:
test_results["Reloading test"] = "KO"
# Removing test
print("Removing bunkerweb...")
subprocess.run(
[
"sudo",
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"dnf remove -y bunkerweb",
]
)
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"[ -d /usr/share/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /usr/share/bunkerweb not found.")
else:
print("❌ /usr/share/bunkerweb found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"[ -d /var/tmp/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /var/tmp/bunkerweb not found.")
else:
print("❌ /var/tmp/bunkerweb found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"[ -d /var/cache/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /var/cache/bunkerweb not found.")
else:
print("❌ /var/cache/bunkerweb found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"[ -f /usr/bin/bwcli ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /usr/bin/bwcli not found.")
else:
print("❌ /usr/bin/bwcli found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"[ -d /var/lib/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /var/lib/bunkerweb not found.")
else:
print("❌ /var/lib/bunkerweb found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rockylinux",
"bash",
"-c",
"[ -d /etc/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /etc/bunkerweb not found.")
else:
print("❌ /etc/bunkerweb found.")
# Checking Removing test
try:
if (
pathlib.Path("/usr/share/bunkerweb").is_dir()
or pathlib.Path("/var/tmp/bunkerweb").is_dir()
or pathlib.Path("/var/cache/bunkerweb").is_dir()
or pathlib.Path("/usr/bin/bwcli").is_file()
or pathlib.Path("/var/lib/bunkerweb").is_dir()
or pathlib.Path("/etc/bunkerweb").is_dir()
):
test_results["Removing test"] = "KO"
else:
test_results["Removing test"] = "OK"
except:
test_results["Removing test"] = "KO"
############################################################################################################
# Upgrading test is disabled because Rocky Linux is the new Integration test #
############################################################################################################
# Print summary
for key, value in test_results.items():
print(f"{key}: {value}")
if "KO" in test_results.values():
sys.exit(1)
elif distro == "centos":
test_results = {
"Installation test": None,
@ -2611,5 +2981,5 @@ elif distro == "centos":
if "KO" in test_results.values():
sys.exit(1)
else:
print("Invalid argument. Please pass one of: ubuntu, debian, fedora, rhel, centos")
print("Invalid argument. Please pass one of: ubuntu, debian, fedora, rhel, centos, rockylinux")
sys.exit(1)

6
tests/linux.sh
View file

@ -17,7 +17,7 @@ function gen_package() {
mode="$1"
linux="$2"
version="$(tr -d '\n' < VERSION)"
if [ "$linux" = "fedora" ] || [ "$linux" = "centos" ] || [ "$linux" = "rhel" ] ; then
if [ "$linux" = "fedora" ] || [ "$linux" = "centos" ] || [ "$linux" = "rhel" ] || [ "$linux" = "rockylinux" ] ; then
type="rpm"
else
type="deb"
@ -59,6 +59,8 @@ echo "Building fedora package ..."
gen_package "$1" "fedora"
echo "Building rhel package ..."
gen_package "$1" "rhel"
echo "Building rockylinux package ..."
gen_package "$1" "rockylinux"
# Copy packages in the Docker context
do_and_check_cmd cp -r "/opt/packages/$1" ./packages
@ -74,5 +76,7 @@ echo "Building fedora test image ..."
build_image "fedora"
echo "Building rhel test image ..."
build_image "rhel"
echo "Building rockylinux test image ..."
build_image "rockylinux"
exit 0

14
tests/linux/Linux.sh
View file

@ -31,6 +31,12 @@ function buildPackage() {
if [ "$DISTRO" = "fedora" ]; then
sudo docker build -t linux-fedora -f src/linux/Dockerfile-fedora .
fi
if [ "$DISTRO" = "rhel" ]; then
sudo docker build -t linux-rhel -f src/linux/Dockerfile-rhel .
fi
if [ "$DISTRO" = "rockylinux" ]; then
sudo docker build -t linux-rockylinux -f src/linux/Dockerfile-rockylinux .
fi
fi
}
@ -50,13 +56,19 @@ function createContainer() {
if [ "$DISTRO" = "fedora" ]; then
sudo docker run -v /tmp/fedora:/data linux-fedora
fi
if [ "$DISTRO" = "rhel" ]; then
sudo docker run -v /tmp/rhel:/data linux-rhel
fi
if [ "$DISTRO" = "rockylinux" ]; then
sudo docker run -v /tmp/rockylinux:/data linux-rockylinux
fi
fi
}
# Retrieve $DISTRO from the user
function retrieveDistro() {
echo "Which distro do you want to use? (ubuntu, debian, centos, fedora)"
echo "Which distro do you want to use? (ubuntu, debian, centos, fedora, rhel, rockylinux)"
read -r DISTRO
}