Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

ui - various edits

Browse source
This commit is contained in:
florian 2023-08-07 13:39:26 +02:00
parent 5df2a74caf
commit 6e6c08a716
No known key found for this signature in database
GPG key ID: 3D80806F12602A7C
26 changed files with 68 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -19,6 +19,7 @@
- [BUGFIX] Autoconf deadlock in k8s
- [BUGFIX] Missing HTTP and HTTPS ports for temp nginx
- [BUGFIX] Infinite loop when sessions is not valid
- [BUGFIX] Missing valid LE certificates in edge cases
- [PERFORMANCE] Reduce CPU and RAM usage of scheduler
- [PERFORMANCE] Cache ngx.ctx instead of loading it each time
- [PERFORMANCE] Use per-worker LRU cache for common RO LUA values

14
docs/web-ui.md
View file

@ -85,7 +85,7 @@ Because the web UI is a web application, the recommended installation procedure
- USE_GZIP=yes
- www.example.com_USE_UI=yes
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme/
- www.example.com_REVERSE_PROXY_URL=/changeme
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:
@ -270,7 +270,7 @@ Because the web UI is a web application, the recommended installation procedure
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
@ -423,7 +423,7 @@ Because the web UI is a web application, the recommended installation procedure
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
@ -786,7 +786,7 @@ Because the web UI is a web application, the recommended installation procedure
- host: www.example.com
http:
paths:
- path: /changeme/
- path: /changeme
pathType: Prefix
backend:
service:
@ -831,7 +831,7 @@ Because the web UI is a web application, the recommended installation procedure
MULTISITE=yes
www.example.com_USE_UI=yes
www.example.com_USE_REVERSE_PROXY=yes
www.example.com_REVERSE_PROXY_URL=/changeme/
www.example.com_REVERSE_PROXY_URL=/changeme
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
```
@ -863,7 +863,7 @@ Because the web UI is a web application, the recommended installation procedure
MULTISITE=yes
www.example.com_USE_UI=yes
www.example.com_USE_REVERSE_PROXY=yes
www.example.com_REVERSE_PROXY_URL=/changeme/
www.example.com_REVERSE_PROXY_URL=/changeme
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
```
@ -936,7 +936,7 @@ Because the web UI is a web application, the recommended installation procedure
MULTISITE=yes
www.example.com_USE_UI=yes
www.example.com_USE_REVERSE_PROXY=yes
www.example.com_REVERSE_PROXY_URL=/changeme/
www.example.com_REVERSE_PROXY_URL=/changeme
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
```

2
examples/reverse-proxy-multisite/tests.json
View file

@ -2,7 +2,7 @@
"name": "reverse-proxy-multisite",
"kinds": ["docker", "autoconf", "swarm", "kubernetes", "linux"],
"timeout": 60,
"delay": 60,
"delay": 90,
"tests": [
{
"type": "string",

2
examples/web-ui/docker-compose.yml
View file

@ -17,7 +17,7 @@ services:
- www.example.com_USE_UI=yes
- www.example.com_SERVE_FILES=no
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme/ # replace with another url
- www.example.com_REVERSE_PROXY_URL=/changeme # replace with another url
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
labels:

2
misc/integrations/autoconf.mariadb.ui.yml
View file

@ -83,7 +83,7 @@ services:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"

2
misc/integrations/autoconf.mysql.ui.yml
View file

@ -83,7 +83,7 @@ services:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"

2
misc/integrations/autoconf.postgres.ui.yml
View file

@ -82,7 +82,7 @@ services:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"

2
misc/integrations/autoconf.ui.yml
View file

@ -73,7 +73,7 @@ services:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"

2
misc/integrations/docker.mariadb.ui.yml
View file

@ -18,7 +18,7 @@ services:
- USE_GZIP=yes
- www.example.com_USE_UI=yes
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme/
- www.example.com_REVERSE_PROXY_URL=/changeme
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:

2
misc/integrations/docker.mysql.ui.yml
View file

@ -18,7 +18,7 @@ services:
- USE_GZIP=yes
- www.example.com_USE_UI=yes
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/admin/
- www.example.com_REVERSE_PROXY_URL=/admin
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:

2
misc/integrations/docker.postgres.ui.yml
View file

@ -19,7 +19,7 @@ services:
- www.example.com_USE_UI=yes
- www.example.com_SERVE_FILES=no
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/admin/
- www.example.com_REVERSE_PROXY_URL=/changeme
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:

2
misc/integrations/docker.ui.yml
View file

@ -14,7 +14,7 @@ services:
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- www.example.com_USE_UI=yes
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme/
- www.example.com_REVERSE_PROXY_URL=/changeme
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:

2
misc/integrations/k8s.mariadb.ui.yml
View file

@ -317,7 +317,7 @@ spec:
- host: www.example.com
http:
paths:
- path: /changeme/
- path: /changeme
pathType: Prefix
backend:
service:

2
misc/integrations/k8s.mysql.ui.yml
View file

@ -316,7 +316,7 @@ spec:
- host: www.example.com
http:
paths:
- path: /changeme/
- path: /changeme
pathType: Prefix
backend:
service:

2
misc/integrations/k8s.postgres.ui.yml
View file

@ -316,7 +316,7 @@ spec:
- host: www.example.com
http:
paths:
- path: /changeme/
- path: /changeme
pathType: Prefix
backend:
service:

2
misc/integrations/swarm.mariadb.ui.yml
View file

@ -101,7 +101,7 @@ services:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"

2
misc/integrations/swarm.mysql.ui.yml
View file

@ -101,7 +101,7 @@ services:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"

4
misc/integrations/swarm.postgres.ui.yml
View file

@ -1,4 +1,4 @@
version: "3.5"
version: "3.5"
services:
bunkerweb:
@ -100,7 +100,7 @@ services:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"

2
misc/update-version.sh
View file

@ -27,3 +27,5 @@ for test in tests/core/* ; do
done
# linux
sed -i "s@${OLD_VERSION}@${NEW_VERSION}@g" src/linux/scripts*.sh
# db
sed -i "s@${OLD_VERSION}@${NEW_VERSION}@g" src/common/db/model.py

3
src/common/core/letsencrypt/jobs/certbot-new.py
View file

@ -195,12 +195,13 @@ try:
certbot_new(domains.replace(" ", ","), real_email, letsencrypt_path, letsencrypt_job_path)
!= 0
):
status = 2
logger.error(
f"Certificate generation failed for domain(s) {domains} ...",
)
continue
else:
status = 1
status = 1 if status == 0 else status
logger.info(
f"Certificate generation succeeded for domain(s) : {domains}"
)

2
src/common/db/model.py
View file

@ -276,4 +276,4 @@ class Metadata(Base):
config_changed = Column(Boolean, default=False, nullable=True)
instances_changed = Column(Boolean, default=False, nullable=True)
integration = Column(INTEGRATIONS_ENUM, default="Unknown", nullable=False)
version = Column(String(32), default="1.5.0", nullable=False)
version = Column(String(32), default="1.5.1", nullable=False)

2
src/linux/scripts/start.sh
View file

@ -85,7 +85,7 @@ function start() {
# Create dummy variables.env
if [ ! -f /etc/bunkerweb/variables.env ]; then
sudo -E -u nginx -g nginx /bin/bash -c "echo -ne '# remove IS_LOADING=yes when your config is ready\nIS_LOADING=yes\nUSE_BUNKERNET=no\nHTTP_PORT=80\nHTTPS_PORT=443\nAPI_LISTEN_IP=127.0.0.1\nSERVER_NAME=\n' > /etc/bunkerweb/variables.env"
sudo -E -u nginx -g nginx /bin/bash -c "echo -ne '# remove IS_LOADING=yes when your config is ready\nIS_LOADING=yes\nDNS_RESOLVERS=8.8.8.8 8.8.4.4\nHTTP_PORT=80\nHTTPS_PORT=443\nAPI_LISTEN_IP=127.0.0.1\nSERVER_NAME=\n' > /etc/bunkerweb/variables.env"
log "SYSTEMCTL" "" "Created dummy variables.env file"
fi

10
src/ui/Dockerfile
View file

@ -53,16 +53,18 @@ RUN apk add --no-cache bash && \
mkdir -p /etc/bunkerweb && \
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
mkdir -p /var/log/nginx/ && touch /var/log/nginx/ui.log && \
mkdir -p /var/log/bunkerweb/ && \
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
chown -R root:ui /data && \
chmod -R 770 /data && \
chown -R root:ui /usr/share/bunkerweb/INTEGRATION /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/nginx && \
chmod 770 /var/cache/bunkerweb /var/lib/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/nginx/ui.log && \
chown -R root:ui /usr/share/bunkerweb/INTEGRATION /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb && \
chmod 770 /var/cache/bunkerweb /var/lib/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb && \
chmod 750 /usr/share/bunkerweb/gen/*.py /usr/share/bunkerweb/ui/*.py /usr/share/bunkerweb/ui/src/*.py /usr/share/bunkerweb/deps/python/bin/* /usr/share/bunkerweb/helpers/*.sh && \
chmod 660 /usr/share/bunkerweb/INTEGRATION && \
chown root:ui /usr/share/bunkerweb/INTEGRATION
chown root:ui /usr/share/bunkerweb/INTEGRATION && \
ln -s /proc/1/fd/1 /var/log/bunkerweb/ui-access.log && \
ln -s /proc/1/fd/2 /var/log/bunkerweb/ui.log
# Fix CVEs
RUN apk add "libcrypto3>=3.1.1-r2" "libssl3>=3.1.1-r2"

21
src/ui/gunicorn.conf.py
View file

@ -2,20 +2,17 @@ from os import sep
from os.path import join
wsgi_app = "main:app"
accesslog = "/var/log/bunkerweb/ui-access.log"
errorlog = "/var/log/bunkerweb/ui.log"
loglevel = "info"
proc_name = "bunkerweb-ui"
accesslog = "-"
access_log_format = (
'%({x-forwarded-for}i)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s"'
)
errorlog = "-"
preload_app = True
reuse_port = True
pidfile = join(sep, "var", "run", "bunkerweb", "ui.pid")
secure_scheme_headers = {
"X-FORWARDED-PROTOCOL": "https",
"X-FORWARDED-PROTO": "https",
"X-FORWARDED-SSL": "on",
}
forwarded_allow_ips = "*"
proxy_allow_ips = "*"
worker_tmp_dir = join(sep, "dev", "shm")
tmp_upload_dir = join(sep, "var", "tmp", "bunkerweb", "ui")
worker_class = "gevent"
threads = 1
workers = 1
graceful_timeout = 0
secure_scheme_headers = {}

38
src/ui/main.py
View file

@ -83,9 +83,9 @@ from src.User import User
from utils import check_settings, path_to_dict
from logger import setup_logger # type: ignore
from Database import Database # type: ignore
from logging import getLogger
logger = setup_logger("UI", getenv("LOG_LEVEL", "INFO"))
# logger = setup_logger("UI", getenv("LOG_LEVEL", "INFO"))
def stop_gunicorn():
p = Popen(["pgrep", "-f", "gunicorn"], stdout=PIPE)
@ -103,8 +103,8 @@ def stop(status, _stop=True):
def handle_stop(signum, frame):
logger.info("Catched stop operation")
logger.info("Stopping web ui ...")
app.logger.info("Catched stop operation")
app.logger.info("Stopping web ui ...")
stop(0, False)
@ -120,20 +120,24 @@ app = Flask(
static_folder="static",
template_folder="templates",
)
app.wsgi_app = ReverseProxied(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)
PROXY_NUMBERS = int(getenv("PROXY_NUMBERS", "1"))
app.wsgi_app = ReverseProxied(app.wsgi_app, x_for=PROXY_NUMBERS, x_proto=PROXY_NUMBERS, x_host=PROXY_NUMBERS, x_prefix=PROXY_NUMBERS)
gunicorn_logger = getLogger('gunicorn.error')
app.logger.handlers = gunicorn_logger.handlers
app.logger.setLevel(gunicorn_logger.level)
if not getenv("ADMIN_USERNAME"):
logger.error("ADMIN_USERNAME is not set")
app.logger.error("ADMIN_USERNAME is not set")
stop(1)
elif not getenv("ADMIN_PASSWORD"):
logger.error("ADMIN_PASSWORD is not set")
app.logger.error("ADMIN_PASSWORD is not set")
stop(1)
if not getenv("FLASK_DEBUG", False) and not regex_match(
r"^(?=.*?\p{Lowercase_Letter})(?=.*?\p{Uppercase_Letter})(?=.*?\d)(?=.*?[ !\"#$%&'()*+,\-./:;<=>?@[\\\]^_`{|}~]).{8,}$",
getenv("ADMIN_PASSWORD", "changeme"),
):
logger.error(
app.logger.error(
"The admin password is not strong enough. It must contain at least 8 characters, including at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 special character (#@?!$%^&*-)."
)
stop(1)
@ -172,12 +176,12 @@ if INTEGRATION in ("Docker", "Swarm", "Autoconf"):
base_url=getenv("DOCKER_HOST", "unix:///var/run/docker.sock")
)
except (docker_APIError, DockerException):
logger.warning("No docker host found")
app.logger.warning("No docker host found")
elif INTEGRATION == "Kubernetes":
kube_config.load_incluster_config()
kubernetes_client = kube_client.CoreV1Api()
db = Database(logger, ui=True)
db = Database(app.logger, ui=True)
if INTEGRATION in (
"Swarm",
@ -185,20 +189,20 @@ if INTEGRATION in (
"Autoconf",
):
while not db.is_autoconf_loaded():
logger.warning(
app.logger.warning(
"Autoconf is not loaded yet in the database, retrying in 5s ...",
)
sleep(5)
while not db.is_initialized():
logger.warning(
app.logger.warning(
"Database is not initialized, retrying in 5s ...",
)
sleep(5)
env = db.get_config()
while not db.is_first_config_saved() or not env:
logger.warning(
app.logger.warning(
"Database doesn't have any config saved yet, retrying in 5s ...",
)
sleep(5)
@ -206,7 +210,7 @@ while not db.is_first_config_saved() or not env:
del env
logger.info("Database is ready")
app.logger.info("Database is ready")
Path(sep, "var", "tmp", "bunkerweb", "ui.healthy").write_text("ok", encoding="utf-8")
bw_version = (
Path(sep, "usr", "share", "bunkerweb", "VERSION")
@ -220,7 +224,7 @@ try:
SECRET_KEY=getenv("FLASK_SECRET", urandom(32)),
INSTANCES=Instances(docker_client, kubernetes_client, INTEGRATION),
CONFIG=Config(db),
CONFIGFILES=ConfigFiles(logger, db),
CONFIGFILES=ConfigFiles(app.logger, db),
WTF_CSRF_SSL_STRICT=False,
USER=user,
SEND_FILE_MAX_AGE_DEFAULT=86400,
@ -231,7 +235,7 @@ try:
DARK_MODE=False,
)
except FileNotFoundError as e:
logger.error(repr(e), e.filename)
app.logger.error(repr(e), e.filename)
stop(1)
plugin_id_rx = re_compile(r"^[\w_-]{1,64}$")
@ -1524,7 +1528,7 @@ def darkmode():
def check_reloading():
if not app.config["RELOADING"] or app.config["LAST_RELOAD"] + 60 < time():
if app.config["RELOADING"]:
logger.warning("Reloading took too long, forcing the state to be reloaded")
app.logger.warning("Reloading took too long, forcing the state to be reloaded")
flash("Forced the status to be reloaded", "error")
app.config["RELOADING"] = False

2
src/ui/templates/head.html
View file

@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<base href="{{ config["ABSOLUTE_URI"] }}">
<base href="{{ url_for("index") }}">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta
name="viewport"