Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #609 from bunkerity/dev

Browse source 
Merge branch "dev" into branch "staging"
This commit is contained in:
Théophile Diot 2023-09-04 16:44:07 +02:00 committed by GitHub
commit 6f26c42c89
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 37 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/beta.yml vendored
View file

@ -132,7 +132,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"

2
.github/workflows/container-build.yml vendored
View file

@ -45,7 +45,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Replace VERSION
if: inputs.RELEASE == 'testing'
run: ./misc/update-version.sh testing

4
.github/workflows/create-arm.yml vendored
View file

@ -34,10 +34,10 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Create ARM VM
id: scw
uses: scaleway/action-scw@bbcfd65cd2af73456ce439088e0d42c1657c4c38
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
with:
args: instance server create zone=fr-par-2 type=AMP2-C48 root-volume=block:50GB
save-config: true

2
.github/workflows/dev-update-mmdb.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}

4
.github/workflows/dev.yml vendored
View file

@ -48,7 +48,7 @@ jobs:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
@ -72,7 +72,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')

2
.github/workflows/doc-to-pdf.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v4
with:

2
.github/workflows/linux-build.yml vendored
View file

@ -37,7 +37,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Replace VERSION
if: inputs.RELEASE == 'testing'
run: ./misc/update-version.sh testing

2
.github/workflows/push-doc.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}

2
.github/workflows/push-docker.yml vendored
View file

@ -30,7 +30,7 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v2
with:

2
.github/workflows/push-github.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checkout
- uses: actions/checkout@v3
- uses: actions/checkout@v4
# Get PDF doc
- name: Get documentation
if: inputs.VERSION != 'testing'

2
.github/workflows/push-packagecloud.yml vendored
View file

@ -40,7 +40,7 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install ruby
uses: ruby/setup-ruby@v1
with:

2
.github/workflows/release.yml vendored
View file

@ -132,7 +132,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"

4
.github/workflows/rm-arm.yml vendored
View file

@ -21,9 +21,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Delete ARM VM
uses: scaleway/action-scw@bbcfd65cd2af73456ce439088e0d42c1657c4c38
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
with:
args: instance server delete ${{ secrets.ARM_ID }} zone=fr-par-2 with-ip=true with-volumes=all force-shutdown=true
version: v2.13.0

2
.github/workflows/staging-create-infra.yml vendored
View file

@ -23,7 +23,7 @@ jobs:
run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config
if: inputs.TYPE != 'k8s'
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install terraform
uses: hashicorp/setup-terraform@v2
- name: Install kubectl

2
.github/workflows/staging-delete-infra.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install terraform
uses: hashicorp/setup-terraform@v2
- uses: actions/download-artifact@v3

2
.github/workflows/staging-tests.yml vendored
View file

@ -25,7 +25,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Login to ghcr
uses: docker/login-action@v2
with:

4
.github/workflows/staging.yml vendored
View file

@ -78,7 +78,7 @@ jobs:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
@ -135,7 +135,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')

2
.github/workflows/test-core.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Login to ghcr
uses: docker/login-action@v2
with:

2
.github/workflows/tests-ui.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Login to ghcr
uses: docker/login-action@v2
with:

12
docs/security-tuning.md
View file

@ -127,7 +127,7 @@ Here is some examples of possible values for `CORS_ALLOW_ORIGIN` setting :
## HTTPS / SSL/TLS
Besides the HTTPS configuration, the following settings related to HTTPS can be set :
Besides the HTTPS / SSL/TLS configuration, the following settings related to HTTPS / SSL/TLS can be set :
| Setting | Default | Description |
| :---------------------------: | :---------------: | :----------------------------------------------------------------------------------------------------------- |
@ -141,13 +141,13 @@ Besides the HTTPS configuration, the following settings related to HTTPS can be
STREAM support :white_check_mark:
BunkerWeb comes with automatic Let's Encrypt certificate generation and renewal. This is the easiest way of getting HTTPS working out of the box for public-facing web applications. Please note that you will need to set up proper DNS A record(s) for each of your domains pointing to your public IP(s) where BunkerWeb is accessible.
BunkerWeb comes with automatic Let's Encrypt certificate generation and renewal. This is the easiest way of getting HTTPS / SSL/TLS working out of the box for public-facing web applications. Please note that you will need to set up proper DNS A record(s) for each of your domains pointing to your public IP(s) where BunkerWeb is accessible.
Here is the list of related settings :
| Setting | Default | Description |
| :------------------------: | :----------------------: | :----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `AUTO_LETS_ENCRYPT` | `no` | When set to `yes`, HTTPS will be enabled with automatic certificate generation and renewal from Let's Encrypt. |
| `AUTO_LETS_ENCRYPT` | `no` | When set to `yes`, HTTPS / SSL/TLS will be enabled with automatic certificate generation and renewal from Let's Encrypt. |
| `EMAIL_LETS_ENCRYPT` | `contact@{FIRST_SERVER}` | Email to use when generating certificates. Let's Encrypt will send notifications to that email like certificate expiration. |
| `USE_LETS_ENCRYPT_STAGING` | `no` | When set to `yes`, the staging server of Let's Encrypt will be used instead of the production one. Useful when doing tests to avoid being "blocked" due to limits. |
@ -161,7 +161,7 @@ If you want to use your own certificates, here is the list of related settings :
| Setting |Default| Context |Multiple| Description |
|-----------------|-------|---------|--------|--------------------------------------------------------------------------------|
|`USE_CUSTOM_SSL` |`no` |multisite|no |Use custom HTTPS certificate. |
|`USE_CUSTOM_SSL` |`no` |multisite|no |Use custom HTTPS / SSL/TLS certificate. |
|`CUSTOM_SSL_CERT`| |multisite|no |Full path of the certificate or bundle file (must be readable by the scheduler).|
|`CUSTOM_SSL_KEY` | |multisite|no |Full path of the key file (must be readable by the scheduler). |
@ -174,11 +174,11 @@ When using stream mode, you will need to use the `LISTEN_STREAM_PORT_SSL` settin
STREAM support :white_check_mark:
If you want to quickly test HTTPS for staging/dev environment you can configure BunkerWeb to generate self-signed certificates, here is the list of related settings :
If you want to quickly test HTTPS / SSL/TLS for staging/dev environment you can configure BunkerWeb to generate self-signed certificates, here is the list of related settings :
| Setting | Default | Description |
| :------------------------: | :--------------------: | :------------------------------------------------------------------------------------------------------------------------- |
| `GENERATE_SELF_SIGNED_SSL` | `no` | When set to `yes`, HTTPS will be enabled with automatic self-signed certificate generation and renewal from Let's Encrypt. |
| `GENERATE_SELF_SIGNED_SSL` | `no` | When set to `yes`, HTTPS / SSL/TLS will be enabled with automatic self-signed certificate generation and renewal from Let's Encrypt. |
| `SELF_SIGNED_SSL_EXPIRY` | `365` | Number of days for the certificate expiration (**-days** value used with **openssl**). |
| `SELF_SIGNED_SSL_SUBJ` | `/CN=www.example.com/` | Certificate subject to use (**-subj** value used with **openssl**). |

5
src/common/db/Database.py
View file

@ -166,6 +166,11 @@ class Database:
bind=self.__sql_engine, autoflush=False, expire_on_commit=False
)
self.suffix_rx = re_compile(r"_\d+$")
if sqlalchemy_string.startswith("sqlite"):
with self.__db_session() as session:
session.execute(text("PRAGMA journal_mode=WAL"))
session.commit()
def __del__(self) -> None:
"""Close the database"""

2
src/common/settings.json
View file

@ -195,7 +195,7 @@
"help": "Server name (virtual host) for the API.",
"id": "api-server-name",
"label": "API server name",
"regex": "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\\.?$",
"regex": "^[^ ]{1,255}$",
"type": "text"
},
"API_WHITELIST_IP": {

4
tests/core/badbehavior/main.py
View file

@ -50,9 +50,9 @@ try:
"http://www.example.com/?id=/etc/passwd",
headers={"Host": "www.example.com"},
)
sleep(1)
sleep(1.5)
sleep(1)
sleep(3)
status_code = get(
f"http://www.example.com",