Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #530 from bunkerity/dev

Browse source 
Merge branch "dev" into branch "staging"
This commit is contained in:
Théophile Diot 2023-06-23 13:50:09 -04:00 committed by GitHub
commit 8c4c99e65d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 104 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/assets/img/bunkerweb_db.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 38 KiB

5
docs/concepts.md
View file

@ -112,6 +112,11 @@ Database configuration is done by using the `DATABASE_URI` setting which respect
- MySQL : `mysql+pymysql://bunkerweb:changeme@bw-db:3306/db`
- PostgreSQL : `postgresql://bunkerweb:changeme@bw-db:5432/db`
<figure markdown>
![Overview](assets/img/bunkerweb_db.svg){ align=center, width="800" }
<figcaption>Database Schema</figcaption>
</figure>
## Scheduler
To make things automagically work together, a dedicated service called the scheduler is in charge of :

17
src/bw/Dockerfile
View file

@ -52,22 +52,19 @@ RUN apk add --no-cache pcre bash python3 && \
cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/tmp/bunkerweb && \
mkdir -p /var/run/bunkerweb && \
mkdir -p /var/log/bunkerweb && \
mkdir -p /var/www/html && \
mkdir -p /etc/bunkerweb && \
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
chown -R root:nginx /data && \
chmod -R 770 /data && \
chown -R root:nginx /var/cache/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /usr/bin/bwcli && \
chmod 770 /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb && \
chown -R root:nginx /data /etc/nginx /var/cache/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /usr/bin/bwcli && \
chmod -R 770 /data /etc/nginx /var/cache/bunkerweb /var/tmp/bunkerweb /var/log/bunkerweb /var/run/bunkerweb && \
chmod 750 /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/entrypoint.sh /usr/bin/bwcli /usr/share/bunkerweb/deps/python/bin/* && \
chown -R root:nginx /etc/nginx && \
chmod -R 770 /etc/nginx && \
rm -f /var/log/nginx/* && \
ln -s /proc/1/fd/2 /var/log/nginx/error.log && \
ln -s /proc/1/fd/2 /var/log/nginx/modsec_audit.log && \
ln -s /proc/1/fd/1 /var/log/nginx/access.log
rm -f /var/log/bunkerweb/* && \
ln -s /proc/1/fd/2 /var/log/bunkerweb/error.log && \
ln -s /proc/1/fd/2 /var/log/bunkerweb/modsec_audit.log && \
ln -s /proc/1/fd/1 /var/log/bunkerweb/access.log
# Fix CVEs
RUN apk add "libx11>=1.8.4-r1"

2
src/common/confs/http.conf
View file

@ -15,7 +15,7 @@ default_type application/octet-stream;
# access log format
log_format logf '{{ LOG_FORMAT }}';
access_log /var/log/nginx/access.log logf;
access_log /var/log/bunkerweb/access.log logf;
# temp paths
proxy_temp_path /var/tmp/bunkerweb/proxy_temp;

2
src/common/confs/nginx.conf
View file

@ -27,7 +27,7 @@ pcre_jit on;
worker_rlimit_nofile {{ WORKER_RLIMIT_NOFILE }};
# error log level
error_log /var/log/nginx/error.log {{ LOG_LEVEL }};
error_log /var/log/bunkerweb/error.log {{ LOG_LEVEL }};
# reason env var
env REASON;

14
src/common/core/letsencrypt/jobs/certbot-new.py
View file

@ -39,9 +39,9 @@ def certbot_new(
"--config-dir",
str(letsencrypt_path.joinpath("etc")),
"--work-dir",
str(letsencrypt_path.joinpath("lib")),
join(sep, "var", "lib", "bunkerweb", "letsencrypt"),
"--logs-dir",
str(letsencrypt_path.joinpath("log")),
join(sep, "var", "log", "bunkerweb"),
"--manual",
"--preferred-challenges=http",
"--manual-auth-hook",
@ -86,10 +86,14 @@ try:
# Create directory if it doesn't exist
letsencrypt_path = Path(sep, "var", "cache", "bunkerweb", "letsencrypt")
letsencrypt_path.mkdir(parents=True, exist_ok=True)
letsencrypt_job_path = Path(
sep, "usr", "share", "bunkerweb", "core", "letsencrypt", "jobs"
)
letsencrypt_path.mkdir(parents=True, exist_ok=True)
Path(sep, "var", "lib", "bunkerweb", "letsencrypt").mkdir(
parents=True, exist_ok=True
)
# Extract letsencrypt folder if it exists in db
db = Database(
@ -197,10 +201,6 @@ try:
logger.error(f"Error while saving Let's Encrypt data to db cache : {err}")
else:
logger.info("Successfully saved Let's Encrypt data to db cache")
# Delete lib and log folders to avoid sending them
rmtree(str(letsencrypt_path.joinpath("lib")), ignore_errors=True)
rmtree(str(letsencrypt_path.joinpath("log")), ignore_errors=True)
except:
status = 3
logger.error(f"Exception while running certbot-new.py :\n{format_exc()}")

11
src/common/core/letsencrypt/jobs/certbot-renew.py
View file

@ -34,9 +34,9 @@ def renew(domain: str, letsencrypt_path: Path) -> int:
"--config-dir",
str(letsencrypt_path.joinpath("etc")),
"--work-dir",
str(letsencrypt_path.joinpath("lib")),
join(sep, "var", "lib", "bunkerweb", "letsencrypt"),
"--logs-dir",
str(letsencrypt_path.joinpath("log")),
join(sep, "var", "log", "bunkerweb"),
"--cert-name",
domain,
"--deploy-hook",
@ -83,6 +83,9 @@ try:
# Create directory if it doesn't exist
letsencrypt_path = Path(sep, "var", "cache", "bunkerweb", "letsencrypt")
letsencrypt_path.mkdir(parents=True, exist_ok=True)
Path(sep, "var", "lib", "bunkerweb", "letsencrypt").mkdir(
parents=True, exist_ok=True
)
# Extract letsencrypt folder if it exists in db
db = Database(
@ -149,10 +152,6 @@ try:
logger.error(f"Error while saving Let's Encrypt data to db cache : {err}")
else:
logger.info("Successfully saved Let's Encrypt data to db cache")
# Delete lib and log folders to avoid sending them
rmtree(str(letsencrypt_path.joinpath("lib")), ignore_errors=True)
rmtree(str(letsencrypt_path.joinpath("log")), ignore_errors=True)
except:
status = 2
logger.error(f"Exception while running certbot-renew.py :\n{format_exc()}")

2
src/common/core/modsecurity/confs/server-http/modsecurity-rules.conf.modsec
View file

@ -62,7 +62,7 @@ SecResponseBodyLimitAction ProcessPartial
SecAuditEngine {{ MODSECURITY_SEC_AUDIT_ENGINE }}
SecAuditLogParts {{ MODSECURITY_SEC_AUDIT_LOG_PARTS }}
SecAuditLogType Serial
SecAuditLog /var/log/nginx/modsec_audit.log
SecAuditLog /var/log/bunkerweb/modsec_audit.log
# include OWASP CRS configurations
{% if USE_MODSECURITY_CRS == "yes" %}

9
src/common/db/model.py
View file

@ -31,15 +31,6 @@ CUSTOM_CONFIGS_TYPES_ENUM = Enum(
"server_stream",
name="custom_configs_types_enum",
)
LOG_LEVELS_ENUM = Enum(
"CRITICAL",
"ERROR",
"WARNING",
"INFO",
"DEBUG",
"NOTSET",
name="log_levels_enum",
)
INTEGRATIONS_ENUM = Enum(
"Linux",
"Docker",

6
src/linux/Dockerfile-centos
View file

@ -29,14 +29,12 @@ RUN dnf install yum-utils redhat-lsb-core -y && \
RUN dnf install -y python39-pip brotli brotli-devel wget gperftools-devel perl libxslt-devel libxml2 libxslt bash gd gd-devel gcc-c++ kernel-devel curl znc-modtcl libmpc-devel gmp-devel gawk mpfr-devel libtool pcre-devel automake autoconf readline-devel gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel lmdb-libs && \
pip3.9 install --no-cache-dir --upgrade pip && \
pip3.9 install wheel && \
#mkdir -p /usr/share/bunkerweb/deps && \
chmod +x /tmp/bunkerweb/deps/install.sh && \
bash /tmp/bunkerweb/deps/install.sh && \
mkdir /usr/share/bunkerweb/deps/python && \
export MAKEFLAGS="-j$(nproc)" && \
pip3.9 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt
#RUN pip3.9 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt
# Copy files
# can't exclude deps from . so we are copying everything by hand
@ -64,15 +62,15 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /etc/bunkerweb/plugins && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/run/bunkerweb/ && \
mkdir -p /var/log/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
#mkdir /var/www/html && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
#It's a find command that will find all files in the bunkerweb directory, excluding the ui/deps directory, and then chmod them to 0740.
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
#It's a find command that will find all files in the bunkerweb directory, excluding the ui/deps directory, and then chmod them to 0740.
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ /var/log/bunkerweb/ && \
chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/ui/main.py /var/www && \
# Don't forget to add /var/www/html on the above line
find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \

35
src/linux/Dockerfile-debian
View file

@ -19,35 +19,6 @@ RUN mkdir -p /usr/share/bunkerweb/deps && \
cat /tmp/req/requirements.txt /tmp/req/requirements.txt.1 /tmp/req/requirements.txt.2 /tmp/req/requirements.txt.3 > /usr/share/bunkerweb/deps/requirements.txt && \
rm -rf /tmp/req
# # Install dependencies
# RUN apt-get update && \
# apt-get install -y --no-install-recommends \
# wget \
# build-essential \
# libffi-dev \
# libgdbm-dev \
# libc6-dev \
# libssl-dev \
# zlib1g-dev \
# libbz2-dev \
# libreadline-dev \
# libsqlite3-dev \
# libncurses5-dev \
# libncursesw5-dev \
# xz-utils \
# tk-dev
# # Installing python3.11
# RUN wget https://www.python.org/ftp/python/3.11.4/Python-3.11.4.tgz && \
# tar xzf Python-3.11.4.tgz && \
# cd Python-3.11.4 && \
# ./configure --enable-optimizations && \
# make -j$(nproc) && \
# make altinstall && \
# rm -rf /usr/src/Python-3.11.4*
# # Installing pip
# RUN curl -sS https://bootstrap.pypa.io/get-pip.py | python3.11
# Nginx
RUN apt-get install gnupg2 ca-certificates wget -y && \
echo "deb https://nginx.org/packages/debian/ bullseye nginx" > /etc/apt/sources.list.d/nginx.list && \
@ -68,9 +39,6 @@ RUN apt install --no-install-recommends python3-pip bash libssl-dev git libpcre+
pip3 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
if [ ! -f /usr/share/bunkerweb/deps/python/zope/__init__.py ] ; then touch /usr/share/bunkerweb/deps/python/zope/__init__.py ; fi
# Dirty fix to avoid errors with --target and packages same namespace
#RUN pip install --no-deps --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt
# Copy files
# can't exclude deps from . so we are copying everything by hand
COPY src/bw/loading /usr/share/bunkerweb/loading
@ -97,6 +65,7 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /etc/bunkerweb/plugins && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/run/bunkerweb/ && \
mkdir -p /var/log/bunkerweb/ && \
mkdir -p /var/www/ && \
mkdir -p /var/lib/bunkerweb && \
mkdir /var/www/html && \
@ -105,7 +74,7 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
#It's a find command that will find all files in the bunkerweb directory, excluding the ui/deps directory, and then chmod them to 0740.
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ /var/log/bunkerweb/ && \
chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/ui/main.py /var/www/ && \
# Don't forget to add /var/www/html on the above line
find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \

6
src/linux/Dockerfile-fedora
View file

@ -34,9 +34,6 @@ RUN dnf install -y python3-pip brotli brotli-devel gperftools-devel perl libxslt
export MAKEFLAGS="-j$(nproc)" && \
pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
if [ ! -f /usr/share/bunkerweb/deps/python/zope/__init__.py ] ; then touch /usr/share/bunkerweb/deps/python/zope/__init__.py ; fi
# Dirty fix to avoid errors with --target and packages same namespace
#cp -r /usr/lib64/python3.10/* /usr/lib/python3.10/ && \
#PYTHONPLATLIBDIR=lib pip3.10 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt
# Copy files
# can't exclude deps from . so we are copying everything by hand
@ -64,12 +61,13 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /etc/bunkerweb/plugins && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/run/bunkerweb/ && \
mkdir -p /var/log/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ /var/log/bunkerweb/ && \
chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/ui/main.py /var/www/ && \
find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \
chmod 755 /usr/share/bunkerweb

50
src/linux/Dockerfile-rhel
View file

@ -40,17 +40,14 @@ RUN mkdir -p /usr/share/bunkerweb/deps && \
# Compile and install dependencies
RUN dnf install -y readline-devel python39-pip brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 libxslt bash gd gd-devel gcc-c++ curl znc-modtcl gawk libtool pcre-devel automake autoconf gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel --skip-broken && \
pip3.9 install --no-cache-dir --upgrade pip && \
pip3.9 install wheel && \
#mkdir -p /usr/share/bunkerweb/deps && \
chmod +x /tmp/bunkerweb/deps/install.sh && \
bash /tmp/bunkerweb/deps/install.sh && \
mkdir /usr/share/bunkerweb/deps/python && \
export MAKEFLAGS="-j$(nproc)" && \
pip3.9 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
if [ ! -f /usr/share/bunkerweb/deps/python/zope/__init__.py ] ; then touch /usr/share/bunkerweb/deps/python/zope/__init__.py ; fi
#RUN pip3.10 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt
pip3.9 install --no-cache-dir --upgrade pip && \
pip3.9 install wheel && \
chmod +x /tmp/bunkerweb/deps/install.sh && \
bash /tmp/bunkerweb/deps/install.sh && \
mkdir /usr/share/bunkerweb/deps/python && \
export MAKEFLAGS="-j$(nproc)" && \
pip3.9 install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /usr/share/bunkerweb/deps/requirements.txt && \
if [ ! -f /usr/share/bunkerweb/deps/python/zope/__init__.py ] ; then touch /usr/share/bunkerweb/deps/python/zope/__init__.py ; fi
# Copy BW files
# can't exclude deps from . so we are copying everything by hand
@ -72,21 +69,22 @@ COPY src/VERSION /usr/share/bunkerweb/VERSION
# Setup BW
RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
chmod 755 /usr/bin/bwcli && \
mkdir -p /etc/bunkerweb/configs && \
mkdir -p /var/cache/bunkerweb/ && \
mkdir -p /etc/bunkerweb/plugins && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/run/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/ui/main.py /var/www/ && \
find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \
chmod 755 /usr/share/bunkerweb
chmod 755 /usr/bin/bwcli && \
mkdir -p /etc/bunkerweb/configs && \
mkdir -p /var/cache/bunkerweb/ && \
mkdir -p /etc/bunkerweb/plugins && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/run/bunkerweb/ && \
mkdir -p /var/log/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ /var/log/bunkerweb/ && \
chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/ui/main.py /var/www/ && \
find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \
chmod 755 /usr/share/bunkerweb
# Copy Linux files
COPY src/linux/scripts /usr/share/bunkerweb/scripts

35
src/linux/Dockerfile-ubuntu
View file

@ -19,37 +19,6 @@ RUN mkdir -p /usr/share/bunkerweb/deps && \
cat /tmp/req/requirements.txt /tmp/req/requirements.txt.1 /tmp/req/requirements.txt.2 /tmp/req/requirements.txt.3 > /usr/share/bunkerweb/deps/requirements.txt && \
rm -rf /tmp/req
# # Install dependencies
# RUN apt-get update -y && \
# DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
# wget \
# build-essential \
# checkinstall \
# libgdbm-dev \
# libc6-dev \
# libssl-dev \
# zlib1g-dev \
# libbz2-dev \
# libreadline-dev \
# libsqlite3-dev \
# libncurses5-dev \
# libncursesw5-dev \
# xz-utils \
# tk-dev \
# libffi-dev \
# tzdata
# # Installing python3.11
# RUN wget https://www.python.org/ftp/python/3.11.4/Python-3.11.4.tgz && \
# tar xzf Python-3.11.4.tgz && \
# cd Python-3.11.4 && \
# ./configure --enable-optimizations && \
# make -j$(nproc) && \
# make altinstall && \
# rm -rf /usr/src/Python-3.11.4*
# # Installing pip
# RUN curl -sS https://bootstrap.pypa.io/get-pip.py | python3.11
# Nginx
RUN apt update && \
apt-get install curl gnupg2 ca-certificates lsb-release ubuntu-keyring software-properties-common -y && \
@ -63,7 +32,6 @@ RUN apt update && \
RUN apt install --no-install-recommends bash libssl-dev git libpcre++-dev zlib1g-dev libxml2-dev libyajl-dev pkgconf libcurl4-openssl-dev libgeoip-dev liblmdb-dev apt-utils bash build-essential autoconf libtool automake g++ gcc libxml2-dev make musl-dev gnupg patch libreadline-dev libpcre3-dev libgd-dev python3-pip -y && \
pip install --no-cache-dir --upgrade pip && \
pip install wheel && \
#mkdir -p /usr/share/bunkerweb/deps && \
chmod +x /tmp/bunkerweb/deps/install.sh && \
bash /tmp/bunkerweb/deps/install.sh && \
mkdir /usr/share/bunkerweb/deps/python && \
@ -97,12 +65,13 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /etc/bunkerweb/plugins && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/run/bunkerweb/ && \
mkdir -p /var/log/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ /var/log/bunkerweb/ && \
chmod 750 /usr/share/bunkerweb/gen/main.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/ui/main.py /var/www/ && \
find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \
chmod 755 /usr/share/bunkerweb

2
src/linux/fpm-centos
View file

@ -10,4 +10,4 @@
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/log/bunkerweb/=/var/log/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

2
src/linux/fpm-debian
View file

@ -10,4 +10,4 @@
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveDEB.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/log/bunkerweb/=/var/log/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

2
src/linux/fpm-fedora
View file

@ -10,4 +10,4 @@
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/log/bunkerweb/=/var/log/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

2
src/linux/fpm-rhel
View file

@ -10,4 +10,4 @@
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/log/bunkerweb/=/var/log/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

2
src/linux/fpm-ubuntu
View file

@ -11,4 +11,4 @@
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveDEB.sh
--deb-no-default-config-files
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/log/bunkerweb/=/var/log/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb

6
src/linux/scripts/afterRemoveDEB.sh
View file

@ -66,6 +66,12 @@ function remove {
do_and_check_cmd rm -rf /var/run/bunkerweb
fi
# Remove /var/log/bunkerweb
if test -e "/var/log/bunkerweb"; then
echo " Remove /var/log/bunkerweb"
do_and_check_cmd rm -rf /var/log/bunkerweb
fi
# Remove /var/lib/bunkerweb
if test -e "/var/cache/bunkerweb"; then
echo " Remove /var/cache/bunkerweb"

6
src/linux/scripts/afterRemoveRPM.sh
View file

@ -66,6 +66,12 @@ function remove {
do_and_check_cmd rm -rf /var/run/bunkerweb
fi
# Remove /var/log/bunkerweb
if test -e "/var/log/bunkerweb"; then
echo " Remove /var/log/bunkerweb"
do_and_check_cmd rm -rf /var/log/bunkerweb
fi
# Remove /var/lib/bunkerweb
if test -e "/var/cache/bunkerweb"; then
echo " Remove /var/cache/bunkerweb"

2
src/linux/scripts/postinstall.sh
View file

@ -23,7 +23,7 @@ function do_and_check_cmd() {
# Give all the permissions to the nginx user
echo "Setting ownership for all necessary directories to nginx user and group..."
do_and_check_cmd chown -R nginx:nginx /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb
do_and_check_cmd chown -R nginx:nginx /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb
# Stop and disable nginx on boot
echo "Stop and disable nginx on boot..."

12
src/scheduler/Dockerfile
View file

@ -51,24 +51,20 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl libmagic && \
adduser -h /var/cache/nginx -g scheduler -s /bin/sh -G scheduler -D -H -u 101 scheduler && \
cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
echo "Docker" > /usr/share/bunkerweb/INTEGRATION && \
mkdir -p /etc/nginx && \
mkdir -p /var/tmp/bunkerweb && \
mkdir -p /var/run/bunkerweb && \
mkdir -p /var/log/bunkerweb && \
mkdir -p /var/www && \
mkdir -p /etc/bunkerweb && \
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
mkdir -p /data/www && ln -s /data/www /var/www/html && \
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
chown -R root:scheduler /data && \
chmod -R 770 /data && \
chown -R root:scheduler /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /usr/bin/bwcli && \
chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb && \
chown -R root:scheduler /data /etc/nginx /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /usr/bin/bwcli && \
chmod -R 770 /data /etc/nginx /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb && \
find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \
chmod 750 /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/gen/*.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/scheduler/entrypoint.sh /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/deps/python/bin/* /usr/bin/bwcli && \
mkdir -p /etc/nginx && \
chown -R scheduler:scheduler /etc/nginx && \
chmod -R 770 /etc/nginx && \
chmod 660 /usr/share/bunkerweb/INTEGRATION && \
chown root:scheduler /usr/share/bunkerweb/INTEGRATION

5
src/scheduler/main.py
View file

@ -507,7 +507,10 @@ if __name__ == "__main__":
"Config generator failed, configuration will not work as expected...",
)
else:
copy(str(nginx_variables_path), str(tmp_variables_path))
copy(
str(nginx_variables_path),
join(sep, "var", "tmp", "bunkerweb", "variables.env"),
)
if SCHEDULER.apis:
# send nginx configs

9
src/ui/static/css/dashboard.css
View file

@ -16,6 +16,15 @@
font-family: "Open Sans", sans-serif !important;
}
.ace_editor,
.ace_editor div,
.ace_content {
font-family: "Monaco", "Menlo", "Ubuntu Mono", "Consolas", "source-code-pro",
monospace !important;
font-size: 16px !important;
font-weight: normal !important;
}
*,
::before,
::after {

9
src/ui/styles.css
View file

@ -11,6 +11,15 @@
font-family: "Open Sans", sans-serif !important;
}
.ace_editor,
.ace_editor div,
.ace_content {
font-family: "Monaco", "Menlo", "Ubuntu Mono", "Consolas", "source-code-pro",
monospace !important;
font-size: 16px !important;
font-weight: normal !important;
}
.close-btn {
@apply dark:brightness-90 inline-block px-6 py-3 font-bold text-center text-red-500 border border-red-500 uppercase align-middle transition-all rounded-lg cursor-pointer dark:bg-gray-200 dark:hover:brightness-75 bg-white hover:bg-white/80 focus:bg-white/80 leading-normal ease-in tracking-tight-rem shadow-xs hover:-translate-y-px active:opacity-85 hover:shadow-md;
}