Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Soft merge branch '1.5' into dev

Browse source
This commit is contained in:
Théophile Diot 2024-10-01 16:02:46 +02:00
commit bf873339e7
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
40 changed files with 1086 additions and 473 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

243
.github/workflows/1.5.yml vendored
View file

@ -241,3 +241,246 @@ jobs:
ARCH: ${{ matrix.arch }}
secrets:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
name: Automatic tests (1.5)
permissions: read-all
on:
push:
branches: [1.5]
jobs:
# Containers
build-containers:
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
image: [bunkerweb, scheduler, autoconf, ui]
include:
- image: bunkerweb
dockerfile: src/bw/Dockerfile
- image: scheduler
dockerfile: src/scheduler/Dockerfile
- image: autoconf
dockerfile: src/autoconf/Dockerfile
- image: ui
dockerfile: src/ui/Dockerfile
uses: ./.github/workflows/container-build.yml
with:
RELEASE: 1.5
ARCH: linux/amd64
CACHE: true
IMAGE: ${{ matrix.image }}
DOCKERFILE: ${{ matrix.dockerfile }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
# Build Linux packages
build-packages:
permissions:
contents: read
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel, rhel9, ubuntu-jammy]
include:
- linux: ubuntu
package: deb
- linux: ubuntu-jammy
package: deb
- linux: debian
package: deb
- linux: fedora
package: rpm
- linux: rhel
package: rpm
- linux: rhel9
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: 1.5
LINUX: ${{ matrix.linux }}
PACKAGE: ${{ matrix.package }}
TEST: true
PLATFORMS: linux/amd64
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
codeql:
uses: ./.github/workflows/codeql.yml
permissions:
actions: read
contents: read
security-events: write
# UI tests
prepare-tests-ui:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- id: set-matrix
run: |
tests=$(find ./tests/ui/ -name "*_page.py" -type f -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
echo "tests=$tests" >> $GITHUB_OUTPUT
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}
tests-ui:
needs: [prepare-tests-ui, build-containers]
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-ui.outputs.tests) }}
uses: ./.github/workflows/tests-ui.yml
with:
TEST: ${{ matrix.test }}
RELEASE: 1.5
tests-ui-linux:
needs: [prepare-tests-ui, build-packages]
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-ui.outputs.tests) }}
uses: ./.github/workflows/tests-ui-linux.yml
with:
TEST: ${{ matrix.test }}
RELEASE: 1.5
# Core tests
prepare-tests-core:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
echo "tests=$tests" >> $GITHUB_OUTPUT
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}
tests-core:
needs: [build-containers, prepare-tests-core]
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
uses: ./.github/workflows/test-core.yml
with:
TEST: ${{ matrix.test }}
RELEASE: 1.5
tests-core-linux:
needs: [build-packages, prepare-tests-core]
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
uses: ./.github/workflows/test-core-linux.yml
with:
TEST: ${{ matrix.test }}
RELEASE: 1.5
secrets: inherit
# Push with 1.5 tag
push-1_5:
needs: [tests-ui, tests-core]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push BW image
run: docker pull ghcr.io/bunkerity/$FROM-tests:1.5 && docker tag ghcr.io/bunkerity/$FROM-tests:1.5 bunkerity/$TO:1.5 && docker tag ghcr.io/bunkerity/$FROM-tests:1.5 ghcr.io/bunkerity/$TO:1.5 && docker push bunkerity/$TO:1.5 && docker push ghcr.io/bunkerity/$TO:1.5
env:
FROM: "bunkerweb"
TO: "bunkerweb"
- name: Push scheduler image
run: docker pull ghcr.io/bunkerity/$FROM-tests:1.5 && docker tag ghcr.io/bunkerity/$FROM-tests:1.5 bunkerity/$TO:1.5 && docker tag ghcr.io/bunkerity/$FROM-tests:1.5 ghcr.io/bunkerity/$TO:1.5 && docker push bunkerity/$TO:1.5 && docker push ghcr.io/bunkerity/$TO:1.5
env:
FROM: "scheduler"
TO: "bunkerweb-scheduler"
- name: Push UI image
run: docker pull ghcr.io/bunkerity/$FROM-tests:1.5 && docker tag ghcr.io/bunkerity/$FROM-tests:1.5 bunkerity/$TO:1.5 && docker tag ghcr.io/bunkerity/$FROM-tests:1.5 ghcr.io/bunkerity/$TO:1.5 && docker push bunkerity/$TO:1.5 && docker push ghcr.io/bunkerity/$TO:1.5
env:
FROM: "ui"
TO: "bunkerweb-ui"
- name: Push autoconf image
run: docker pull ghcr.io/bunkerity/$FROM-tests:1.5 && docker tag ghcr.io/bunkerity/$FROM-tests:1.5 bunkerity/$TO:1.5 && docker tag ghcr.io/bunkerity/$FROM-tests:1.5 ghcr.io/bunkerity/$TO:1.5 && docker push bunkerity/$TO:1.5 && docker push ghcr.io/bunkerity/$TO:1.5
env:
FROM: "autoconf"
TO: "bunkerweb-autoconf"
# Push Linux packages
push-packages:
needs: [tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el, el9, ubuntu-jammy]
arch: [amd64]
include:
- release: 1.5
repo: bunkerweb
- linux: ubuntu
package_arch: amd64
separator: _
suffix: ""
version: noble
package: deb
- linux: debian
package_arch: amd64
separator: _
suffix: ""
version: bookworm
package: deb
- linux: fedora
package_arch: x86_64
separator: "-"
suffix: "1."
version: 40
package: rpm
- linux: el
package_arch: x86_64
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: el9
package_arch: x86_64
separator: "-"
suffix: "1."
version: 9
package: rpm
- linux: ubuntu-jammy
package_arch: amd64
separator: _
suffix: ""
version: jammy
package: deb
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}
SUFFIX: ${{ matrix.suffix }}
REPO: ${{ matrix.repo }}
LINUX: ${{ matrix.linux }}
VERSION: ${{ matrix.version }}
PACKAGE: ${{ matrix.package }}
BW_VERSION: ${{ matrix.release }}
PACKAGE_ARCH: ${{ matrix.package_arch }}
ARCH: ${{ matrix.arch }}
secrets:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

2
.github/workflows/linux-build.yml vendored
View file

@ -43,7 +43,7 @@ jobs:
run: chmod +x ./misc/update-version.sh && ./misc/update-version.sh ${{ inputs.RELEASE }}
- name: Replace VERSION 1.5
if: inputs.RELEASE == '1.5'
run: chmod +x ./misc/update-version.sh && ./misc/update-version.sh dev
run: chmod +x ./misc/update-version.sh && ./misc/update-version.sh 1.5-dev
- name: Extract arch
run: |
echo "ARCH=${{ env.PLATFORMS }}" | sed 's/linux//g' | sed 's@/@@g' >> "$GITHUB_ENV"

6
.github/workflows/push-packagecloud.yml vendored
View file

@ -78,9 +78,9 @@ jobs:
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
# Update name
# - name: Rename package
# if: inputs.BW_VERSION == 'testing'
# run: sudo apt install -y rename && rename 's/[0-9]\.[0-9]\.[0-9]/testing/' /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
- name: Rename package
if: inputs.BW_VERSION == '1.5'
run: sudo apt install -y rename && rename 's/dev/1.5-dev/' /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
# Push package
- name: Push package to packagecloud
if: inputs.LINUX != 'el9' && inputs.LINUX != 'ubuntu-jammy'

4
.github/workflows/test-core-linux.yml vendored
View file

@ -66,7 +66,7 @@ jobs:
if: inputs.RELEASE == '1.5'
run: |
container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
docker cp "$container_id:/opt/bunkerweb_dev-1_amd64.deb" "/tmp/bunkerweb.deb"
docker cp "$container_id:/opt/bunkerweb_1.5-dev-1_amd64.deb" "/tmp/bunkerweb.deb"
docker rm "$container_id"
- name: Install NGINX
run: |
@ -76,7 +76,7 @@ jobs:
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo -E apt install -y nginx=1.26.1-2~noble
sudo -E apt install -y nginx=1.26.2-1~noble
- name: Fix version without a starting number
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == '1.5'
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg

4
.github/workflows/tests-ui-linux.yml vendored
View file

@ -66,7 +66,7 @@ jobs:
if: inputs.RELEASE == '1.5'
run: |
container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
docker cp "$container_id:/opt/bunkerweb_dev-1_amd64.deb" "/tmp/bunkerweb.deb"
docker cp "$container_id:/opt/bunkerweb_1.5-dev-1_amd64.deb" "/tmp/bunkerweb.deb"
docker rm "$container_id"
- name: Install NGINX
run: |
@ -76,7 +76,7 @@ jobs:
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo -E apt install -y nginx=1.26.1-2~noble
sudo -E apt install -y nginx=1.26.2-1~noble
- name: Fix version without a starting number
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui' || inputs.RELEASE == '1.5'
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg

24
CHANGELOG.md
View file

@ -25,6 +25,30 @@
- [MISC] Updated context of `realip`'s `USE_PROXY_PROTOCOL` setting to `global` as it was always applied globally even if set only on a service
- [DEPS] Updated coreruleset-v4 version to v4.7.0
## v1.5.10 - 2024/08/17
- [UI] Fix setup wizard bug related to certificate
- [UI] Fix bug when adding more than 3 reverse proxies URLs
- [UI] Fix wrong type for REVERSE_PROXY_SSL_SNI_NAME setting
- [BUGFIX] Add HTTP3 specific modsec rule in web UI to avoid false positives
- [BUGFIX] Fix missing scheduler logs in Linux integration
- [BUGFIX] Add missing REPORT HTTP method to ALLOWED_METHODS setting
- [DEPS] Updated NGINX version to v1.26.2
- [DEPS] Updated LuaJIT version to v2.1-20240815
- [DEPS] Updated libmaxminddb version to v1.11.0
- [DEPS] Updated lua-cjson to latest commit for the version v2.1.0.14
- [DEPS] Updated lua-nginx-module version to v0.10.27
- [DEPS] Updated lua-resty-core version to v0.1.29
- [DEPS] Updated lua-resty-lrucache version to v0.14
- [DEPS] Updated lua-resty-openssl version to v1.5.1
- [DEPS] Updated lua-resty-signal version to v0.04
- [DEPS] Updated lua-resty-string version to v0.16
- [DEPS] Updated stream-lua-nginx-module version to v0.0.15
- [DEPS] Updated coreruleset-v4 version to v4.6.0
- [DEPS] Updated coreruleset-v3 version to v3.3.6
- [DEPS] Updated ModSecurity version to v3.0.13
- [DEPS] Start managing Mbed TLS as a dependency for ModSecurity (v3.6.1)
## v1.5.9 - 2024/07/22
- [BUGFIX] Fix compatibility issues with mysql 8.4+ version and the `backup` plugin by adding the `mariadb-connector-c` dependency to the scheduler Dockerfile (on alpine)

2
README.md
View file

@ -302,7 +302,7 @@ List of supported Linux distros :
- RHEL 8.9
- RHEL 9.4
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.10/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
## Microsoft Azure

18
docs/integrations.md
View file

@ -327,7 +327,7 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch
- Red Hat Enterprise Linux (RHEL) 8.9
- Red Hat Enterprise Linux (RHEL) 9.4
Please ensure that you have **NGINX 1.26.1 installed before installing BunkerWeb**. For all distributions, except Fedora, it is mandatory to use prebuilt packages from the [official NGINX repository](https://nginx.org/en/linux_packages.html). Compiling NGINX from source or using packages from different repositories will not work with the official prebuilt packages of BunkerWeb. However, you have the option to build BunkerWeb from source.
Please ensure that you have **NGINX 1.26.2 installed before installing BunkerWeb**. For all distributions, except Fedora, it is mandatory to use prebuilt packages from the [official NGINX repository](https://nginx.org/en/linux_packages.html). Compiling NGINX from source or using packages from different repositories will not work with the official prebuilt packages of BunkerWeb. However, you have the option to build BunkerWeb from source.
=== "Debian"
@ -342,11 +342,11 @@ Please ensure that you have **NGINX 1.26.1 installed before installing BunkerWeb
| sudo tee /etc/apt/sources.list.d/nginx.list
```
You should now be able to install NGINX 1.26.1 :
You should now be able to install NGINX 1.26.2 :
```shell
sudo apt update && \
sudo apt install -y nginx=1.26.1-2~$(lsb_release -cs)
sudo apt install -y nginx=1.26.2-1~$(lsb_release -cs)
```
!!! warning "Testing/dev version"
@ -389,11 +389,11 @@ Please ensure that you have **NGINX 1.26.1 installed before installing BunkerWeb
| sudo tee /etc/apt/sources.list.d/nginx.list
```
You should now be able to install NGINX 1.26.1 :
You should now be able to install NGINX 1.26.2 :
```shell
sudo apt update && \
sudo apt install -y nginx=1.26.1-2~$(lsb_release -cs)
sudo apt install -y nginx=1.26.2-1~$(lsb_release -cs)
```
!!! warning "Testing/dev version"
@ -432,10 +432,10 @@ Please ensure that you have **NGINX 1.26.1 installed before installing BunkerWeb
sudo dnf config-manager --set-enabled updates-testing
```
Fedora already provides NGINX 1.26.1 that we support :
Fedora already provides NGINX 1.26.2 that we support :
```shell
sudo dnf install -y nginx-1.26.1
sudo dnf install -y nginx-1.26.2
```
Optional step : if you want to automatically enable the [setup wizard](web-ui.md#setup-wizard) when BunkerWeb is installed, export the following variable :
@ -483,10 +483,10 @@ Please ensure that you have **NGINX 1.26.1 installed before installing BunkerWeb
module_hotfixes=true
```
You should now be able to install NGINX 1.26.1 :
You should now be able to install NGINX 1.26.2 :
```shell
sudo dnf install nginx-1.26.1
sudo dnf install nginx-1.26.2
```
Optional step : if you want to automatically enable the [setup wizard](web-ui.md#setup-wizard) when BunkerWeb is installed, export the following variable :

4
docs/security-tuning.md
View file

@ -41,6 +41,10 @@ STREAM support :x:
You can control the allowed HTTP methods by listing them (separated with "|") in the `ALLOWED_METHODS` setting (default : `GET|POST|HEAD`). Clients sending a method which is not listed will get a "405 - Method Not Allowed".
!!! note Using POST
If `POST` is required, then `OPTIONS` should also be specified to allow for the CORS pre-flight request.
### Max sizes
STREAM support :x:

822
docs/settings.md
View file

File diff suppressed because it is too large Load diff

6
examples/authentik/docker-compose.yml
View file

@ -100,11 +100,7 @@ services:
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
healthcheck:
test:
[
"CMD-SHELL",
"pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"
]
test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ]
start_period: 20s
interval: 30s
retries: 5

23
examples/community/photoprism/README.md Normal file
View file

@ -0,0 +1,23 @@
Photoprism app configuration example for bunkerweb. The app works and synchronization with the android PhotoSync app also works for every funtion that was tested.
# Procedure:
Start with the photoprism [docker compose file][PhotoprismComposeFile]. The basic file (https://dl.photoprism.app/docker/docker-compose.yml) is taken from [photoprism documentation][PhotoprismDockerDocs]
Bunkerweb specific changes are noted with *"#For bunkerweb"* at the end of the line
Check and adapt the bunkerweb configuration. Use the example [docker compose file][BunkerwebComposeFile].
Photoprism specific changes are noted with *"#photoprism specific config"*.
Adapt the rest as needed for your configurations.
Start services with `docker-compose up -d`
Configure the bunkerweb ui (https://docs.bunkerweb.io/latest/web-ui/#setup-wizard).
Use the bunkerweb ui to upload the [modsec override file][AllowmediaConfig] to configs->modsec-crs->photos.example.com app specific folder.
If prefered, copy the file manually to a folder as described in the guide (https://docs.bunkerweb.io/latest/quickstart-guide/#custom-configurations). Place it under configs/modsec-crs/.
If using the provided configuration with autoconf enabled, the photoprism app should now be working without further intervention
[PhotoprismDockerDocs]: https://docs.photoprism.app/getting-started/docker-compose/
[PhotoprismComposeFile]: photoprism-compose.yml
[BunkerwebComposeFile]: docker-compose.yml
[AllowmediaConfig]: bw.data/configs/modsec-crs/allowmedia.conf

7
examples/community/photoprism/bw.data/configs/modsec-crs/allowmedia.conf Normal file
View file

@ -0,0 +1,7 @@
SecAction \
"id:900220,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain|video/mp4|video/quicktime|video/ogg|video/3gpp|video/mpeg|video/webm|video/3gpp2|video/mp2t|video/x-msvideo|image/apng|image/avif|image/bmp|image/gif|image/jpeg|image/png|image/svg+xml|image/tiff|image/webp'"

117
examples/community/photoprism/docker-compose.yml Normal file
View file

@ -0,0 +1,117 @@
#bunkerweb 1.5.9 docker compose file with changes for photoprism app
#Configured for custom ssl cert, autoconf, and BunkerWeb UI
#photoprism specific lines indicated.
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.9
ports:
- 80:8080
- 443:8443
labels:
- "bunkerweb.INSTANCE=yes"
environment:
- SERVER_NAME=photoprism.example.com # replace with your domains
- UI_HOST=http://UiHost.example.com:7000
- DATABASE_URI=mariadb+pymysql://bunkerweb:DBPassword@bw-db:3306/db # Remember to set a stronger password for the database
- AUTOCONF_MODE=yes
- MULTISITE=yes
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- AUTO_LETS_ENCRYPT=no # using custom ssl certificate
- USE_CUSTOM_SSL=yes # using custom ssl certificate
- CUSTOM_SSL_CERT=/ssl/fullchain.pem # using custom ssl certificate
- CUSTOM_SSL_KEY=/ssl/privkey.pem # using custom ssl certificate
- ALLOWED_METHODS=GET|POST|HEAD|DELETE|PUT|MKCOL|PROPFIND|PROPPATCH #photoprism specific config - allow methods used by photoprism app and the PhotoSync android client
- MAX_CLIENT_SIZE=1024m #photoprism specific config - Increase as needed, depending on the size of the videos you want to uppload
- LIMIT_REQ_RATE=20r/s #photoprism specific config - possibly overkill, tune as needed. The default of 2r/s makes it impossible to play videos in photoprism
networks:
- bw-universe
- bw-services
volumes:
- /etc/bunkerweb/certs/fullchain.pem:/ssl/fullchain.pem:ro # using custom ssl certificate
- /etc/bunkerweb/certs/privkey.pem:/ssl/privkey.pem:ro # using custom ssl certificate
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.9
depends_on:
- bunkerweb
- bw-docker
environment:
- DATABASE_URI=mariadb+pymysql://bunkerweb:DBPassword@bw-db:3306/db # Remember to set a stronger password for the database
- AUTOCONF_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
networks:
- bw-universe
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.9
depends_on:
- bunkerweb
- bw-docker
environment:
- DATABASE_URI=mariadb+pymysql://bunkerweb:DBPassword@bw-db:3306/db # Remember to set a stronger password for the database
- DOCKER_HOST=tcp://bw-docker:2375
- AUTOCONF_MODE=yes
networks:
- bw-universe
- bw-docker
volumes:
- /etc/bunkerweb/certs/fullchain.pem:/ssl/fullchain.pem:ro # using custom ssl certificate
- /etc/bunkerweb/certs/privkey.pem:/ssl/privkey.pem:ro # using custom ssl certificate
bw-docker:
image: tecnativa/docker-socket-proxy:nightly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
networks:
- bw-docker
bw-db:
image: mariadb:10.10
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
- MYSQL_DATABASE=db
- MYSQL_USER=bunkerweb
- MYSQL_PASSWORD=DBPassword # Remember to set a stronger password for the database
volumes:
- bw-data:/var/lib/mysql
networks:
- bw-docker
UiHost:
image: bunkerity/bunkerweb-ui:1.5.9
networks:
bw-docker:
bw-universe:
aliases:
- UiHost.example.com
environment:
- USE_CUSTOM_SSL=yes # using custom ssl certificate
- CUSTOM_SSL_CERT=/ssl/fullchain.pem # using custom ssl certificate
- CUSTOM_SSL_KEY=/ssl/privkey.pem # using custom ssl certificate
- AUTOCONF_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
- DATABASE_URI=mariadb+pymysql://bunkerweb:DBPassword@bw-db:3306/db # Remember to set a stronger password for the database
volumes:
bw-data:
certs:
networks:
bw-universe:
name: bw-universe
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
name: bw-services
bw-docker:
name: bw-docker

181
examples/community/photoprism/photoprism-compose.yml Normal file
View file

@ -0,0 +1,181 @@
# Adapted Example Docker Compose config file for PhotoPrism (Linux / AMD64)
#
# ----------------------------------------------------------------------------------
# Added labels and network configurationfor bunkerweb integration
# Part of the photoprism app example for bunkerweb
# ----------------------------------------------------------------------------------
#
# Note:
# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected
# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files.
# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure
# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted
# in clear text and can be intercepted by anyone, including your provider, hackers, and governments:
# https://docs.photoprism.app/getting-started/proxies/traefik/
#
# Setup Guides:
# - https://docs.photoprism.app/getting-started/docker-compose/
# - https://docs.photoprism.app/getting-started/raspberry-pi/
# - https://www.photoprism.app/kb/activation
#
# Troubleshooting Checklists:
# - https://docs.photoprism.app/getting-started/troubleshooting/
# - https://docs.photoprism.app/getting-started/troubleshooting/docker/
# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/
#
# CLI Commands:
# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
#
# All commands may have to be prefixed with "sudo" when not running as root.
# This will point the home directory shortcut ~ to /root in volume mounts.
services:
photoprism:
## Use photoprism/photoprism:preview for testing preview builds:
image: photoprism/photoprism:latest
container_name: photoprism
networks: #For bunkerweb
bw-services: #For bunkerweb
aliases: #For bunkerweb
- photoprism #For bunkerweb
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
# restart: unless-stopped
stop_grace_period: 10s
depends_on:
- mariadb
security_opt:
- seccomp:unconfined
- apparmor:unconfined
## Server port mapping in the format "Host:Container". To use a different port, change the host port on
## the left-hand side and keep the container port, e.g. "80:2342" (for HTTP) or "443:2342 (for HTTPS):
ports:
- "2342:2342"
## Before you start the service, please check the following config options (and change them as needed):
## https://docs.photoprism.app/getting-started/config-options/
labels:
- "bunkerweb.SERVER_NAME=photos.example.com" #For bunkerweb
- "bunkerweb.USE_REVERSE_PROXY=yes" #For bunkerweb
- "bunkerweb.REVERSE_PROXY_URL=/" #For bunkerweb
- "bunkerweb.REVERSE_PROXY_HOST=http://photoprism:2342" #For bunkerweb
- "bunkerweb.REVERSE_PROXY_WS=yes" #For bunkerweb
environment:
PHOTOPRISM_ADMIN_USER: "admin" # admin login username
PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial admin password (8-72 characters)
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
PHOTOPRISM_SITE_URL: "http://localhost:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)"
PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
PHOTOPRISM_DEFAULT_TLS: "false" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
PHOTOPRISM_ORIGINALS_LIMIT: 50000 # file size limit for originals in MB (increase for high-res video)
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
PHOTOPRISM_SIDECAR_YAML: "true" # creates YAML sidecar files to back up picture metadata
PHOTOPRISM_BACKUP_PATH: "/photoprism/storage/backups"
PHOTOPRISM_BACKUP_ALBUMS: "true" # creates YAML files to back up album metadata
PHOTOPRISM_BACKUP_DATABASE: "true" # creates regular backups based on the configured schedule
PHOTOPRISM_BACKUP_SCHEDULE: "daily" # backup SCHEDULE in cron format (e.g. "0 12 * * *" for daily at noon) or at a random time (daily, weekly)
PHOTOPRISM_INDEX_SCHEDULE: "" # indexing SCHEDULE in cron format (e.g. "@every 3h" for every 3 hours; "" to disable)
PHOTOPRISM_AUTO_INDEX: 300 # delay before automatically indexing files in SECONDS when uploading via WebDAV (-1 to disable)
PHOTOPRISM_AUTO_IMPORT: -1 # delay before automatically importing files in SECONDS when uploading via WebDAV (-1 to disable)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that does not require a separate database server
PHOTOPRISM_DATABASE_DRIVER: "mysql" # MariaDB 10.5.12+ (MySQL successor) offers significantly better performance compared to SQLite
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB database server (hostname:port)
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB database schema name
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB database user name
PHOTOPRISM_DATABASE_PASSWORD: "photoprism" # MariaDB database user password
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION: "AI-Powered Photos App for the Decentralized Web" # meta site description
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
# PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
# PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840)
# PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50)
## Run/install on first startup (options: update https gpu ffmpeg tensorflow davfs clitools clean):
# PHOTOPRISM_INIT: "https gpu tensorflow"
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
PHOTOPRISM_UID: 995
PHOTOPRISM_GID: 100
# PHOTOPRISM_UID: 1000
# PHOTOPRISM_GID: 1000
# PHOTOPRISM_UMASK: 0000
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# user: "1000:1000"
## Share hardware devices with FFmpeg and TensorFlow (optional):
# devices:
# - "/dev/dri:/dev/dri" # Intel QSV
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
# - "/dev/nvidiactl:/dev/nvidiactl"
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
working_dir: "/photoprism" # do not change or remove
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
volumes:
# "/host/folder:/photoprism/folder" # Example
- "/host/folder/Pictures:/photoprism/originals" # Original media files (DO NOT REMOVE)
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
- "/host/folder/NewPhotos:/photoprism/import" # *Optional* base folder from which files can be imported to originals
- "/host/folder/SSDPhotopData/storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
## MariaDB Database Server (recommended)
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
mariadb:
image: mariadb:latest
container_name: mariadb
networks:
bw-services:
aliases:
- mariadb
## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
restart: unless-stopped
stop_grace_period: 5s
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
- seccomp:unconfined
- apparmor:unconfined
command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
volumes:
- "/host/folder/SSDPhotopData/db/:/var/lib/mysql" # DO NOT REMOVE
environment:
MARIADB_AUTO_UPGRADE: "1"
MARIADB_INITDB_SKIP_TZINFO: "1"
MARIADB_DATABASE: "photoprism"
MARIADB_USER: "photoprism"
MARIADB_PASSWORD: "photoprism"
MARIADB_ROOT_PASSWORD: "photoprism"
## Watchtower upgrades services automatically (optional)
## see https://docs.photoprism.app/getting-started/updates/#watchtower
## activate via "COMPOSE_PROFILES=update docker compose up -d"
watchtower:
restart: unless-stopped
image: containrrr/watchtower
profiles: ["update"]
environment:
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/root/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account
networks: #For bunkerweb
bw-services: #For bunkerweb
external: true #For bunkerweb
name: bw-services #For bunkerweb

2
examples/nextcloud/variables.env
View file

@ -9,7 +9,7 @@ AUTO_LETS_ENCRYPT=yes
USE_CLIENT_CACHE=yes
USE_GZIP=yes
X_FRAME_OPTIONS=SAMEORIGIN
ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS
ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS|REPORT
BAD_BEHAVIOR_STATUS_CODES=400 401 403 405 444
MAX_CLIENT_SIZE=10G
LIMIT_REQ_URL_1=/apps

10
examples/passbolt/docker-compose.yml
View file

@ -59,15 +59,7 @@ services:
DATASOURCES_DEFAULT_USERNAME: "user"
DATASOURCES_DEFAULT_PASSWORD: "db-user-pwd" # replace with a stronger password (must match MYSQL_PASSWORD)
DATASOURCES_DEFAULT_DATABASE: "passbolt"
command:
[
"/usr/bin/wait-for.sh",
"-t",
"0",
"mydb:3306",
"--",
"/docker-entrypoint.sh"
]
command: [ "/usr/bin/wait-for.sh", "-t", "0", "mydb:3306", "--", "/docker-entrypoint.sh" ]
networks:
- passbolt-net
- bw-services

2
src/VERSION
View file

@ -1 +1 @@
1.6.0-beta
1.6.0-beta

2
src/common/confs/init-worker-lua.conf
View file

@ -1,4 +1,4 @@
lua_shared_dict worker_lock 16k;
lua_shared_dict worker_lock {{ WORKERLOCK_MEMORY_SIZE }};
init_worker_by_lua_block {
-- Libs

8
src/common/core/letsencrypt/jobs/certbot-new.py
View file

@ -139,7 +139,7 @@ try:
for first_server, domains in domains_server_names.items():
generated_domains.update(domains.split(" "))
current_domains = search(rf"Domains: {first_server}(?P<domains>.*)$", stdout, MULTILINE)
current_domains = search(rf"Domains: {first_server}(?P<domains>.*)\n\s*Expiry Date: (?P<expiry_date>.*)$$", stdout, MULTILINE)
if not current_domains:
domains_to_ask[first_server] = False
continue
@ -147,6 +147,12 @@ try:
LOGGER.warning(f"Domains for {first_server} are not the same as in the certificate, asking new certificate...")
domains_to_ask[first_server] = True
continue
elif ("TEST_CERT" in current_domains.groupdict()['expiry_date'] and getenv(f"{first_server}_")):
LOGGER.warning(f"Certificate environment (staging/production) changed for {first_server}, asking new certificate...")
use_letsencrypt_staging = getenv(f"{first_server}_USE_LETS_ENCRYPT_STAGING", getenv("USE_LETS_ENCRYPT_STAGING", "no")) == "yes"
if ("TEST_CERT" in current_domains.groupdict()['expiry_date'] and not use_letsencrypt_staging) or ("TEST_CERT" not in current_domains.groupdict()['expiry_date'] and use_letsencrypt_staging):
LOGGER.warning(f"Certificate environment (staging/production) changed for {first_server}, asking new certificate...")
domains_to_ask[first_server] = True
LOGGER.info(f"Certificates already exists for domain(s) {domains}")
for first_server, domains in domains_server_names.items():

9
src/common/settings.json
View file

@ -117,6 +117,15 @@
"regex": "^(?! )(( *[^ ]+)(?!.*\\2))*$",
"type": "text"
},
"WORKERLOCK_MEMORY_SIZE": {
"context": "global",
"default": "48k",
"help": "Size of lua_shared_dict for initialization workers",
"id": "workerlock-memory-size",
"label": "Initialization Workerlock memory size",
"regex": "^\\d+[kKmMgG]?$",
"type": "text"
},
"DATASTORE_MEMORY_SIZE": {
"context": "global",
"default": "64m",

5
src/common/utils/logger.py
View file

@ -53,4 +53,9 @@ def setup_logger(title: str, level: Optional[Union[str, int]] = None) -> Logger:
level = _nameToLevel.get(level.upper(), default_level)
logger.setLevel(level)
if getenv("SCHEDULER_LOG_TO_FILE", "no") == "yes":
file_handler = FileHandler("/var/log/bunkerweb/scheduler.log")
file_handler.setFormatter(Formatter("%(asctime)s [%(name)s] [%(process)d] [%(levelname)s] - %(message)s"))
logger.addHandler(file_handler)
return logger

4
src/linux/Dockerfile-debian
View file

@ -1,4 +1,4 @@
FROM debian:bookworm-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS builder
FROM debian:bookworm-slim@sha256:ad86386827b083b3d71139050b47ffb32bbd9559ea9b1345a739b14fec2d9ecf AS builder
ENV OS=debian
ENV NGINX_VERSION=1.26.2
@ -57,7 +57,7 @@ COPY src/scheduler scheduler
COPY src/VERSION VERSION
COPY src/ui ui
FROM debian:bookworm-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc
FROM debian:bookworm-slim@sha256:ad86386827b083b3d71139050b47ffb32bbd9559ea9b1345a739b14fec2d9ecf
# Set default umask to prevent huge recursive chmod increasing the final image size
RUN umask 027

4
src/linux/Dockerfile-fedora
View file

@ -1,4 +1,4 @@
FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197c79eb0 AS builder
FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e AS builder
ENV OS=fedora
ENV NGINX_VERSION=1.26.2
@ -53,7 +53,7 @@ COPY src/scheduler scheduler
COPY src/VERSION VERSION
COPY src/ui ui
FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197c79eb0
FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e
# Set default umask to prevent huge recursive chmod increasing the final image size
RUN umask 027

2
src/linux/bunkerweb.service
View file

@ -10,7 +10,7 @@ PIDFile=/var/run/bunkerweb/scheduler.pid
ExecStart=/usr/share/bunkerweb/scripts/start.sh start
ExecStop=/usr/share/bunkerweb/scripts/start.sh stop
ExecReload=/usr/share/bunkerweb/scripts/start.sh reload
Type=simple
Type=exec
StandardOutput=journal+console
StandardError=journal+console

1
src/linux/scripts/start.sh
View file

@ -220,6 +220,7 @@ function start() {
# Execute scheduler
log "SYSTEMCTL" " " "Executing scheduler ..."
export SCHEDULER_LOG_TO_FILE=yes
sudo -E -u nginx -g nginx /bin/bash -c "PYTHONPATH=/usr/share/bunkerweb/deps/python/ /usr/share/bunkerweb/scheduler/main.py --variables /etc/bunkerweb/variables.env"
# shellcheck disable=SC2181
if [ $? -ne 0 ] ; then

1
src/scheduler/main.py
View file

@ -6,6 +6,7 @@ from datetime import datetime
from io import BytesIO
from itertools import chain
from json import load as json_load
from logging import FileHandler, Formatter
from os import _exit, environ, getenv, getpid, sep
from os.path import join
from pathlib import Path

2
src/ui/Dockerfile
View file

@ -69,7 +69,7 @@ RUN echo "Docker" > INTEGRATION && \
ln -s /proc/1/fd/2 /var/log/bunkerweb/ui.log
LABEL maintainer="Bunkerity <contact@bunkerity.com>"
LABEL version="1.5.9"
LABEL version="1.5.10"
LABEL url="https://www.bunkerweb.io"
LABEL bunkerweb.type="ui"

14
tests/Upgrade.py
View file

@ -4,7 +4,7 @@ import tempfile
import time
import pathlib
NGINX_VERSION = "1.26.1"
NGINX_VERSION = "1.26.2"
distro = sys.argv[1]
if distro == "ubuntu":
@ -595,7 +595,7 @@ elif distro == "debian":
echo "deb-src https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
apt-get update && \
apt-get install -y --no-install-recommends nginx=1.26.1-2~bookworm
apt-get install -y --no-install-recommends nginx=1.26.2-1~bookworm
apt install /data/bunkerweb.deb -y
"""
@ -947,7 +947,7 @@ elif distro == "debian":
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update && sudo apt install -y nginx=1.26.1-2~bookworm
sudo apt update && sudo apt install -y nginx=1.26.2-1~bookworm
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo apt install -y bunkerweb=1.4.5
@ -1647,15 +1647,15 @@ elif distro.startswith("rhel"):
bash_script = (
"""
dnf install yum-utils wget sudo -y
wget https://nginx.org/packages/rhel/9/x86_64/RPMS/nginx-1.26.1-2.el9.ngx.x86_64.rpm
dnf install nginx-1.26.1-2.el9.ngx.x86_64.rpm -y
wget https://nginx.org/packages/rhel/9/x86_64/RPMS/nginx-1.26.2-1.el9.ngx.x86_64.rpm
dnf install nginx-1.26.2-1.el9.ngx.x86_64.rpm -y
dnf install /data/bunkerweb.rpm -y
"""
if distro.endswith("9")
else """
dnf install yum-utils wget sudo -y
wget https://nginx.org/packages/rhel/8/x86_64/RPMS/nginx-1.26.1-2.el8.ngx.x86_64.rpm
dnf install nginx-1.26.1-2.el8.ngx.x86_64.rpm -y
wget https://nginx.org/packages/rhel/8/x86_64/RPMS/nginx-1.26.2-1.el8.ngx.x86_64.rpm
dnf install nginx-1.26.2-1.el8.ngx.x86_64.rpm -y
dnf install /data/bunkerweb.rpm -y
"""
)

1
tests/core/blacklist/docker-compose.yml
View file

@ -80,6 +80,7 @@ services:
volumes:
bw-data:
networks:
bw-universe:
name: bw-universe

1
tests/core/greylist/docker-compose.yml
View file

@ -70,6 +70,7 @@ services:
volumes:
bw-data:
networks:
bw-universe:
name: bw-universe

1
tests/core/whitelist/docker-compose.yml
View file

@ -71,6 +71,7 @@ services:
volumes:
bw-data:
networks:
bw-universe:
name: bw-universe

6
tests/linux/Dockerfile-debian
View file

@ -1,9 +1,9 @@
FROM debian:bookworm@sha256:b16cef8cbcb20935c0f052e37fc3d38dc92bfec0bcfb894c328547f81e932d67
FROM debian:bookworm@sha256:27586f4609433f2f49a9157405b473c62c3cb28a581c413393975b4e8496d0ab
ENV container docker
ENV LC_ALL C
ENV DEBIAN_FRONTEND noninteractive
ENV NGINX_VERSION 1.26.1
ENV NGINX_VERSION 1.26.2
RUN apt-get update \
&& apt-get install -y systemd systemd-sysv \
@ -29,7 +29,7 @@ RUN apt update && \
echo "deb-src https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
apt-get update && \
apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-2~bookworm
apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-1~bookworm
COPY ./package-debian/*.deb /opt

4
tests/linux/Dockerfile-fedora
View file

@ -1,7 +1,7 @@
FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197c79eb0
FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e
ENV container docker
ENV NGINX_VERSION 1.26.1
ENV NGINX_VERSION 1.26.2
RUN dnf -y update \
&& dnf -y install systemd \

2
tests/linux/Dockerfile-rhel
View file

@ -1,6 +1,6 @@
FROM redhat/ubi8-init:8.10-7@sha256:abe156db7c0da0305a3ff0808c0c682c1667b029e29e9feaa9cdf4b1341c71a4
ENV NGINX_VERSION 1.26.1
ENV NGINX_VERSION 1.26.2
# Copy rocky repo
COPY src/linux/rocky-8.repo /etc/yum.repos.d/rocky.repo

2
tests/linux/Dockerfile-rhel9
View file

@ -1,6 +1,6 @@
FROM redhat/ubi9-init:9.4-14.1726695630@sha256:4b057fecf55ad4090d95d37f2249a0a522f6603e4af60b9b75d76d415cf47d48
ENV NGINX_VERSION 1.26.1
ENV NGINX_VERSION 1.26.2
# Copy rocky repo
COPY src/linux/rocky-9.repo /etc/yum.repos.d/rocky.repo

4
tests/linux/Dockerfile-ubuntu
View file

@ -3,7 +3,7 @@ FROM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e7666
ENV container docker
ENV LC_ALL C
ENV DEBIAN_FRONTEND noninteractive
ENV NGINX_VERSION 1.26.1
ENV NGINX_VERSION 1.26.2
RUN apt-get update \
&& apt-get install -y systemd systemd-sysv \
@ -29,7 +29,7 @@ RUN apt update && \
echo "deb-src https://nginx.org/packages/ubuntu/ noble nginx" >> /etc/apt/sources.list.d/nginx.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
apt-get update && \
apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-2~noble
apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-1~noble
COPY ./package-ubuntu/*.deb /opt

4
tests/linux/Dockerfile-ubuntu-jammy
View file

@ -3,7 +3,7 @@ FROM ubuntu:22.04@sha256:340d9b015b194dc6e2a13938944e0d016e57b9679963fdeb9ce021d
ENV container docker
ENV LC_ALL C
ENV DEBIAN_FRONTEND noninteractive
ENV NGINX_VERSION 1.26.1
ENV NGINX_VERSION 1.26.2
RUN apt-get update \
&& apt-get install -y systemd systemd-sysv \
@ -29,7 +29,7 @@ RUN apt update && \
echo "deb-src https://nginx.org/packages/ubuntu/ jammy nginx" >> /etc/apt/sources.list.d/nginx.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
apt-get update && \
apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-2~jammy
apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-1~jammy
COPY ./package-ubuntu-jammy/*.deb /opt

4
tests/terraform/providers.tf
View file

@ -2,7 +2,7 @@ terraform {
required_providers {
scaleway = {
source = "scaleway/scaleway"
version = "2.41.3"
version = "2.44.0"
}
kubectl = {
source = "gavinbunney/kubectl"
@ -10,7 +10,7 @@ terraform {
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.31.0"
version = "2.32.0"
}
}
}

1
tests/ui/docker-compose.yml
View file

@ -89,6 +89,7 @@ volumes:
bw-data:
bw-db:
networks:
bw-universe:
name: bw-universe