diff --git a/docs/integrations.md b/docs/integrations.md index 762778d65..4e4c8c80e 100644 --- a/docs/integrations.md +++ b/docs/integrations.md @@ -93,7 +93,11 @@ volumes: !!! warning BunkerWeb runs as an **unprivileged user with UID 101 and GID 101** inside the container. The reason behind this is the security : in case a vulnerability is exploited, the attacker won't have full root (UID/GID 0) privileges. But there is a downside : if you use a **local folder for the persistent data**, you will need to **set the correct permissions** so the unprivileged user can write data to it. Something like that should do the trick : - `shell mkdir bw-data && \ chown root:101 bw-data && \ chmod 770 bw-data ` + ```shell + mkdir bw-data && \ + chown root:101 bw-data && \ + chmod 770 bw-data + ``` Alternatively, if the folder already exists : diff --git a/docs/quickstart-guide.md b/docs/quickstart-guide.md index 799043f54..12752043d 100644 --- a/docs/quickstart-guide.md +++ b/docs/quickstart-guide.md @@ -1140,7 +1140,35 @@ Some integrations offer a more convenient way of applying configurations for exa === "Docker" - When using the [Docker integration](/1.4/integrations/#docker), custom configurations must be written to the volume mounted on /data. + When using the [Docker integration](/1.4/integrations/#docker), you have two choices for adding custom configurations : + + - Using specific settings `*_CUSTOM_CONF_*` as environment variable (easiest) + - Writing .conf files to the volume mounted on /data + + **Using settings** + + The custom setting to use must follow the pattern `_CUSTOM_CONF__` : + + - `` : optional primary server name if multisite mode is enabled and the config must be applied to a specific service + - `` : the type of config, accepted values are `HTTP`, `DEFAULT_SERVER_HTTP`, `SERVER_HTTP`, `MODSEC` and `MODSEC_CRS` + - `` : the name of your config without the .conf suffix + + Here is a dummy example using a docker-compose file : + ```yaml + mybunker: + image: bunkerity/bunkerweb:1.4.2 + environment: + - | + CUSTOM_CONF_SERVER_HTTP_test= + location /hello { + default_type 'text/plain'; + content_by_lua_block { + ngx.say('world') + } + ... + ``` + + **Using files** The first thing to do is to create the folders : ```shell @@ -1200,25 +1228,19 @@ Some integrations offer a more convenient way of applying configurations for exa }" > ./bw-data/configs/server-http/hello-world.conf ``` - Because BunkerWeb runs as an unprivileged user with UID and GID 101, you will need to edit the permissions : - ```shell - chown -R root:101 bw-data && \ - chmod -R 770 bw-data - ``` - - When starting the BunkerWeb container, you will need to mount the folder on /data : + When starting the BunkerWeb autoconf container, you will need to mount the folder on /data : ```shell docker run \ ... -v "${PWD}/bw-data:/data" \ ... - bunkerity/bunkerweb:1.4.2 + bunkerity/bunkerweb-autoconf:1.4.2 ``` Here is the docker-compose equivalent : ```yaml - mybunker: - image: bunkerity/bunkerweb:1.4.2 + myautoconf: + image: bunkerity/bunkerweb-autoconf:1.4.2 volumes: - ./bw-data:/data ... diff --git a/helpers/entrypoint.sh b/helpers/entrypoint.sh index 42cea970a..fedb13e69 100644 --- a/helpers/entrypoint.sh +++ b/helpers/entrypoint.sh @@ -46,24 +46,28 @@ fi if [ "$SWARM_MODE" != "yes" ] && [ "$KUBERNETES_MODE" != "yes" ] && [ "$AUTOCONF_MODE" != "yes" ] ; then # extract and drop configs - for var_name in $(compgen -v) ; do - extracted=$(echo "$var_name" | | sed -r 's/^([a-z\.\-]*)_?CUSTOM_CONF_(HTTP|DEFAULT_SERVER_HTTP|SERVER_HTTP|MODSEC|MODSEC_CRS)_(.*)$/\1 \2 \3/g') + for var_name in $(compgen -e) ; do + extracted=$(echo "$var_name" | sed -r 's/^([a-z\.\-]*)_?CUSTOM_CONF_(HTTP|DEFAULT_SERVER_HTTP|SERVER_HTTP|MODSEC|MODSEC_CRS)_(.*)$/\1 \2 \3/g') site=$(echo "$extracted" | cut -d ' ' -f 1) - type=$(echo "$extracted" | cut -d ' ' -f 2 | tr '[:upper:]' '[:lower:]' | sed 's/_/-/') + type=$(echo "$extracted" | cut -d ' ' -f 2 | grep -E '(HTTP|DEFAULT_SERVER_HTTP|SERVER_HTTP|MODSEC|MODSEC_CRS)' | tr '[:upper:]' '[:lower:]' | sed 's/_/-/') name=$(echo "$extracted" | cut -d ' ' -f 3) - if [ "$type" = "" ] ; then + if [ "$type" = "" ] || [ "$name" = "" ] ; then continue fi + target="/data/configs/${type}/" if [ "$site" != "" ] && [ ! -d "/data/configs/${type}/${site}" ] ; then - mkdir "/data/configs/${type}/${site}" + target="${target}/${site}/" + mkdir "$target" fi - echo "${!var_name}" > "/data/configs/${type}/${site}/${name}.conf" + target="${target}${name}.conf" + log "ENTRYPOINT" "ℹ️" "Saving custom config to $target ..." + echo "${!var_name}" > "$target" done # execute temp nginx with no server export TEMP_NGINX="yes" log "ENTRYPOINT" "ℹ️" "Generating configuration for temp nginx ..." - env | grep -E -v "^(HOSTNAME|PWD|PKG_RELEASE|NJS_VERSION|SHLVL|PATH|_|NGINX_VERSION|HOME)=" > "/tmp/variables.env" + get_env > "/tmp/variables.env" /opt/bunkerweb/gen/main.py --settings /opt/bunkerweb/settings.json --templates /opt/bunkerweb/confs --output /etc/nginx --variables /tmp/variables.env if [ "$?" -ne 0 ] ; then log "ENTRYPOINT" "❌" "Generator failed" @@ -95,7 +99,7 @@ log "ENTRYPOINT" "ℹ️" "Generating configuration ..." if [ "$SWARM_MODE" = "yes" ] || [ "$KUBERNETES_MODE" = "yes" ] || [ "$AUTOCONF_MODE" = "yes" ] ; then export SERVER_NAME= fi -env | grep -E -v "^(HOSTNAME|PWD|PKG_RELEASE|NJS_VERSION|SHLVL|PATH|_|NGINX_VERSION|HOME)=" > "/tmp/variables.env" +get_env > "/tmp/variables.env" /opt/bunkerweb/gen/main.py --settings /opt/bunkerweb/settings.json --templates /opt/bunkerweb/confs --output /etc/nginx --variables /tmp/variables.env if [ "$?" -ne 0 ] ; then log "ENTRYPOINT" "❌" "Generator failed" diff --git a/helpers/utils.sh b/helpers/utils.sh index 7745f15ad..ca5bf7807 100644 --- a/helpers/utils.sh +++ b/helpers/utils.sh @@ -51,3 +51,12 @@ function log() { echo "$when $category - $severity - $message" } +# get only interesting env (var=value) +function get_env() { +for var_name in $(compgen -e) ; do + filter=$(echo -n "$var_name" | sed -r 's/^(HOSTNAME|PWD|PKG_RELEASE|NJS_VERSION|SHLVL|PATH|_|NGINX_VERSION|HOME|([a-z\.\-]*)_?CUSTOM_CONF_(HTTP|DEFAULT_SERVER_HTTP|SERVER_HTTP|MODSEC|MODSEC_CRS)_(.*))$//g') + if [ "$filter" != "" ] ; then + echo "${var_name}=${!var_name}" + fi +done +} \ No newline at end of file