From 8bde67681ef8915566020e0273d49c396c2a2e3a Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Fri, 13 Dec 2024 16:36:25 +0800 Subject: [PATCH 01/42] getjerry customize branch --- src/autoconf/IngressController.py | 4 +++- .../reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- src/common/core/ui/confs/default-server-http/ui.conf | 3 --- src/common/db/model.py | 8 ++++---- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/autoconf/IngressController.py b/src/autoconf/IngressController.py index 865f279961..e62acef98e 100644 --- a/src/autoconf/IngressController.py +++ b/src/autoconf/IngressController.py @@ -66,6 +66,8 @@ def _to_services(self, controller_service) -> List[dict]: return [] namespace = controller_service.metadata.namespace services = [] + if controller_service.metadata.annotations is None or "bunkerweb.io" not in controller_service.metadata.annotations: + return [] # parse rules for rule in controller_service.spec.rules: if not rule.host: @@ -210,7 +212,7 @@ def __process_event(self, event): if obj.kind == "Pod": return annotations and "bunkerweb.io/INSTANCE" in annotations if obj.kind == "Ingress": - return True + return annotations and "bunkerweb.io" in annotations if obj.kind == "ConfigMap": return annotations and "bunkerweb.io/CONFIG_TYPE" in annotations if obj.kind == "Service": diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index eacc209017..7171e4eb0a 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} "{{ host }}"; + set $backend{{ counter.value }} "http://ingress-nginx-controller.kube-system.svc.cluster.local:80";; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/src/common/core/ui/confs/default-server-http/ui.conf b/src/common/core/ui/confs/default-server-http/ui.conf index f5547b9fa6..5589dbf4d5 100644 --- a/src/common/core/ui/confs/default-server-http/ui.conf +++ b/src/common/core/ui/confs/default-server-http/ui.conf @@ -4,9 +4,6 @@ access_by_lua_block { local scheme = ngx_var.scheme local http_host = ngx_var.http_host local request_uri = ngx_var.request_uri - if scheme == "http" and http_host ~= nil and http_host ~= "" and request_uri and request_uri ~= "" then - return ngx.redirect("https://" .. http_host .. request_uri, ngx.HTTP_MOVED_PERMANENTLY) - end } location /setup { etag off; diff --git a/src/common/db/model.py b/src/common/db/model.py index 03ed953a8b..ebea4eb279 100644 --- a/src/common/db/model.py +++ b/src/common/db/model.py @@ -115,7 +115,7 @@ class Global_values(Base): class Services(Base): __tablename__ = "bw_services" - id = Column(String(64), primary_key=True) + id = Column(String(255), primary_key=True) method = Column(METHODS_ENUM, nullable=False) is_draft = Column(Boolean, default=False, nullable=False) @@ -127,7 +127,7 @@ class Services(Base): class Services_settings(Base): __tablename__ = "bw_services_settings" - service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), primary_key=True) + service_id = Column(String(255), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), primary_key=True) setting_id = Column(String(256), ForeignKey("bw_settings.id", onupdate="cascade", ondelete="cascade"), primary_key=True) value = Column(TEXT, nullable=False) suffix = Column(Integer, primary_key=True, nullable=True, default=0) @@ -172,7 +172,7 @@ class Jobs_cache(Base): id = Column(Integer, Identity(start=1, increment=1), primary_key=True) job_name = Column(String(128), ForeignKey("bw_jobs.name", onupdate="cascade", ondelete="cascade"), nullable=False) - service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) + service_id = Column(String(255), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) file_name = Column(String(256), nullable=False) data = Column(LargeBinary(length=(2**32) - 1), nullable=True) last_update = Column(DateTime, nullable=True) @@ -187,7 +187,7 @@ class Custom_configs(Base): __table_args__ = (UniqueConstraint("service_id", "type", "name"),) id = Column(Integer, Identity(start=1, increment=1), primary_key=True) - service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) + service_id = Column(String(255), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) type = Column(CUSTOM_CONFIGS_TYPES_ENUM, nullable=False) name = Column(String(256), nullable=False) data = Column(LargeBinary(length=(2**32) - 1), nullable=False) From 43bd7808351c9f35279be0a64fb1daf8b3662c01 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Sat, 14 Dec 2024 10:47:11 +0800 Subject: [PATCH 02/42] getjerry customize branch --- .../reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- src/common/core/ui/confs/default-server-http/ui.conf | 3 +++ src/common/db/model.py | 8 ++++---- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index 7171e4eb0a..eacc209017 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} "http://ingress-nginx-controller.kube-system.svc.cluster.local:80";; + set $backend{{ counter.value }} "{{ host }}"; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/src/common/core/ui/confs/default-server-http/ui.conf b/src/common/core/ui/confs/default-server-http/ui.conf index 5589dbf4d5..f5547b9fa6 100644 --- a/src/common/core/ui/confs/default-server-http/ui.conf +++ b/src/common/core/ui/confs/default-server-http/ui.conf @@ -4,6 +4,9 @@ access_by_lua_block { local scheme = ngx_var.scheme local http_host = ngx_var.http_host local request_uri = ngx_var.request_uri + if scheme == "http" and http_host ~= nil and http_host ~= "" and request_uri and request_uri ~= "" then + return ngx.redirect("https://" .. http_host .. request_uri, ngx.HTTP_MOVED_PERMANENTLY) + end } location /setup { etag off; diff --git a/src/common/db/model.py b/src/common/db/model.py index ebea4eb279..03ed953a8b 100644 --- a/src/common/db/model.py +++ b/src/common/db/model.py @@ -115,7 +115,7 @@ class Global_values(Base): class Services(Base): __tablename__ = "bw_services" - id = Column(String(255), primary_key=True) + id = Column(String(64), primary_key=True) method = Column(METHODS_ENUM, nullable=False) is_draft = Column(Boolean, default=False, nullable=False) @@ -127,7 +127,7 @@ class Services(Base): class Services_settings(Base): __tablename__ = "bw_services_settings" - service_id = Column(String(255), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), primary_key=True) + service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), primary_key=True) setting_id = Column(String(256), ForeignKey("bw_settings.id", onupdate="cascade", ondelete="cascade"), primary_key=True) value = Column(TEXT, nullable=False) suffix = Column(Integer, primary_key=True, nullable=True, default=0) @@ -172,7 +172,7 @@ class Jobs_cache(Base): id = Column(Integer, Identity(start=1, increment=1), primary_key=True) job_name = Column(String(128), ForeignKey("bw_jobs.name", onupdate="cascade", ondelete="cascade"), nullable=False) - service_id = Column(String(255), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) + service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) file_name = Column(String(256), nullable=False) data = Column(LargeBinary(length=(2**32) - 1), nullable=True) last_update = Column(DateTime, nullable=True) @@ -187,7 +187,7 @@ class Custom_configs(Base): __table_args__ = (UniqueConstraint("service_id", "type", "name"),) id = Column(Integer, Identity(start=1, increment=1), primary_key=True) - service_id = Column(String(255), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) + service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) type = Column(CUSTOM_CONFIGS_TYPES_ENUM, nullable=False) name = Column(String(256), nullable=False) data = Column(LargeBinary(length=(2**32) - 1), nullable=False) From 324f0b6cf49fa4e241638b8124a01b99aab34f6d Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Sat, 14 Dec 2024 08:13:11 +0000 Subject: [PATCH 03/42] log config change --- src/autoconf/Config.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/autoconf/Config.py b/src/autoconf/Config.py index 3ce254d9c3..0846a10174 100644 --- a/src/autoconf/Config.py +++ b/src/autoconf/Config.py @@ -82,7 +82,9 @@ def wait_applying(self, startup: bool = False): i = 0 while i < 60: curr_changes = self._db.check_changes() + self.__logger.info(f"current changed: {curr_changes}") first_config_saved = self._db.is_first_config_saved() + self.__logger.info(f"first config saved: {first_config_saved}") if isinstance(curr_changes, str): if not startup: self.__logger.error(f"An error occurred when checking for changes in the database : {curr_changes}") From 682e4e83176e8db3b0915bd39cab4fdfaca2bb43 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 10:39:24 +0800 Subject: [PATCH 04/42] getjerry customize branch --- .../core/reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index 7171e4eb0a..49192b2bb1 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} "http://ingress-nginx-controller.kube-system.svc.cluster.local:80";; + set $backend{{ counter.value }} "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 43749bb8447ae74d9048d20f27091db6cb6bd28e Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 14:44:37 +0800 Subject: [PATCH 05/42] getjerry customize branch --- src/common/confs/default-server-http.conf | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index 768c7951eb..6b51bf7069 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -47,6 +47,27 @@ server { {% endif %} {% endif %} +location / { + etag off; + http2 on; + proxy_pass "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_buffering on; + + # Support WebSocket + proxy_http_version 1.1; + + proxy_connect_timeout 60s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; +} + {% if IS_LOADING == "yes" +%} location / { etag off; From e60a25e4705638a29b033fb810da00314dc72de6 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 15:22:42 +0800 Subject: [PATCH 06/42] getjerry customize branch --- src/common/confs/default-server-http.conf | 36 ++++++++++------------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index 6b51bf7069..cdbe78a253 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -47,27 +47,6 @@ server { {% endif %} {% endif %} -location / { - etag off; - http2 on; - proxy_pass "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - - proxy_buffering on; - - # Support WebSocket - proxy_http_version 1.1; - - proxy_connect_timeout 60s; - proxy_read_timeout 600s; - proxy_send_timeout 600s; -} - {% if IS_LOADING == "yes" +%} location / { etag off; @@ -212,3 +191,18 @@ location / { } } + +location / { + etag off; + proxy_pass "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_connect_timeout 60s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; +} From f7ff383273104f82baa5f7975b1eb4404e4c8493 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 15:57:42 +0800 Subject: [PATCH 07/42] getjerry customize branch --- src/common/confs/default-server-http.conf | 29 ++++++------ .../confs/default-server-http/disable.conf | 7 --- .../misc/confs/default-server-http/page.conf | 47 ------------------- 3 files changed, 14 insertions(+), 69 deletions(-) delete mode 100644 src/common/core/misc/confs/default-server-http/page.conf diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index cdbe78a253..4e04b34837 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -190,19 +190,18 @@ server { } -} - -location / { - etag off; - proxy_pass "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - - proxy_connect_timeout 60s; - proxy_read_timeout 600s; - proxy_send_timeout 600s; + location / { + etag off; + proxy_pass "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_connect_timeout 60s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } } diff --git a/src/common/core/misc/confs/default-server-http/disable.conf b/src/common/core/misc/confs/default-server-http/disable.conf index 96fa324fae..446838bedc 100644 --- a/src/common/core/misc/confs/default-server-http/disable.conf +++ b/src/common/core/misc/confs/default-server-http/disable.conf @@ -1,10 +1,3 @@ -{% if DISABLE_DEFAULT_SERVER == "yes" +%} -location / { - set $reason "default"; - set $reason_data ""; - return {{ DENY_HTTP_STATUS }}; -} -{% endif %} {% if DISABLE_DEFAULT_SERVER_STRICT_SNI == "yes" +%} ssl_client_hello_by_lua_block { local ssl_clt = require "ngx.ssl.clienthello" diff --git a/src/common/core/misc/confs/default-server-http/page.conf b/src/common/core/misc/confs/default-server-http/page.conf deleted file mode 100644 index e810fa767d..0000000000 --- a/src/common/core/misc/confs/default-server-http/page.conf +++ /dev/null @@ -1,47 +0,0 @@ -{% if IS_LOADING != "yes" and DISABLE_DEFAULT_SERVER == "no" +%} -location / { - etag off; - add_header Last-Modified ""; - server_tokens off; - default_type 'text/html'; - root /usr/share/bunkerweb/core/misc/files; - content_by_lua_block { - local utils = require "bunkerweb.utils" - local rand = utils.rand - local subsystem = ngx.config.subsystem - - local template - local render = nil - if subsystem == "http" then - template = require "resty.template" - render = template.render - end - - local nonce_style = rand(16) - - -- Override CSP header - ngx.header["Content-Security-Policy"] = "default-src 'none'; frame-ancestors 'none'; form-action 'self'; img-src 'self' data:; style-src 'self' 'nonce-" - .. nonce_style - .. "'; font-src 'self' data:; base-uri 'self'; require-trusted-types-for 'script'; block-all-mixed-content; upgrade-insecure-requests;" - - -- Remove server header - ngx.header["Server"] = nil - - -- Override HSTS header - if ngx.var.scheme == "https" then - ngx.header["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" - end - - -- Override X-Content-Type-Options header - ngx.header["X-Content-Type-Options"] = "nosniff" - - -- Override Referrer-Policy header - ngx.header["Referrer-Policy"] = "no-referrer" - - -- Render template - render("default.html", { - nonce_style = nonce_style, - }) - } -} -{% endif %} From b96e23ccd71d2bff6d52114ef2464a95f6c81449 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 17:58:55 +0800 Subject: [PATCH 08/42] fix issue --- src/common/confs/default-server-http.conf | 14 ------ .../confs/default-server-http/disable.conf | 7 +++ .../misc/confs/default-server-http/page.conf | 47 +++++++++++++++++++ 3 files changed, 54 insertions(+), 14 deletions(-) create mode 100644 src/common/core/misc/confs/default-server-http/page.conf diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index 4e04b34837..768c7951eb 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -190,18 +190,4 @@ server { } - location / { - etag off; - proxy_pass "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - - proxy_connect_timeout 60s; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - } } diff --git a/src/common/core/misc/confs/default-server-http/disable.conf b/src/common/core/misc/confs/default-server-http/disable.conf index 446838bedc..96fa324fae 100644 --- a/src/common/core/misc/confs/default-server-http/disable.conf +++ b/src/common/core/misc/confs/default-server-http/disable.conf @@ -1,3 +1,10 @@ +{% if DISABLE_DEFAULT_SERVER == "yes" +%} +location / { + set $reason "default"; + set $reason_data ""; + return {{ DENY_HTTP_STATUS }}; +} +{% endif %} {% if DISABLE_DEFAULT_SERVER_STRICT_SNI == "yes" +%} ssl_client_hello_by_lua_block { local ssl_clt = require "ngx.ssl.clienthello" diff --git a/src/common/core/misc/confs/default-server-http/page.conf b/src/common/core/misc/confs/default-server-http/page.conf new file mode 100644 index 0000000000..e810fa767d --- /dev/null +++ b/src/common/core/misc/confs/default-server-http/page.conf @@ -0,0 +1,47 @@ +{% if IS_LOADING != "yes" and DISABLE_DEFAULT_SERVER == "no" +%} +location / { + etag off; + add_header Last-Modified ""; + server_tokens off; + default_type 'text/html'; + root /usr/share/bunkerweb/core/misc/files; + content_by_lua_block { + local utils = require "bunkerweb.utils" + local rand = utils.rand + local subsystem = ngx.config.subsystem + + local template + local render = nil + if subsystem == "http" then + template = require "resty.template" + render = template.render + end + + local nonce_style = rand(16) + + -- Override CSP header + ngx.header["Content-Security-Policy"] = "default-src 'none'; frame-ancestors 'none'; form-action 'self'; img-src 'self' data:; style-src 'self' 'nonce-" + .. nonce_style + .. "'; font-src 'self' data:; base-uri 'self'; require-trusted-types-for 'script'; block-all-mixed-content; upgrade-insecure-requests;" + + -- Remove server header + ngx.header["Server"] = nil + + -- Override HSTS header + if ngx.var.scheme == "https" then + ngx.header["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" + end + + -- Override X-Content-Type-Options header + ngx.header["X-Content-Type-Options"] = "nosniff" + + -- Override Referrer-Policy header + ngx.header["Referrer-Policy"] = "no-referrer" + + -- Render template + render("default.html", { + nonce_style = nonce_style, + }) + } +} +{% endif %} From 42a34698f693f124e1a171b6893650af75b6ce68 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 18:10:24 +0800 Subject: [PATCH 09/42] fix issue --- .../core/reverseproxy/confs/server-http/reverse-proxy.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index 49192b2bb1..e8dc81da0d 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -51,6 +51,7 @@ add_header X-Proxy-Cache $upstream_cache_status; location {{ url }} {% raw %}{{% endraw +%} etag off; set $backend{{ counter.value }} "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; + proxy_protocol on; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From aaee59987fd3825b1cbb1015a6d50c0ab9a658c7 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 21:49:58 +0800 Subject: [PATCH 10/42] fix issue --- src/common/confs/default-server-http.conf | 19 ++++++++ .../confs/default-server-http/disable.conf | 6 --- .../misc/confs/default-server-http/page.conf | 47 ------------------- .../confs/server-http/reverse-proxy.conf | 1 - 4 files changed, 19 insertions(+), 54 deletions(-) delete mode 100644 src/common/core/misc/confs/default-server-http/page.conf diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index 768c7951eb..ec8ec8a607 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -190,4 +190,23 @@ server { } + location / { + etag off; + proxy_pass "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_set_header X-Forwarded-Prefix "/"; + + proxy_buffering on; + + proxy_connect_timeout 60s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + + } } diff --git a/src/common/core/misc/confs/default-server-http/disable.conf b/src/common/core/misc/confs/default-server-http/disable.conf index 96fa324fae..4da392c48c 100644 --- a/src/common/core/misc/confs/default-server-http/disable.conf +++ b/src/common/core/misc/confs/default-server-http/disable.conf @@ -1,9 +1,3 @@ -{% if DISABLE_DEFAULT_SERVER == "yes" +%} -location / { - set $reason "default"; - set $reason_data ""; - return {{ DENY_HTTP_STATUS }}; -} {% endif %} {% if DISABLE_DEFAULT_SERVER_STRICT_SNI == "yes" +%} ssl_client_hello_by_lua_block { diff --git a/src/common/core/misc/confs/default-server-http/page.conf b/src/common/core/misc/confs/default-server-http/page.conf deleted file mode 100644 index e810fa767d..0000000000 --- a/src/common/core/misc/confs/default-server-http/page.conf +++ /dev/null @@ -1,47 +0,0 @@ -{% if IS_LOADING != "yes" and DISABLE_DEFAULT_SERVER == "no" +%} -location / { - etag off; - add_header Last-Modified ""; - server_tokens off; - default_type 'text/html'; - root /usr/share/bunkerweb/core/misc/files; - content_by_lua_block { - local utils = require "bunkerweb.utils" - local rand = utils.rand - local subsystem = ngx.config.subsystem - - local template - local render = nil - if subsystem == "http" then - template = require "resty.template" - render = template.render - end - - local nonce_style = rand(16) - - -- Override CSP header - ngx.header["Content-Security-Policy"] = "default-src 'none'; frame-ancestors 'none'; form-action 'self'; img-src 'self' data:; style-src 'self' 'nonce-" - .. nonce_style - .. "'; font-src 'self' data:; base-uri 'self'; require-trusted-types-for 'script'; block-all-mixed-content; upgrade-insecure-requests;" - - -- Remove server header - ngx.header["Server"] = nil - - -- Override HSTS header - if ngx.var.scheme == "https" then - ngx.header["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" - end - - -- Override X-Content-Type-Options header - ngx.header["X-Content-Type-Options"] = "nosniff" - - -- Override Referrer-Policy header - ngx.header["Referrer-Policy"] = "no-referrer" - - -- Render template - render("default.html", { - nonce_style = nonce_style, - }) - } -} -{% endif %} diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index e8dc81da0d..49192b2bb1 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -51,7 +51,6 @@ add_header X-Proxy-Cache $upstream_cache_status; location {{ url }} {% raw %}{{% endraw +%} etag off; set $backend{{ counter.value }} "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; - proxy_protocol on; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 0ad3169fa1a208a115727bb69f81c6a8f98eb0e6 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 21:56:10 +0800 Subject: [PATCH 11/42] fix issue --- src/common/core/misc/confs/default-server-http/disable.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/src/common/core/misc/confs/default-server-http/disable.conf b/src/common/core/misc/confs/default-server-http/disable.conf index 4da392c48c..446838bedc 100644 --- a/src/common/core/misc/confs/default-server-http/disable.conf +++ b/src/common/core/misc/confs/default-server-http/disable.conf @@ -1,4 +1,3 @@ -{% endif %} {% if DISABLE_DEFAULT_SERVER_STRICT_SNI == "yes" +%} ssl_client_hello_by_lua_block { local ssl_clt = require "ngx.ssl.clienthello" From 1591e4d329340991e283830f57a3469f44e467bb Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 22:12:13 +0800 Subject: [PATCH 12/42] fix issue --- src/common/confs/default-server-http.conf | 2 +- .../core/reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index ec8ec8a607..b94272dfd5 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -192,7 +192,7 @@ server { location / { etag off; - proxy_pass "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; + proxy_pass "https://api-stage.ing.getjerry.com"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index 49192b2bb1..f2e048c3e4 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} "http://ingress-nginx-controller.kube-system.svc.cluster.local:80"; + set $backend{{ counter.value }} "https://api-stage.ing.getjerry.com"; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 34ba83fe633c244f816d6418edfea81bac1d24ef Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 22:49:47 +0800 Subject: [PATCH 13/42] fix issue --- src/autoconf/IngressController.py | 34 +---------------------- src/common/confs/default-server-http.conf | 19 ------------- 2 files changed, 1 insertion(+), 52 deletions(-) diff --git a/src/autoconf/IngressController.py b/src/autoconf/IngressController.py index e62acef98e..de31a0d705 100644 --- a/src/autoconf/IngressController.py +++ b/src/autoconf/IngressController.py @@ -82,39 +82,7 @@ def _to_services(self, controller_service) -> List[dict]: continue location = 1 for path in rule.http.paths: - if not path.path: - self._logger.warning( - "Ignoring unsupported ingress rule without path.", - ) - continue - elif not path.backend.service: - self._logger.warning( - "Ignoring unsupported ingress rule without backend service.", - ) - continue - elif not path.backend.service.port: - self._logger.warning( - "Ignoring unsupported ingress rule without backend service port.", - ) - continue - elif not path.backend.service.port.number: - self._logger.warning( - "Ignoring unsupported ingress rule without backend service port number.", - ) - continue - - service_list = self.__corev1.list_service_for_all_namespaces( - watch=False, - field_selector=f"metadata.name={path.backend.service.name},metadata.namespace={namespace}", - ).items - - if not service_list: - self._logger.warning( - f"Ignoring ingress rule with service {path.backend.service.name} : service not found.", - ) - continue - - reverse_proxy_host = f"http://{path.backend.service.name}.{namespace}.svc.cluster.local:{path.backend.service.port.number}" + reverse_proxy_host = "https://api-stage.ing.getjerry.com" service.update( { "USE_REVERSE_PROXY": "yes", diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index b94272dfd5..768c7951eb 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -190,23 +190,4 @@ server { } - location / { - etag off; - proxy_pass "https://api-stage.ing.getjerry.com"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - - proxy_set_header X-Forwarded-Prefix "/"; - - proxy_buffering on; - - proxy_connect_timeout 60s; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - - } } From b436eb6277dddd95d9db83eb49c54de4e5f1f136 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 22:52:15 +0800 Subject: [PATCH 14/42] fix issue --- .../core/reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index f2e048c3e4..eacc209017 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} "https://api-stage.ing.getjerry.com"; + set $backend{{ counter.value }} "{{ host }}"; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 218c791afaff4630e36c1027f6bd4b102ac34e2b Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 23:06:41 +0800 Subject: [PATCH 15/42] fix issue --- .../core/reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index eacc209017..f2e048c3e4 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} "{{ host }}"; + set $backend{{ counter.value }} "https://api-stage.ing.getjerry.com"; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 331f64d0960c193f32e76e5f43137ddc601e9923 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 23:17:42 +0800 Subject: [PATCH 16/42] fix issue --- src/common/confs/default-server-http.conf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index 768c7951eb..b94272dfd5 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -190,4 +190,23 @@ server { } + location / { + etag off; + proxy_pass "https://api-stage.ing.getjerry.com"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_set_header X-Forwarded-Prefix "/"; + + proxy_buffering on; + + proxy_connect_timeout 60s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + + } } From e5b19ac54a92cc051f579f487d86923c3db628ca Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 23:33:49 +0800 Subject: [PATCH 17/42] fix issue --- .../core/reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index f2e048c3e4..68eae950ed 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} "https://api-stage.ing.getjerry.com"; + set $backend{{ counter.value }} {{ host }} proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From f1a84c326438a511df7b9cb49eaea461ecdd869c Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 23:34:33 +0800 Subject: [PATCH 18/42] fix issue --- .../core/reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index 68eae950ed..eacc209017 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} {{ host }} + set $backend{{ counter.value }} "{{ host }}"; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From 110ad033be7d557797e76c16046a202ac7ac757d Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 16 Dec 2024 23:46:16 +0800 Subject: [PATCH 19/42] fix issue --- src/common/confs/default-server-http.conf | 39 +++++++++++------------ 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index b94272dfd5..31a74d6944 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -97,6 +97,25 @@ server { }) } } +{% else +%} + location / { + etag off; + proxy_pass "https://api-stage.ing.getjerry.com"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_set_header X-Forwarded-Prefix "/"; + + proxy_buffering on; + + proxy_connect_timeout 60s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } {% endif %} # include core and plugins default-server configurations @@ -189,24 +208,4 @@ server { logger:log(INFO, "log_default phase ended") } - - location / { - etag off; - proxy_pass "https://api-stage.ing.getjerry.com"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - - proxy_set_header X-Forwarded-Prefix "/"; - - proxy_buffering on; - - proxy_connect_timeout 60s; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - - } } From fe01adb24413bbf6e1191b24fba654ec9835b558 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Tue, 17 Dec 2024 08:36:29 +0800 Subject: [PATCH 20/42] fix issue --- .../core/reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index eacc209017..f2e048c3e4 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} "{{ host }}"; + set $backend{{ counter.value }} "https://api-stage.ing.getjerry.com"; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From b08be7b6ddee4915d792c185a13fb89ac29169bb Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Tue, 17 Dec 2024 09:26:29 +0800 Subject: [PATCH 21/42] fix issue --- .../core/reverseproxy/confs/server-http/reverse-proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index f2e048c3e4..eacc209017 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -50,7 +50,7 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} location {{ url }} {% raw %}{{% endraw +%} etag off; - set $backend{{ counter.value }} "https://api-stage.ing.getjerry.com"; + set $backend{{ counter.value }} "{{ host }}"; proxy_pass $backend{{ counter.value }}; proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From c469855a4acdafbe2329dd583b433ca0580a7eb4 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Tue, 17 Dec 2024 15:47:42 +0800 Subject: [PATCH 22/42] fix issue --- src/bw/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bw/entrypoint.sh b/src/bw/entrypoint.sh index 3eab5b7c63..d08e5ec64f 100644 --- a/src/bw/entrypoint.sh +++ b/src/bw/entrypoint.sh @@ -45,7 +45,7 @@ trap "trap_reload" HUP # generate "temp" config echo -e "IS_LOADING=yes\nUSE_BUNKERNET=no\nSEND_ANONYMOUS_REPORT=no\nSERVER_NAME=\nMODSECURITY_CRS_VERSION=${MODSECURITY_CRS_VERSION:-4}\nAPI_HTTP_PORT=${API_HTTP_PORT:-5000}\nAPI_SERVER_NAME=${API_SERVER_NAME:-bwapi}\nAPI_WHITELIST_IP=${API_WHITELIST_IP:-127.0.0.0/8}\nUSE_REAL_IP=${USE_REAL_IP:-no}\nUSE_PROXY_PROTOCOL=${USE_PROXY_PROTOCOL:-no}\nREAL_IP_FROM=${REAL_IP_FROM:-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}\nREAL_IP_HEADER=${REAL_IP_HEADER:-X-Forwarded-For}\nHTTP_PORT=${HTTP_PORT:-8080}\nHTTPS_PORT=${HTTPS_PORT:-8443}" > /tmp/variables.env -python3 /usr/share/bunkerweb/gen/main.py --variables /tmp/variables.env +python3 /usr/share/bunkerweb/gen/main.py /tmp/variables.env # start nginx log "ENTRYPOINT" "ℹ️" "Starting nginx ..." From 9cbd369e795dbbf00c904561dc5a2a96998f11d8 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Tue, 17 Dec 2024 15:53:44 +0800 Subject: [PATCH 23/42] fix issue --- src/bw/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bw/entrypoint.sh b/src/bw/entrypoint.sh index d08e5ec64f..3eab5b7c63 100644 --- a/src/bw/entrypoint.sh +++ b/src/bw/entrypoint.sh @@ -45,7 +45,7 @@ trap "trap_reload" HUP # generate "temp" config echo -e "IS_LOADING=yes\nUSE_BUNKERNET=no\nSEND_ANONYMOUS_REPORT=no\nSERVER_NAME=\nMODSECURITY_CRS_VERSION=${MODSECURITY_CRS_VERSION:-4}\nAPI_HTTP_PORT=${API_HTTP_PORT:-5000}\nAPI_SERVER_NAME=${API_SERVER_NAME:-bwapi}\nAPI_WHITELIST_IP=${API_WHITELIST_IP:-127.0.0.0/8}\nUSE_REAL_IP=${USE_REAL_IP:-no}\nUSE_PROXY_PROTOCOL=${USE_PROXY_PROTOCOL:-no}\nREAL_IP_FROM=${REAL_IP_FROM:-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}\nREAL_IP_HEADER=${REAL_IP_HEADER:-X-Forwarded-For}\nHTTP_PORT=${HTTP_PORT:-8080}\nHTTPS_PORT=${HTTPS_PORT:-8443}" > /tmp/variables.env -python3 /usr/share/bunkerweb/gen/main.py /tmp/variables.env +python3 /usr/share/bunkerweb/gen/main.py --variables /tmp/variables.env # start nginx log "ENTRYPOINT" "ℹ️" "Starting nginx ..." From 70f1c4381ea81f1506da614ea0e2668a941b88dc Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Tue, 17 Dec 2024 15:54:07 +0800 Subject: [PATCH 24/42] fix issue --- src/bw/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bw/entrypoint.sh b/src/bw/entrypoint.sh index 3eab5b7c63..e56b442426 100644 --- a/src/bw/entrypoint.sh +++ b/src/bw/entrypoint.sh @@ -45,7 +45,7 @@ trap "trap_reload" HUP # generate "temp" config echo -e "IS_LOADING=yes\nUSE_BUNKERNET=no\nSEND_ANONYMOUS_REPORT=no\nSERVER_NAME=\nMODSECURITY_CRS_VERSION=${MODSECURITY_CRS_VERSION:-4}\nAPI_HTTP_PORT=${API_HTTP_PORT:-5000}\nAPI_SERVER_NAME=${API_SERVER_NAME:-bwapi}\nAPI_WHITELIST_IP=${API_WHITELIST_IP:-127.0.0.0/8}\nUSE_REAL_IP=${USE_REAL_IP:-no}\nUSE_PROXY_PROTOCOL=${USE_PROXY_PROTOCOL:-no}\nREAL_IP_FROM=${REAL_IP_FROM:-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}\nREAL_IP_HEADER=${REAL_IP_HEADER:-X-Forwarded-For}\nHTTP_PORT=${HTTP_PORT:-8080}\nHTTPS_PORT=${HTTPS_PORT:-8443}" > /tmp/variables.env -python3 /usr/share/bunkerweb/gen/main.py --variables /tmp/variables.env +python3 /usr/share/bunkerweb/gen/main.py # start nginx log "ENTRYPOINT" "ℹ️" "Starting nginx ..." From d0aa19e8e279fcd04d05b28fb13ce3f7b9e08156 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Tue, 17 Dec 2024 19:07:12 +0800 Subject: [PATCH 25/42] fix issue --- src/bw/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/bw/Dockerfile b/src/bw/Dockerfile index e8dbbc3d21..82de441c7b 100644 --- a/src/bw/Dockerfile +++ b/src/bw/Dockerfile @@ -19,11 +19,13 @@ WORKDIR /usr/share/bunkerweb # Copy python requirements COPY src/deps/requirements.txt /tmp/requirements-deps.txt COPY src/common/gen/requirements.txt deps/requirements-gen.txt +COPY src/common/db/requirements.txt deps/requirements-db.txt # Install python requirements RUN export MAKEFLAGS="-j$(nproc)" && \ pip install --break-system-packages --no-cache-dir --require-hashes --ignore-installed -r /tmp/requirements-deps.txt && \ - pip install --break-system-packages --no-cache-dir --require-hashes --target deps/python -r deps/requirements-gen.txt + pip install --break-system-packages --no-cache-dir --require-hashes --target deps/python -r deps/requirements-gen.txt && \ + pip install --break-system-packages --no-cache-dir --require-hashes --target deps/python -r deps/requirements-db.txt # Copy files # can't exclude deps from . so we are copying everything by hand @@ -36,6 +38,7 @@ COPY src/common/cli cli COPY src/common/confs confs COPY src/common/core core COPY src/common/gen gen +COPY src/common/db db COPY src/common/helpers helpers COPY src/common/settings.json settings.json COPY src/common/utils utils From f19e14a71966a619d4bafacf2262dfa55a5acc06 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Tue, 17 Dec 2024 19:23:39 +0800 Subject: [PATCH 26/42] fix issue --- src/bw/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bw/entrypoint.sh b/src/bw/entrypoint.sh index e56b442426..3eab5b7c63 100644 --- a/src/bw/entrypoint.sh +++ b/src/bw/entrypoint.sh @@ -45,7 +45,7 @@ trap "trap_reload" HUP # generate "temp" config echo -e "IS_LOADING=yes\nUSE_BUNKERNET=no\nSEND_ANONYMOUS_REPORT=no\nSERVER_NAME=\nMODSECURITY_CRS_VERSION=${MODSECURITY_CRS_VERSION:-4}\nAPI_HTTP_PORT=${API_HTTP_PORT:-5000}\nAPI_SERVER_NAME=${API_SERVER_NAME:-bwapi}\nAPI_WHITELIST_IP=${API_WHITELIST_IP:-127.0.0.0/8}\nUSE_REAL_IP=${USE_REAL_IP:-no}\nUSE_PROXY_PROTOCOL=${USE_PROXY_PROTOCOL:-no}\nREAL_IP_FROM=${REAL_IP_FROM:-192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}\nREAL_IP_HEADER=${REAL_IP_HEADER:-X-Forwarded-For}\nHTTP_PORT=${HTTP_PORT:-8080}\nHTTPS_PORT=${HTTPS_PORT:-8443}" > /tmp/variables.env -python3 /usr/share/bunkerweb/gen/main.py +python3 /usr/share/bunkerweb/gen/main.py --variables /tmp/variables.env # start nginx log "ENTRYPOINT" "ℹ️" "Starting nginx ..." From 0673161e956a93ab6d4627b6f6e3fbbe3a2f364c Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Tue, 17 Dec 2024 19:31:53 +0800 Subject: [PATCH 27/42] add readiness srcipt --- src/common/helpers/readiness.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100755 src/common/helpers/readiness.sh diff --git a/src/common/helpers/readiness.sh b/src/common/helpers/readiness.sh new file mode 100755 index 0000000000..e64816ebd2 --- /dev/null +++ b/src/common/helpers/readiness.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +if [ ! -f /var/run/bunkerweb/nginx.pid ] ; then + exit 1 +fi + +check="$(curl -s -H "Host: healthcheck.bunkerweb.io" http://127.0.0.1:6000/healthz 2>&1)" +# shellcheck disable=SC2181 +if [ $? -ne 0 ] || [ "$check" != "ok" ] ; then + exit 1 +fi + +# check IS_LOADING +VAR_FILE=/etc/nginx/variables.env +if grep -q "IS_LOADING=yes" "$VAR_FILE"; then + echo "pod is loading, waiting..." + exit 1 +fi +exit 0 From c82e24b318e5e0bf79a0834c52c22635cf900573 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Wed, 18 Dec 2024 15:57:28 +0800 Subject: [PATCH 28/42] fix issue --- .../confs/server-http/reverse-proxy.conf | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index eacc209017..a4cd83b676 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -48,6 +48,47 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set read_timeout = all[k.replace("HOST", "READ_TIMEOUT")] if k.replace("HOST", "READ_TIMEOUT") in all else "60s" %} {% set send_timeout = all[k.replace("HOST", "SEND_TIMEOUT")] if k.replace("HOST", "SEND_TIMEOUT") in all else "60s" %} {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} +{% if USE_REVERSE_ROOT_PROXY == "yes" +%} +location / {% raw %}{{% endraw +%} + etag off; + set $backend{{ counter.value }} "{{ host }}"; + proxy_pass $backend{{ counter.value }}; + {% if buffering == "yes" +%} + proxy_buffering on; + {% else +%} + proxy_buffering off; + {% endif %} + {% if ws == "yes" +%} + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% elif keepalive == "yes" +%} + proxy_http_version 1.1; + proxy_set_header Connection ""; + {% endif %} + {% if headers != "" +%} + {% for header in headers.split(";") +%} + proxy_set_header {{ header }}; + {% endfor +%} + {% endif +%} + {% if headers_client != "" +%} + {% for header_client in headers_client.split(";") +%} + add_header {{ header_client }}; + {% endfor +%} + {% endif +%} + proxy_connect_timeout {{ connect_timeout }}; + proxy_read_timeout {{ read_timeout }}; + proxy_send_timeout {{ send_timeout }}; + {% if includes != "" +%} + {% for include in includes.split(" ") +%} + include {{ include }}; + {% endfor +%} + {% endif +%} +{% raw %}}{% endraw %} + {% endif %} + {% set counter.value = counter.value + 1 %} + {% endfor %} +{% else %} location {{ url }} {% raw %}{{% endraw +%} etag off; set $backend{{ counter.value }} "{{ host }}"; @@ -108,3 +149,4 @@ location {{ url }} {% raw %}{{% endraw +%} {% set counter.value = counter.value + 1 %} {% endfor %} {% endif %} +{% endif %} From 52f3ce31aabc140b15acbdd76bed9cd1f33166f4 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Wed, 18 Dec 2024 16:14:02 +0800 Subject: [PATCH 29/42] fix issue --- .../confs/server-http/reverse-proxy.conf | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index a4cd83b676..21585a0185 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -48,11 +48,18 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set read_timeout = all[k.replace("HOST", "READ_TIMEOUT")] if k.replace("HOST", "READ_TIMEOUT") in all else "60s" %} {% set send_timeout = all[k.replace("HOST", "SEND_TIMEOUT")] if k.replace("HOST", "SEND_TIMEOUT") in all else "60s" %} {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} + {% if USE_REVERSE_ROOT_PROXY == "yes" +%} location / {% raw %}{{% endraw +%} etag off; set $backend{{ counter.value }} "{{ host }}"; proxy_pass $backend{{ counter.value }}; + proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$http_host{% endif %}; {% if buffering == "yes" +%} proxy_buffering on; {% else +%} @@ -66,6 +73,17 @@ location / {% raw %}{{% endraw +%} proxy_http_version 1.1; proxy_set_header Connection ""; {% endif %} + {% if auth_request != "" +%} + auth_request {{ auth_request }}; + {% endif +%} + {% if auth_request_signin_url != "" +%} + error_page 401 =302 {{ auth_request_signin_url }}; + {% endif +%} + {% if auth_request_sets != "" +%} + {% for auth_request_set in auth_request_sets.split(";") +%} + auth_request_set {{ auth_request_set }}; + {% endfor +%} + {% endif +%} {% if headers != "" +%} {% for header in headers.split(";") +%} proxy_set_header {{ header }}; @@ -88,7 +106,7 @@ location / {% raw %}{{% endraw +%} {% endif %} {% set counter.value = counter.value + 1 %} {% endfor %} -{% else %} +{% else +%} location {{ url }} {% raw %}{{% endraw +%} etag off; set $backend{{ counter.value }} "{{ host }}"; From 32584cf38671a44b77e4badfa853c966fdd26817 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Wed, 18 Dec 2024 16:36:31 +0800 Subject: [PATCH 30/42] fix issue --- .../confs/server-http/reverse-proxy.conf | 63 ------------------- 1 file changed, 63 deletions(-) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index 21585a0185..b7eb9150d0 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -48,65 +48,6 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set read_timeout = all[k.replace("HOST", "READ_TIMEOUT")] if k.replace("HOST", "READ_TIMEOUT") in all else "60s" %} {% set send_timeout = all[k.replace("HOST", "SEND_TIMEOUT")] if k.replace("HOST", "SEND_TIMEOUT") in all else "60s" %} {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} - -{% if USE_REVERSE_ROOT_PROXY == "yes" +%} -location / {% raw %}{{% endraw +%} - etag off; - set $backend{{ counter.value }} "{{ host }}"; - proxy_pass $backend{{ counter.value }}; - proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$http_host{% endif %}; - {% if buffering == "yes" +%} - proxy_buffering on; - {% else +%} - proxy_buffering off; - {% endif %} - {% if ws == "yes" +%} - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% elif keepalive == "yes" +%} - proxy_http_version 1.1; - proxy_set_header Connection ""; - {% endif %} - {% if auth_request != "" +%} - auth_request {{ auth_request }}; - {% endif +%} - {% if auth_request_signin_url != "" +%} - error_page 401 =302 {{ auth_request_signin_url }}; - {% endif +%} - {% if auth_request_sets != "" +%} - {% for auth_request_set in auth_request_sets.split(";") +%} - auth_request_set {{ auth_request_set }}; - {% endfor +%} - {% endif +%} - {% if headers != "" +%} - {% for header in headers.split(";") +%} - proxy_set_header {{ header }}; - {% endfor +%} - {% endif +%} - {% if headers_client != "" +%} - {% for header_client in headers_client.split(";") +%} - add_header {{ header_client }}; - {% endfor +%} - {% endif +%} - proxy_connect_timeout {{ connect_timeout }}; - proxy_read_timeout {{ read_timeout }}; - proxy_send_timeout {{ send_timeout }}; - {% if includes != "" +%} - {% for include in includes.split(" ") +%} - include {{ include }}; - {% endfor +%} - {% endif +%} -{% raw %}}{% endraw %} - {% endif %} - {% set counter.value = counter.value + 1 %} - {% endfor %} -{% else +%} location {{ url }} {% raw %}{{% endraw +%} etag off; set $backend{{ counter.value }} "{{ host }}"; @@ -117,9 +58,6 @@ location {{ url }} {% raw %}{{% endraw +%} proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$http_host{% endif %}; - {% if url.startswith("/") +%} - proxy_set_header X-Forwarded-Prefix "{{ url }}"; - {% endif %} {% if buffering == "yes" +%} proxy_buffering on; {% else +%} @@ -167,4 +105,3 @@ location {{ url }} {% raw %}{{% endraw +%} {% set counter.value = counter.value + 1 %} {% endfor %} {% endif %} -{% endif %} From 64a546a53719e2571a0ad217913386845fbd2638 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Wed, 18 Dec 2024 16:44:00 +0800 Subject: [PATCH 31/42] fix issue --- .../confs/server-http/reverse-proxy.conf | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index b7eb9150d0..981e4c4812 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -48,6 +48,61 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set read_timeout = all[k.replace("HOST", "READ_TIMEOUT")] if k.replace("HOST", "READ_TIMEOUT") in all else "60s" %} {% set send_timeout = all[k.replace("HOST", "SEND_TIMEOUT")] if k.replace("HOST", "SEND_TIMEOUT") in all else "60s" %} {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} + {% if USE_REVERSE_ROOT_PROXY == "yes" +%} +location / {% raw %}{{% endraw +%} + etag off; + set $backend{{ counter.value }} "{{ host }}"; + proxy_pass $backend{{ counter.value }}; + proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$http_host{% endif %}; + {% if buffering == "yes" +%} + proxy_buffering on; + {% else +%} + proxy_buffering off; + {% endif %} + {% if ws == "yes" +%} + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% elif keepalive == "yes" +%} + proxy_http_version 1.1; + proxy_set_header Connection ""; + {% endif %} + {% if auth_request != "" +%} + auth_request {{ auth_request }}; + {% endif +%} + {% if auth_request_signin_url != "" +%} + error_page 401 =302 {{ auth_request_signin_url }}; + {% endif +%} + {% if auth_request_sets != "" +%} + {% for auth_request_set in auth_request_sets.split(";") +%} + auth_request_set {{ auth_request_set }}; + {% endfor +%} + {% endif +%} + {% if headers != "" +%} + {% for header in headers.split(";") +%} + proxy_set_header {{ header }}; + {% endfor +%} + {% endif +%} + {% if headers_client != "" +%} + {% for header_client in headers_client.split(";") +%} + add_header {{ header_client }}; + {% endfor +%} + {% endif +%} + proxy_connect_timeout {{ connect_timeout }}; + proxy_read_timeout {{ read_timeout }}; + proxy_send_timeout {{ send_timeout }}; + {% if includes != "" +%} + {% for include in includes.split(" ") +%} + include {{ include }}; + {% endfor +%} + {% endif +%} +{% raw %}}{% endraw %} + {% else +%} location {{ url }} {% raw %}{{% endraw +%} etag off; set $backend{{ counter.value }} "{{ host }}"; @@ -58,6 +113,9 @@ location {{ url }} {% raw %}{{% endraw +%} proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$http_host{% endif %}; + {% if url.startswith("/") +%} + proxy_set_header X-Forwarded-Prefix "{{ url }}"; + {% endif %} {% if buffering == "yes" +%} proxy_buffering on; {% else +%} @@ -101,6 +159,7 @@ location {{ url }} {% raw %}{{% endraw +%} {% endfor +%} {% endif +%} {% raw %}}{% endraw %} + {% endif %} {% endif %} {% set counter.value = counter.value + 1 %} {% endfor %} From 6243f1ba2a4618d93dc0119988ea4943ebbdb570 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Wed, 18 Dec 2024 22:02:50 +0800 Subject: [PATCH 32/42] fix issue --- src/common/core/ui/confs/default-server-http/ui.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/common/core/ui/confs/default-server-http/ui.conf b/src/common/core/ui/confs/default-server-http/ui.conf index f5547b9fa6..5589dbf4d5 100644 --- a/src/common/core/ui/confs/default-server-http/ui.conf +++ b/src/common/core/ui/confs/default-server-http/ui.conf @@ -4,9 +4,6 @@ access_by_lua_block { local scheme = ngx_var.scheme local http_host = ngx_var.http_host local request_uri = ngx_var.request_uri - if scheme == "http" and http_host ~= nil and http_host ~= "" and request_uri and request_uri ~= "" then - return ngx.redirect("https://" .. http_host .. request_uri, ngx.HTTP_MOVED_PERMANENTLY) - end } location /setup { etag off; From e53eacb224dd199da0e0a2fe1b50b887ca60d5a1 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Thu, 19 Dec 2024 08:44:37 +0800 Subject: [PATCH 33/42] fix issue --- src/autoconf/IngressController.py | 4 +- .../confs/server-http/reverse-proxy.conf | 56 ------------------- 2 files changed, 2 insertions(+), 58 deletions(-) diff --git a/src/autoconf/IngressController.py b/src/autoconf/IngressController.py index de31a0d705..b702edae5d 100644 --- a/src/autoconf/IngressController.py +++ b/src/autoconf/IngressController.py @@ -81,13 +81,13 @@ def _to_services(self, controller_service) -> List[dict]: services.append(service) continue location = 1 - for path in rule.http.paths: + if len(rule.http.paths) > 0: reverse_proxy_host = "https://api-stage.ing.getjerry.com" service.update( { "USE_REVERSE_PROXY": "yes", f"REVERSE_PROXY_HOST_{location}": reverse_proxy_host, - f"REVERSE_PROXY_URL_{location}": path.path, + f"REVERSE_PROXY_URL_{location}": "/", } ) location += 1 diff --git a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf index 981e4c4812..eacc209017 100644 --- a/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf +++ b/src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf @@ -48,61 +48,6 @@ add_header X-Proxy-Cache $upstream_cache_status; {% set read_timeout = all[k.replace("HOST", "READ_TIMEOUT")] if k.replace("HOST", "READ_TIMEOUT") in all else "60s" %} {% set send_timeout = all[k.replace("HOST", "SEND_TIMEOUT")] if k.replace("HOST", "SEND_TIMEOUT") in all else "60s" %} {% set includes = all[k.replace("HOST", "INCLUDES")] if k.replace("HOST", "INCLUDES") in all else "" %} - {% if USE_REVERSE_ROOT_PROXY == "yes" +%} -location / {% raw %}{{% endraw +%} - etag off; - set $backend{{ counter.value }} "{{ host }}"; - proxy_pass $backend{{ counter.value }}; - proxy_set_header Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$host{% endif %}; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host {% if REVERSE_PROXY_CUSTOM_HOST != "" %}"{{ REVERSE_PROXY_CUSTOM_HOST }}"{% else %}$http_host{% endif %}; - {% if buffering == "yes" +%} - proxy_buffering on; - {% else +%} - proxy_buffering off; - {% endif %} - {% if ws == "yes" +%} - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% elif keepalive == "yes" +%} - proxy_http_version 1.1; - proxy_set_header Connection ""; - {% endif %} - {% if auth_request != "" +%} - auth_request {{ auth_request }}; - {% endif +%} - {% if auth_request_signin_url != "" +%} - error_page 401 =302 {{ auth_request_signin_url }}; - {% endif +%} - {% if auth_request_sets != "" +%} - {% for auth_request_set in auth_request_sets.split(";") +%} - auth_request_set {{ auth_request_set }}; - {% endfor +%} - {% endif +%} - {% if headers != "" +%} - {% for header in headers.split(";") +%} - proxy_set_header {{ header }}; - {% endfor +%} - {% endif +%} - {% if headers_client != "" +%} - {% for header_client in headers_client.split(";") +%} - add_header {{ header_client }}; - {% endfor +%} - {% endif +%} - proxy_connect_timeout {{ connect_timeout }}; - proxy_read_timeout {{ read_timeout }}; - proxy_send_timeout {{ send_timeout }}; - {% if includes != "" +%} - {% for include in includes.split(" ") +%} - include {{ include }}; - {% endfor +%} - {% endif +%} -{% raw %}}{% endraw %} - {% else +%} location {{ url }} {% raw %}{{% endraw +%} etag off; set $backend{{ counter.value }} "{{ host }}"; @@ -159,7 +104,6 @@ location {{ url }} {% raw %}{{% endraw +%} {% endfor +%} {% endif +%} {% raw %}}{% endraw %} - {% endif %} {% endif %} {% set counter.value = counter.value + 1 %} {% endfor %} From 5ed7200e77f7fdb0683e0cace0d8bdf63c6c32cf Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Sun, 22 Dec 2024 19:16:38 +0800 Subject: [PATCH 34/42] enlarge bw service size --- src/common/db/model.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/common/db/model.py b/src/common/db/model.py index 03ed953a8b..3be5575a67 100644 --- a/src/common/db/model.py +++ b/src/common/db/model.py @@ -115,7 +115,7 @@ class Global_values(Base): class Services(Base): __tablename__ = "bw_services" - id = Column(String(64), primary_key=True) + id = Column(String(256), primary_key=True) method = Column(METHODS_ENUM, nullable=False) is_draft = Column(Boolean, default=False, nullable=False) @@ -127,7 +127,7 @@ class Services(Base): class Services_settings(Base): __tablename__ = "bw_services_settings" - service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), primary_key=True) + service_id = Column(String(256), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), primary_key=True) setting_id = Column(String(256), ForeignKey("bw_settings.id", onupdate="cascade", ondelete="cascade"), primary_key=True) value = Column(TEXT, nullable=False) suffix = Column(Integer, primary_key=True, nullable=True, default=0) @@ -172,7 +172,7 @@ class Jobs_cache(Base): id = Column(Integer, Identity(start=1, increment=1), primary_key=True) job_name = Column(String(128), ForeignKey("bw_jobs.name", onupdate="cascade", ondelete="cascade"), nullable=False) - service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) + service_id = Column(String(256), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) file_name = Column(String(256), nullable=False) data = Column(LargeBinary(length=(2**32) - 1), nullable=True) last_update = Column(DateTime, nullable=True) @@ -187,7 +187,7 @@ class Custom_configs(Base): __table_args__ = (UniqueConstraint("service_id", "type", "name"),) id = Column(Integer, Identity(start=1, increment=1), primary_key=True) - service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) + service_id = Column(String(256), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True) type = Column(CUSTOM_CONFIGS_TYPES_ENUM, nullable=False) name = Column(String(256), nullable=False) data = Column(LargeBinary(length=(2**32) - 1), nullable=False) From c1b8f31223321c45fdb9450baca60b25630a80fb Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Sun, 22 Dec 2024 21:00:43 +0800 Subject: [PATCH 35/42] enlarge bw service size --- src/common/confs/http.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/common/confs/http.conf b/src/common/confs/http.conf index d734c5f444..ab6c0b9493 100644 --- a/src/common/confs/http.conf +++ b/src/common/confs/http.conf @@ -33,6 +33,9 @@ client_header_timeout 10; keepalive_timeout 15; send_timeout 10; +server_names_hash_bucket_size 128; +server_names_hash_max_size 2048; + # resolvers to use resolver {{ DNS_RESOLVERS }} {% if USE_IPV6 == "no" %}ipv6=off{% endif %}; From a7c5846012b1e748b5ced55c8888fd5e2bdbf5d8 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Sun, 22 Dec 2024 21:50:46 +0800 Subject: [PATCH 36/42] enable metrics --- src/common/confs/healthcheck.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/common/confs/healthcheck.conf b/src/common/confs/healthcheck.conf index 2870135351..422d393b33 100644 --- a/src/common/confs/healthcheck.conf +++ b/src/common/confs/healthcheck.conf @@ -15,6 +15,12 @@ server { } } + location /nginx_status { + stub_status on; + allow 127.0.0.1; + deny all; + } + # disable logging access_log off; From 7b8fcc1f88726e3504237c28d8bd24a2d209a349 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Mon, 23 Dec 2024 14:08:47 +0800 Subject: [PATCH 37/42] for lua memory usage test --- src/common/confs/server-http/server.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/common/confs/server-http/server.conf b/src/common/confs/server-http/server.conf index 30c6a6f1d3..e4d2f5de16 100644 --- a/src/common/confs/server-http/server.conf +++ b/src/common/confs/server-http/server.conf @@ -27,10 +27,10 @@ server { include {{ NGINX_PREFIX }}server-http/*.conf; # include LUA files - include {{ NGINX_PREFIX }}set-lua.conf; - include {{ NGINX_PREFIX }}ssl-certificate-lua.conf; - include {{ NGINX_PREFIX }}access-lua.conf; - include {{ NGINX_PREFIX }}header-lua.conf; - include {{ NGINX_PREFIX }}log-lua.conf; + include car-service-stage-firewall.ing.getjerry.com/set-lua.conf; + include car-service-stage-firewall.ing.getjerry.com/ssl-certificate-lua.conf; + include car-service-stage-firewall.ing.getjerry.com/access-lua.conf; + include car-service-stage-firewall.ing.getjerry.com/header-lua.conf; + include car-service-stage-firewall.ing.getjerry.com/log-lua.conf; } From 2b78518c2af4ae5489d58fe9b8c4cd1361e95a2c Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Wed, 25 Dec 2024 21:55:50 +0800 Subject: [PATCH 38/42] reduce memory usage --- src/common/confs/server-http/server.conf | 9 ++++----- src/common/confs/server-stream/server-stream.conf | 1 - 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/common/confs/server-http/server.conf b/src/common/confs/server-http/server.conf index e4d2f5de16..ff02c8437a 100644 --- a/src/common/confs/server-http/server.conf +++ b/src/common/confs/server-http/server.conf @@ -27,10 +27,9 @@ server { include {{ NGINX_PREFIX }}server-http/*.conf; # include LUA files - include car-service-stage-firewall.ing.getjerry.com/set-lua.conf; - include car-service-stage-firewall.ing.getjerry.com/ssl-certificate-lua.conf; - include car-service-stage-firewall.ing.getjerry.com/access-lua.conf; - include car-service-stage-firewall.ing.getjerry.com/header-lua.conf; - include car-service-stage-firewall.ing.getjerry.com/log-lua.conf; + include {{ NGINX_PREFIX }}set-lua.conf; + include {{ NGINX_PREFIX }}access-lua.conf; + include {{ NGINX_PREFIX }}header-lua.conf; + include {{ NGINX_PREFIX }}log-lua.conf; } diff --git a/src/common/confs/server-stream/server-stream.conf b/src/common/confs/server-stream/server-stream.conf index 25fefc0115..bfe2b12f69 100644 --- a/src/common/confs/server-stream/server-stream.conf +++ b/src/common/confs/server-stream/server-stream.conf @@ -25,7 +25,6 @@ server { include {{ NGINX_PREFIX }}server-stream/*.conf; # include LUA files - include {{ NGINX_PREFIX }}ssl-certificate-stream-lua.conf; include {{ NGINX_PREFIX }}preread-stream-lua.conf; include {{ NGINX_PREFIX }}log-stream-lua.conf; From 3dd2d9f2ee9f713e305772388eb65ae54bf56a65 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Wed, 25 Dec 2024 23:10:12 +0800 Subject: [PATCH 39/42] reduce memory usage --- .../server-http/ssl-certificate-lua.conf | 120 ------------------ .../ssl-certificate-stream-lua.conf | 102 --------------- 2 files changed, 222 deletions(-) delete mode 100644 src/common/confs/server-http/ssl-certificate-lua.conf delete mode 100644 src/common/confs/server-stream/ssl-certificate-stream-lua.conf diff --git a/src/common/confs/server-http/ssl-certificate-lua.conf b/src/common/confs/server-http/ssl-certificate-lua.conf deleted file mode 100644 index e4da0ce9aa..0000000000 --- a/src/common/confs/server-http/ssl-certificate-lua.conf +++ /dev/null @@ -1,120 +0,0 @@ -ssl_certificate /var/cache/bunkerweb/misc/default-server-cert.pem; -ssl_certificate_key /var/cache/bunkerweb/misc/default-server-cert.key; -ssl_protocols {{ SSL_PROTOCOLS }}; -ssl_prefer_server_ciphers on; -ssl_session_tickets off; -ssl_session_timeout 1d; -ssl_session_cache shared:MozSSL:10m; -{% if "TLSv1.2" in SSL_PROTOCOLS +%} -ssl_dhparam /etc/nginx/dhparam; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; -{% endif %} - -{% if HTTP2 == "yes" %} -http2 on; -{% endif %} -listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %}; -{% if USE_IPV6 == "yes" +%} -listen [::]:{{ HTTPS_PORT }} ssl {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %}; -{% endif %} - -{% if HTTP3 == "yes" %} -http3 on; -listen 0.0.0.0:{{ HTTPS_PORT }} quic {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %}; -{% if USE_IPV6 == "yes" +%} -listen [::]:{{ HTTPS_PORT }} quic {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %}; -{% endif %} -add_header Alt-Svc 'h3=":{{ HTTP3_ALT_SVC_PORT }}"; ma=86400'; -{% endif %} - -ssl_certificate_by_lua_block { - local class = require "middleclass" - local clogger = require "bunkerweb.logger" - local helpers = require "bunkerweb.helpers" - local utils = require "bunkerweb.utils" - local cdatastore = require "bunkerweb.datastore" - local cclusterstore = require "bunkerweb.clusterstore" - local cjson = require "cjson" - local ssl = require "ngx.ssl" - - local ngx = ngx - local ngx_req = ngx.req - local is_internal = ngx_req.is_internal - local ERR = ngx.ERR - local INFO = ngx.INFO - local clear_certs = ssl.clear_certs - local set_cert = ssl.set_cert - local set_priv_key = ssl.set_priv_key - local require_plugin = helpers.require_plugin - local new_plugin = helpers.new_plugin - local call_plugin = helpers.call_plugin - local tostring = tostring - - -- Start ssl_certificate phase - local logger = clogger:new("SSL-CERTIFICATE") - local datastore = cdatastore:new() - logger:log(INFO, "ssl_certificate phase started") - - -- Get plugins order - local order, err = datastore:get("plugins_order", true) - if not order then - logger:log(ERR, "can't get plugins order from datastore : " .. err) - return - end - - -- Call ssl_certificate() methods - logger:log(INFO, "calling ssl_certificate() methods of plugins ...") - for i, plugin_id in ipairs(order.ssl_certificate) do - -- Require call - local plugin_lua, err = require_plugin(plugin_id) - if plugin_lua == false then - logger:log(ERR, err) - elseif plugin_lua == nil then - logger:log(INFO, err) - else - -- Check if plugin has ssl_certificate method - if plugin_lua.ssl_certificate ~= nil then - -- New call - local ok, plugin_obj = new_plugin(plugin_lua) - if not ok then - logger:log(ERR, plugin_obj) - else - local ok, ret = call_plugin(plugin_obj, "ssl_certificate") - if not ok then - logger:log(ERR, ret) - elseif not ret.ret then - logger:log(ERR, plugin_id .. ":ssl_certificate() call failed : " .. ret.msg) - else - logger:log(INFO, plugin_id .. ":ssl_certificate() call successful : " .. ret.msg) - if ret.status then - logger:log(INFO, plugin_id .. " is setting certificate/key : " .. ret.msg) - local ok, err = clear_certs() - if not ok then - logger:log(ERR, "error while clearing certificates : " .. err) - end - ok, err = set_cert(ret.status[1]) - if not ok then - logger:log(ERR, "error while setting certificate : " .. err) - else - local ok, err = set_priv_key(ret.status[2]) - if not ok then - logger:log(ERR, "error while setting private key : " .. err) - else - logger:log(INFO, "certificate set by " .. plugin_id) - return true - end - end - end - end - end - else - logger:log(INFO, "skipped execution of " .. plugin_id .. " because method ssl_certificate() is not defined") - end - end - end - logger:log(INFO, "called ssl_certificate() methods of plugins") - - logger:log(INFO, "ssl_certificate phase ended") - - return true -} diff --git a/src/common/confs/server-stream/ssl-certificate-stream-lua.conf b/src/common/confs/server-stream/ssl-certificate-stream-lua.conf deleted file mode 100644 index d10404108a..0000000000 --- a/src/common/confs/server-stream/ssl-certificate-stream-lua.conf +++ /dev/null @@ -1,102 +0,0 @@ -ssl_certificate /var/cache/bunkerweb/misc/default-server-cert.pem; -ssl_certificate_key /var/cache/bunkerweb/misc/default-server-cert.key; -ssl_protocols {{ SSL_PROTOCOLS }}; -ssl_prefer_server_ciphers on; -ssl_session_tickets off; -ssl_session_timeout 1d; -ssl_session_cache shared:MozSSLStream:10m; -{% if "TLSv1.2" in SSL_PROTOCOLS +%} -ssl_dhparam /etc/nginx/dhparam; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; -{% endif %} - -listen 0.0.0.0:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %}; -{% if USE_IPV6 == "yes" +%} -listen [::]:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %}; -{% endif %} - -ssl_certificate_by_lua_block { - local class = require "middleclass" - local clogger = require "bunkerweb.logger" - local helpers = require "bunkerweb.helpers" - local utils = require "bunkerweb.utils" - local cdatastore = require "bunkerweb.datastore" - local cclusterstore = require "bunkerweb.clusterstore" - local cjson = require "cjson" - local ssl = require "ngx.ssl" - - local ngx = ngx - local ngx_req = ngx.req - local is_internal = ngx_req.is_internal - local ERR = ngx.ERR - local INFO = ngx.INFO - local set_cert = ssl.set_cert - local set_priv_key = ssl.set_priv_key - local require_plugin = helpers.require_plugin - local new_plugin = helpers.new_plugin - local call_plugin = helpers.call_plugin - local tostring = tostring - - -- Start ssl_certificate phase - local logger = clogger:new("SSL-CERTIFICATE") - local datastore = cdatastore:new() - logger:log(INFO, "ssl_certificate phase started") - - -- Get plugins order - local order, err = datastore:get("plugins_order", true) - if not order then - logger:log(ERR, "can't get plugins order from datastore : " .. err) - return - end - - -- Call ssl_certificate() methods - logger:log(INFO, "calling ssl_certificate() methods of plugins ...") - for i, plugin_id in ipairs(order.ssl_certificate) do - -- Require call - local plugin_lua, err = require_plugin(plugin_id) - if plugin_lua == false then - logger:log(ERR, err) - elseif plugin_lua == nil then - logger:log(INFO, err) - else - -- Check if plugin has ssl_certificate method - if plugin_lua.ssl_certificate ~= nil then - -- New call - local ok, plugin_obj = new_plugin(plugin_lua) - if not ok then - logger:log(ERR, plugin_obj) - else - local ok, ret = call_plugin(plugin_obj, "ssl_certificate") - if not ok then - logger:log(ERR, ret) - elseif not ret.ret then - logger:log(ERR, plugin_id .. ":ssl_certificate() call failed : " .. ret.msg) - else - logger:log(INFO, plugin_id .. ":ssl_certificate() call successful : " .. ret.msg) - if ret.status then - logger:log(ngx.INFO, plugin_id .. " is setting certificate/key : " .. ret.msg) - local ok, err = set_cert(ret.status[1]) - if not ok then - logger:log(ERR, "error while setting certificate : " .. err) - else - local ok, err = set_priv_key(ret.status[2]) - if not ok then - logger:log(ERR, "error while setting private key : " .. err) - else - return true - end - end - end - end - end - else - logger:log(INFO, "skipped execution of " .. plugin_id .. " because method ssl_certificate() is not defined") - end - end - end - logger:log(INFO, "called ssl_certificate() methods of plugins") - - logger:log(INFO, "ssl_certificate phase ended") - - return true -} From da66a0979203b5e7837266f55fbc01901281d316 Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Fri, 27 Dec 2024 15:43:57 +0800 Subject: [PATCH 40/42] this is for test --- src/common/confs/http.conf | 2 +- src/common/confs/server-http/server.conf | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/common/confs/http.conf b/src/common/confs/http.conf index ab6c0b9493..cd6f04879e 100644 --- a/src/common/confs/http.conf +++ b/src/common/confs/http.conf @@ -34,7 +34,7 @@ keepalive_timeout 15; send_timeout 10; server_names_hash_bucket_size 128; -server_names_hash_max_size 2048; +server_names_hash_max_size 1024; # resolvers to use resolver {{ DNS_RESOLVERS }} {% if USE_IPV6 == "no" %}ipv6=off{% endif %}; diff --git a/src/common/confs/server-http/server.conf b/src/common/confs/server-http/server.conf index ff02c8437a..a200b0e6b9 100644 --- a/src/common/confs/server-http/server.conf +++ b/src/common/confs/server-http/server.conf @@ -27,9 +27,9 @@ server { include {{ NGINX_PREFIX }}server-http/*.conf; # include LUA files - include {{ NGINX_PREFIX }}set-lua.conf; - include {{ NGINX_PREFIX }}access-lua.conf; - include {{ NGINX_PREFIX }}header-lua.conf; - include {{ NGINX_PREFIX }}log-lua.conf; + #include {{ NGINX_PREFIX }}set-lua.conf; + #include {{ NGINX_PREFIX }}access-lua.conf; + #include {{ NGINX_PREFIX }}header-lua.conf; + #include {{ NGINX_PREFIX }}log-lua.conf; } From d7cb5edbd73dfd8565c4d6b9ac68331c3972643b Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Fri, 27 Dec 2024 20:46:24 +0800 Subject: [PATCH 41/42] this is for test --- src/common/confs/server-http/server.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/confs/server-http/server.conf b/src/common/confs/server-http/server.conf index a200b0e6b9..fc7f6e56ed 100644 --- a/src/common/confs/server-http/server.conf +++ b/src/common/confs/server-http/server.conf @@ -13,9 +13,9 @@ server { index index.php index.html index.htm; # custom config - include /etc/bunkerweb/configs/server-http/*.conf; + #include /etc/bunkerweb/configs/server-http/*.conf; {% if MULTISITE == "yes" +%} - include /etc/bunkerweb/configs/server-http/{{ SERVER_NAME.split(" ")[0] }}/*.conf; + #include /etc/bunkerweb/configs/server-http/{{ SERVER_NAME.split(" ")[0] }}/*.conf; {% endif %} # variables From 66afafad43942ef0148ed5a53807bcb029d59f6a Mon Sep 17 00:00:00 2001 From: bellondr <18566688434@163.com> Date: Fri, 27 Dec 2024 22:03:54 +0800 Subject: [PATCH 42/42] this is for test --- src/common/confs/server-stream/server-stream.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/common/confs/server-stream/server-stream.conf b/src/common/confs/server-stream/server-stream.conf index bfe2b12f69..7e900b2276 100644 --- a/src/common/confs/server-stream/server-stream.conf +++ b/src/common/confs/server-stream/server-stream.conf @@ -11,9 +11,9 @@ server { {% endif %} # custom config - include /etc/bunkerweb/configs/server-stream/*.conf; + #include /etc/bunkerweb/configs/server-stream/*.conf; {% if MULTISITE == "yes" +%} - include /etc/bunkerweb/configs/server-stream/{{ SERVER_NAME.split(" ")[0] }}/*.conf; + #include /etc/bunkerweb/configs/server-stream/{{ SERVER_NAME.split(" ")[0] }}/*.conf; {% endif %} # variables @@ -25,7 +25,7 @@ server { include {{ NGINX_PREFIX }}server-stream/*.conf; # include LUA files - include {{ NGINX_PREFIX }}preread-stream-lua.conf; - include {{ NGINX_PREFIX }}log-stream-lua.conf; + #include {{ NGINX_PREFIX }}preread-stream-lua.conf; + #include {{ NGINX_PREFIX }}log-stream-lua.conf; }