safebox/proxy-scheduler
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Some bugfixes.

Browse Source
This commit is contained in:
Gyorgy Berenyi
2021-07-01 08:18:25 +00:00
parent 379a765df3
commit 376d6196e1
3 changed files with 63 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/check_certificates.sh
View File

@@ -3,21 +3,24 @@
# Set env variables # Set env variables
DOMAIN_DIR=$DOMAIN_DIR DOMAIN_DIR=$DOMAIN_DIR
CERT_DIR=$CERT_DIR
DOMAIN=$1 DOMAIN=$1
CERT_DIR=$CERT_DIR/$DOMAIN
# generate dhparam file
openssl dhparam -out $CERT_DIR/dhparam.pem 4096
create_self_signed_certificate() { create_self_signed_certificate() {
# generate dhparam file
openssl dhparam -dsaparam -out $CERT_DIR/dhparam.pem 4096
# generate key # generate key
openssl req -x509 -newkey rsa:4096 -keyout $CERT_DIR/key.pem -out $CERT_DIR/cert.pem -days 365 -sha256 -nodes -subj '/CN=$DOMAIN' openssl req -x509 -newkey rsa:4096 -keyout $CERT_DIR/key.pem -out $CERT_DIR/fullchain.pem -days 365 -sha256 -nodes -subj "/CN=$DOMAIN"
} }
if [[ "$(ls -A $CERT_DIR)" == "" ]]; then if [[ "$(ls -A $CERT_DIR)" == "" ]]; then
echo "$DOMAIN not contains certificates, creates new." echo "$DOMAIN not contains certificates, creates new."
mkdir -p $CERT_DIR;
create_self_signed_certificate; create_self_signed_certificate;
fi fi

58
scripts/nginx_config_create.sh
View File

@@ -1,15 +1,12 @@
#!/bin/sh #!/bin/sh
JQ="jq -r"
cd /proxy_config cd /proxy_config
DOMAIN=$1 DOMAIN=$1
DEL=$2 DEL=$2
if [[ "$DEL" != "" ]]; then if [[ $DEL != "" ]]; then
echo "$DOMAIN DELETED"; echo "$DOMAIN DELETED";
rm $DOMAIN.conf; rm $DOMAIN.conf;
exit;
fi fi
DOMAIN_SOURCE=/domains/$DOMAIN DOMAIN_SOURCE=/domains/$DOMAIN
@@ -27,15 +24,14 @@ ERROR_PAGE=$(jq -r .ERROR_PAGE $DOMAIN_SOURCE)
# check whether certificates exist or not # check whether certificates exist or not
if [ $HTTPS_PORT != "" ]; then if [ $HTTPS_PORT != "" ]; then
./check_certificates.sh "$DOMAIN"; /scripts/check_certificates.sh "$DOMAIN";
fi fi
echo $DOMAIN; echo $DOMAIN;
exit;
file="$DOMAIN.conf" file="/tmp/$DOMAIN.conf"
cp -a nginx_template.conf $DOMAIN.conf cp -a /scripts/nginx_template.conf /tmp/$DOMAIN.conf
{ {
@@ -43,30 +39,36 @@ if [ $HTTP_PORT != "" ]; then
echo "server { echo "server {
listen $HTTP_PORT; listen $HTTP_PORT;
server_name $DOMAIN_NAME; server_name $DOMAIN_NAME;
rewrite_log on" rewrite_log on;"
fi
echo echo
if [[ $REDIRECT_HTTP != "" ]]; then if [[ $REDIRECT_HTTP != "" && $HTTP_PORT != "" ]]; then
echo "return 301 http://$REDIRECT_HTTP; echo "return 301 http://$REDIRECT_HTTP;
}" }"
elif [[ $REDIRECT_HTTPS != "" ]]; then elif [[ $REDIRECT_HTTPS != "" && $HTTP_PORT != "" ]]; then
echo "return 301 https://$REDIRECT_HTTPS; echo "return 301 https://$REDIRECT_HTTPS;
}" }"
else else
if [[ $ERROR_PAGE != "" ]]; then if [[ $ERROR_PAGE != "" && $HTTP_PORT != "" ]]; then
echo "error_page 404 /$ERROR_PAGE; echo "error_page 404 /$ERROR_PAGE;
location = /$ERROR_PAGE { location = /$ERROR_PAGE {
root html; root html;
allow all; allow all;
index 404.html index 404.html;
rewrite ^ "'$scheme'"http://$ERROR_PAGE"'$request_uri'" permanent; rewrite ^ "'$scheme'" http://$ERROR_PAGE"'$request_uri'" permanent;
}" }"
fi fi
echo "location / { fi
proxy_pass http://$LOCAL_IP:$HTTP_PORT; echo "location / {"
proxy_redirect off;
if [ $HTTP_PORT == "" ]; then
echo "proxy_pass http://$LOCAL_IP:80;"
else
echo "proxy_pass http://$LOCAL_IP:$HTTP_PORT;"
fi
echo "proxy_redirect off;
proxy_buffering off; proxy_buffering off;
proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'"; proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
proxy_set_header Upgrade "'$http_upgrade'"; proxy_set_header Upgrade "'$http_upgrade'";
@@ -84,11 +86,11 @@ if [ $HTTPS_PORT != "" ]; then
echo "server { echo "server {
listen $HTTPS_PORT ssl; listen $HTTPS_PORT ssl;
server_name $DOMAIN_NAME; server_name $DOMAIN_NAME;
rewrite_log on rewrite_log on;
proxy_ssl_server_name on; proxy_ssl_server_name on;
ssl_dhparam /etc/ssl/keys/dhparam.pem; ssl_dhparam /etc/ssl/keys/$DOMAIN/dhparam.pem;
ssl_certificate /etc/ssl/keys/fullchain.pem; ssl_certificate /etc/ssl/keys/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/ssl/keys/key.pem; ssl_certificate_key /etc/ssl/keys/$DOMAIN/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_ciphers "'"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"'"; ssl_ciphers "'"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"'";
@@ -97,20 +99,18 @@ ssl_dhparam /etc/ssl/keys/dhparam.pem;
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_stapling on;" ssl_stapling on;"
fi
echo echo
if [[ $ERROR_PAGE != "" ]]; then if [[ $ERROR_PAGE != "" && $HTTPS_PORT != "" ]]; then
echo "error_page 404 /$ERROR_PAGE; echo "error_page 404 /$ERROR_PAGE;
location = /$ERROR_PAGE { location = /$ERROR_PAGE {
root html; root html;
allow all; allow all;
index 404.html index 404.html;
rewrite ^ "'$scheme'" http://$ERROR_PAGE"'$request_uri'" permanent; rewrite ^ "'$scheme'":http://$ERROR_PAGE"'$request_uri'" permanent;
}" }"
fi fi
echo
echo "location / { echo "location / {
proxy_pass http://$LOCAL_IP:$HTTP_PORT; proxy_pass http://$LOCAL_IP:$HTTP_PORT;
@@ -123,6 +123,8 @@ echo "location / {
access_log off; access_log off;
} }
}" }"
fi
} >> "$file" } >> "$file"
mv /tmp/$DOMAIN.conf $DOMAIN.conf

30
scripts/scheduler.sh
View File

@@ -130,28 +130,30 @@ elif [[ "$RUNNING_CONTAINERS" -eq 1 ]] ; then
done done
# At last need to restart the only one running proxy when the others started successful. # At last need to restart the only one running proxy when the others started successful.
for CHECK_PROXIES in $CONTAINERS ; do for CHECK_PROXIES in $CONTAINERS ; do
if [[ $CHECK_PROXIES != $ONLY_RUNNING_PROXY_NAME ]] ; then if [[ $CHECK_PROXIES != $ONLY_RUNNING_PROXY_NAME ]] ; then
if docker ps | grep $CHECK_PROXIES ; then if docker ps | grep $CHECK_PROXIES ; then
echo "Not running proxies successfuly started, let's start the only running one."; echo "Not running proxies successfuly started, let's start the only running one.";
do_proxy_restart $ONLY_RUNNING_PROXY_NAME; do_proxy_restart $ONLY_RUNNING_PROXY_NAME;
else else
echo "Not enough running proxies found, can't start the only running one."; echo "Not enough running proxies found, can't start the only running one.";
fi fi
fi
done
else
sleep $TIMEOUT;
RESTART_COUNTER=$((RESTART_COUNTER +1))
if [[ "$RESTART_COUNTER" -le "$RESTART" ]] ; then
check_proxy_state;
else
recover_process;
fi fi
done
# sleep $TIMEOUT;
# RESTART_COUNTER=$((RESTART_COUNTER +1))
#
# echo "RUNNING CONTAINERS: "$RUNNING_CONTAINERS;
#
# if [[ "$RESTART_COUNTER" -le "$RESTART" ]] ; then
# echo "ELSE: check proxy state";
# check_proxy_state;
# else
# recover_process;
# fi
# for CONTAINER in `echo $CONTAINER_NAMES`; do # for CONTAINER in `echo $CONTAINER_NAMES`; do