safebox/proxy-scheduler
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

if allowed networks has changed then do not skip duplicated location but replace it (limit_except GET HEAD)

Browse Source 
remove_location: remove /
tmp filename fix
This commit is contained in:
hael
2023-02-22 09:37:45 +00:00
parent 8c59ed2ce9
commit 55f0ebdd89
1 changed files with 44 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
scripts/nginx_config_create.sh
View File

@@ -25,6 +25,7 @@ LOCAL_NAME=$(jq -r .LOCAL_NAME $DOMAIN_SOURCE 2>/dev/null);
if [[ "$LOCAL_NAME" == "" || "$LOCAL_NAME" == "null" ]]; then if [[ "$LOCAL_NAME" == "" || "$LOCAL_NAME" == "null" ]]; then
LOCAL_NAME=$(jq -r .LOCAL_IP $DOMAIN_SOURCE 2>/dev/null); LOCAL_NAME=$(jq -r .LOCAL_IP $DOMAIN_SOURCE 2>/dev/null);
fi fi
RELOAD_LOCATIONS="";
if [ -n "$2" ]; then if [ -n "$2" ]; then
echo "$DOMAIN_NAME DELETED"; echo "$DOMAIN_NAME DELETED";
@@ -60,6 +61,14 @@ add_location() {
# do not duplicate locations # do not duplicate locations
EXISTS=$(grep -rn "location $ALP_LOCAL_PATH {" -m 1 $DOMAIN_NAME.conf); EXISTS=$(grep -rn "location $ALP_LOCAL_PATH {" -m 1 $DOMAIN_NAME.conf);
if [ -n "$EXISTS" ]; then if [ -n "$EXISTS" ]; then
ROW_NUMBER=$(echo $EXISTS | cut -d ':' -f1);
START=$(($ROW_NUMBER + 2));
OFFSET=$(tail -n+$START $DOMAIN_NAME.conf | grep -n '}' -m 1 | cut -d ':' -f1);
OFFSET=$(($OFFSET - 2));
ALP_ALLOWED=$(echo $(tail -n+$START $DOMAIN_NAME.conf | head -n $OFFSET | awk '{print $2}')); # echo removes space at the end
if [ "$ALP_LOCAL_ALLOWED_NETWORK" != "$ALP_ALLOWED" ]; then
RELOAD_LOCATIONS=$RELOAD_LOCATIONS$ALP_LOCAL_PATH" "
fi;
# skip if exists # skip if exists
continue; continue;
fi; fi;
@@ -75,11 +84,12 @@ add_location() {
echo "location $ALP_LOCAL_PATH {" echo "location $ALP_LOCAL_PATH {"
if [[ "$ALP_LOCAL_ALLOWED_NETWORK" != "" ]]; then if [[ "$ALP_LOCAL_ALLOWED_NETWORK" != "" ]]; then
echo " limit_except GET HEAD {";
for i in $(echo $ALP_LOCAL_ALLOWED_NETWORK) ; do for i in $(echo $ALP_LOCAL_ALLOWED_NETWORK) ; do
echo " allow "$i";" echo " allow $i";
done done;
echo " deny all;" echo " deny all;";
echo " }";
fi fi
if [[ "$ALP_LOCAL_PORT" != "" ]]; then if [[ "$ALP_LOCAL_PORT" != "" ]]; then
@@ -131,22 +141,24 @@ remove_alternate_location() {
remove_location() { remove_location() {
local LOCATION=$1 local LOCATION=$1
LOCATION_ROW="location /$LOCATION {"; LOCATION_ROW="location $LOCATION {";
ROW_NUMBER=$(grep -rn "$LOCATION_ROW" $DOMAIN_NAME.conf | cut -d ':' -f1); ROW_NUMBER=$(grep -rn "$LOCATION_ROW" $DOMAIN_NAME.conf | cut -d ':' -f1);
OFFSET=$(tail -n+$ROW_NUMBER $DOMAIN_NAME.conf | grep -n '# location end' -m 1 | cut -d ':' -f1); if [ -n "$ROW_NUMBER" ]; then
START=$(($ROW_NUMBER - 1)); OFFSET=$(tail -n+$ROW_NUMBER $DOMAIN_NAME.conf | grep -n '# location end' -m 1 | cut -d ':' -f1);
END=$(($ROW_NUMBER + $OFFSET)); START=$(($ROW_NUMBER - 1));
END=$(($ROW_NUMBER + $OFFSET));
{ {
head -n$START $DOMAIN_NAME.conf head -n$START $DOMAIN_NAME.conf
tail -n+$END $DOMAIN_NAME.conf tail -n+$END $DOMAIN_NAME.conf
} >> $file } >> $file
mv $file $DOMAIN_NAME.conf; mv $file $DOMAIN_NAME.conf;
fi;
} }
file="/tmp/$DOMAIN.conf" file="/tmp/$DOMAIN_NAME.conf"
# check whether certificates exist or not # check whether certificates exist or not
@@ -166,6 +178,13 @@ if [ -f $DOMAIN_NAME.conf ]; then
else else
# default CREATE, append location # default CREATE, append location
add_alternate_location; add_alternate_location;
# reload alternate locations if allowed networks has changed
if [ -n "$RELOAD_LOCATIONS" ]; then
rm $file;
remove_alternate_location;
add_alternate_location;
fi;
fi; fi;
else else
@@ -223,12 +242,14 @@ if [[ "$HTTP_PORT" != "" && "$HTTP_PORT" != "80" ]]; then
ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE) ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE)
ALLOWED_NETWORK_IDX=$(( $ALLOWED_NETWORK_IDX - 1 )) ALLOWED_NETWORK_IDX=$(( $ALLOWED_NETWORK_IDX - 1 ))
echo " limit_except GET HEAD {";
for i in $(seq 0 $ALLOWED_NETWORK_IDX) ; do for i in $(seq 0 $ALLOWED_NETWORK_IDX) ; do
AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE) AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE)
echo " allow "$AN";" echo " allow "$AN";"
done done
echo " deny all;" echo " deny all;"
fi echo " }";
fi
if [[ "$HTTP_PORT" != "" ]]; then if [[ "$HTTP_PORT" != "" ]]; then
echo " proxy_pass http://$LOCAL_NAME:$HTTP_PORT;" echo " proxy_pass http://$LOCAL_NAME:$HTTP_PORT;"
@@ -322,11 +343,13 @@ location = /$ERROR_PAGE {
ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE) ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE)
ALLOWED_NETWORK_IDX=$(( $ALLOWED_NETWORK_IDX - 1 )) ALLOWED_NETWORK_IDX=$(( $ALLOWED_NETWORK_IDX - 1 ))
echo " limit_except GET HEAD {";
for i in $(seq 0 $ALLOWED_NETWORK_IDX) ; do for i in $(seq 0 $ALLOWED_NETWORK_IDX) ; do
AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE) AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE)
echo " allow "$AN";" echo " allow "$AN";"
done done
echo " deny all;" echo " deny all;"
echo " }";
fi fi
echo " proxy_pass http://$LOCAL_NAME:$HTTPS_PORT;" echo " proxy_pass http://$LOCAL_NAME:$HTTPS_PORT;"