Skip to content

Commit

Permalink
fix default.conf/quic/http3
Browse files Browse the repository at this point in the history 
Signed-off-by: Zoey <[email protected]>
  • Loading branch information
@Zoey2936
Zoey2936 committed Nov 12, 2023
1 parent 7a696a3 commit ef336f6
Showing 1 changed file with 21 additions and 22 deletions.
43 changes: 21 additions & 22 deletions rootfs/bin/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,23 +239,23 @@ mkdir -vp /data/tls/certbot/credentials \
/data/nginx/stream \
/data/nginx/custom

if [ -f /data/database.sqlite ] && [ "$DB_SQLITE_FILE" != "/data/database.sqlite" ]; then
if [ -s /data/database.sqlite ] && [ "$DB_SQLITE_FILE" != "/data/database.sqlite" ]; then
mv -vn /data/database.sqlite "$DB_SQLITE_FILE"
fi

if [ -f /data/nginx/default_host/site.conf ]; then
if [ -s /data/nginx/default_host/site.conf ]; then
mv -vn /data/nginx/default_host/site.conf /data/nginx/default.conf
fi

if [ -f /data/nginx/default_www/index.html ]; then
if [ -s /data/nginx/default_www/index.html ]; then
mv -vn /data/nginx/default_www/index.html /data/nginx/html/index.html
fi

if [ -f /data/nginx/dummycert.pem ]; then
if [ -s /data/nginx/dummycert.pem ]; then
mv -vn /data/nginx/dummycert.pem /data/tls/dummycert.pem
fi

if [ -f /data/nginx/dummykey.pem ]; then
if [ -s /data/nginx/dummykey.pem ]; then
mv -vn /data/nginx/dummykey.pem /data/tls/dummykey.pem
fi

Expand Down Expand Up @@ -311,7 +311,7 @@ if [ "$CLEAN" = "true" ]; then
certbot-cleaner.sh
fi

if [ -f "$DB_SQLITE_FILE" ]; then
if [ -s "$DB_SQLITE_FILE" ]; then
sqlite-vaccum.js
fi

Expand Down Expand Up @@ -359,7 +359,6 @@ find /data/nginx -type f -name '*.conf' -exec sed -i "/ssl_stapling/d" {} \;
find /data/nginx -type f -name '*.conf' -exec sed -i "/ssl_stapling_verify/d" {} \;

touch /data/etc/html/index.html \
/data/nginx/default.conf \
/data/nginx/ip_ranges.conf \
/data/nginx/custom/root.conf \
/data/nginx/custom/events.conf \
Expand All @@ -374,16 +373,16 @@ touch /data/etc/html/index.html \
/data/nginx/custom/server_stream_udp.conf \
/data/etc/modsecurity/modsecurity-extra.conf

if [ ! -f /data/etc/modsecurity/modsecurity-default.conf ]; then
if [ ! -s /data/etc/modsecurity/modsecurity-default.conf ]; then
cp -vn /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example /data/etc/modsecurity/modsecurity-default.conf
fi
cp /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example /data/etc/modsecurity/modsecurity-default.conf.example

if [ -f /data/etc/modsecurity/modsecurity.conf ]; then
if [ -s /data/etc/modsecurity/modsecurity.conf ]; then
mv -v /data/etc/modsecurity/modsecurity.conf /data/etc/modsecurity/modsecurity-extra.conf
fi

if [ ! -f /data/etc/modsecurity/crs-setup.conf ]; then
if [ ! -s /data/etc/modsecurity/crs-setup.conf ]; then
cp -vn /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example /data/etc/modsecurity/crs-setup.conf
fi
cp /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example /data/etc/modsecurity/crs-setup.conf.example
Expand All @@ -394,7 +393,7 @@ if [ "$NPM_CERT_ID" = "0" ]; then
echo "no NPM_CERT_ID set, using dummycerts for npm and default hosts."
else
if [ -d "/data/tls/certbot/live/npm-$NPM_CERT_ID" ]; then
if [ ! -f /data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem ]; then
if [ ! -s /data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem ]; then
echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/fullchain.pem does not exist"
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
Expand All @@ -403,7 +402,7 @@ else
export NPM_CERT=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/fullchain.pem
echo "NPM_CERT set to /data/tls/certbot/live/npm-$NPM_CERT_ID/fullchain.pem"

if [ ! -f /data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem ]; then
if [ ! -s /data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem ]; then
echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/privkey.pem does not exist"
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
Expand All @@ -412,7 +411,7 @@ else
export NPM_KEY=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/privkey.pem
echo "NPM_KEY set to /data/tls/certbot/live/npm-$NPM_CERT_ID/privkey.pem"

if [ ! -f /data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem ]; then
if [ ! -s /data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem ]; then
echo "/data/tls/certbot/live/npm-$NPM_CERT_ID/chain.pem does not exist, running without it"
else
export NPM_CHAIN=/data/tls/certbot/live/npm-"$NPM_CERT_ID"/chain.pem
Expand All @@ -422,7 +421,7 @@ else
fi

elif [ -d "/data/tls/custom/npm-$NPM_CERT_ID" ]; then
if [ ! -f /data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem ]; then
if [ ! -s /data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem ]; then
echo "/data/tls/custom/npm-$NPM_CERT_ID/fullchain.pem does not exist"
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
Expand All @@ -431,7 +430,7 @@ else
export NPM_CERT=/data/tls/custom/npm-"$NPM_CERT_ID"/fullchain.pem
echo "NPM_CERT set to /data/tls/custom/npm-$NPM_CERT_ID/fullchain.pem"

if [ ! -f /data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem ]; then
if [ ! -s /data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem ]; then
echo "/data/tls/custom/npm-$NPM_CERT_ID/privkey.pem does not exist"
export NPM_CERT=/data/tls/dummycert.pem
export NPM_KEY=/data/tls/dummykey.pem
Expand All @@ -440,7 +439,7 @@ else
export NPM_KEY=/data/tls/custom/npm-"$NPM_CERT_ID"/privkey.pem
echo "NPM_KEY set to /data/tls/custom/npm-$NPM_CERT_ID/privkey.pem"

if [ ! -f /data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem ]; then
if [ ! -s /data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem ]; then
echo "/data/tls/custom/npm-$NPM_CERT_ID/chain.pem does not exist, running without it"
else
export NPM_CHAIN=/data/tls/custom/npm-"$NPM_CERT_ID"/chain.pem
Expand Down Expand Up @@ -468,7 +467,7 @@ if [ "$NPM_CERT" != "/data/tls/dummycert.pem" ] && [ "$NPM_KEY" = "/data/tls/dum
fi

if [ "$NPM_CERT" = "/data/tls/dummycert.pem" ] || [ "$NPM_KEY" = "/data/tls/dummykey.pem" ]; then
if [ ! -f /data/tls/dummycert.pem ] || [ ! -f /data/tls/dummykey.pem ]; then
if [ ! -s /data/tls/dummycert.pem ] || [ ! -s /data/tls/dummykey.pem ]; then
rm -vrf /data/tls/dummycert.pem \
/data/tls/dummykey.pem
openssl req -new -newkey rsa:4096 -days 365000 -nodes -x509 -subj '/CN=*' -sha256 -keyout /data/tls/dummykey.pem -out /data/tls/dummycert.pem
Expand Down Expand Up @@ -552,26 +551,26 @@ if [ "$NGINX_LOG_NOT_FOUND" = "true" ]; then
sed -i "s|log_not_found off;|log_not_found on;|g" /usr/local/nginx/conf/nginx.conf
fi

if [ ! -f /data/nginx/default.conf ]; then
if [ ! -s /data/nginx/default.conf ]; then
cp -vn /usr/local/nginx/conf/conf.d/include/default.conf /data/nginx/default.conf
fi

if [ ! -f /data/tls/certbot/config.ini ]; then
if [ ! -s /data/tls/certbot/config.ini ]; then
cp -vn /etc/tls/certbot.ini /data/tls/certbot/config.ini
fi
cp /etc/tls/certbot.ini /data/tls/certbot/config.ini.example

if [ ! -f /data/etc/crowdsec/ban.html ]; then
if [ ! -s /data/etc/crowdsec/ban.html ]; then
cp -vn /usr/local/nginx/conf/conf.d/include/ban.html /data/etc/crowdsec/ban.html
fi
cp /usr/local/nginx/conf/conf.d/include/ban.html /data/etc/crowdsec/ban.html.example

if [ ! -f /data/etc/crowdsec/captcha.html ]; then
if [ ! -s /data/etc/crowdsec/captcha.html ]; then
cp -vn /usr/local/nginx/conf/conf.d/include/captcha.html /data/etc/crowdsec/captcha.html
fi
cp /usr/local/nginx/conf/conf.d/include/captcha.html /data/etc/crowdsec/captcha.html.example

if [ ! -f /data/etc/crowdsec/crowdsec.conf ]; then
if [ ! -s /data/etc/crowdsec/crowdsec.conf ]; then
cp -vn /usr/local/nginx/conf/conf.d/include/crowdsec.conf /data/etc/crowdsec/crowdsec.conf
fi
cp /usr/local/nginx/conf/conf.d/include/crowdsec.conf /data/etc/crowdsec/crowdsec.conf.example
Expand Down

0 comments on commit ef336f6

Please sign in to comment.