From 3a94bdf5f9742e8e5d605d1e4e010ecd8316d8a1 Mon Sep 17 00:00:00 2001 From: Jess Frazelle Date: Fri, 23 Mar 2018 17:14:50 -0400 Subject: [PATCH] fix telize Signed-off-by: Jess Frazelle --- latest-versions.sh | 4 +- telize/Dockerfile | 203 ++++++++++++++++++++++++++++++++++++++++----- telize/nginx.conf | 26 ++++-- telize/telize.conf | 80 +++++++++--------- 4 files changed, 242 insertions(+), 71 deletions(-) diff --git a/latest-versions.sh b/latest-versions.sh index a5c312f..1a58cbe 100755 --- a/latest-versions.sh +++ b/latest-versions.sh @@ -45,6 +45,8 @@ get_latest() { dir="unixbench" elif [[ "$dir" == "Tautulli" ]]; then dir="plexpy" + elif [[ "$dir" == "nginx" ]]; then + dir="telize" elif [[ "$dir" == "zookeeper" ]]; then dir="zookeeper/3.5" elif [[ "$dir" == "oauth2_proxy" ]]; then @@ -99,7 +101,7 @@ powershell/powershell ricochet-im/ricochet reverse-shell/routersploit tarsnap/tarsnap -fcambus/telize +nginx/nginx hashicorp/terraform kdlucas/byte-unixbench mitchellh/vagrant diff --git a/telize/Dockerfile b/telize/Dockerfile index 7d4b1f1..e81ddfb 100644 --- a/telize/Dockerfile +++ b/telize/Dockerfile @@ -1,44 +1,201 @@ -FROM debian:buster -LABEL maintainer "Jessie Frazelle " +FROM alpine:3.5 -RUN apt-get update && apt-get install -y \ - ca-certificates \ +RUN apk add --no-cache \ lua-cjson \ - lua-iconv \ - nginx-extras \ - --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* + luajit -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ +ENV NGINX_VERSION 1.12.2 +# https://github.com/simplresty/ngx_devel_kit/releases +ENV DEVELKIT_MODULE_VERSION v0.3.1rc1 +# https://github.com/openresty/lua-nginx-module/releases +ENV LUA_MODULE_VERSION v0.10.12rc2 +# https://github.com/leev/ngx_http_geoip2_module/releases +ENV GEOIP2_MODULE_VERSION 2.0 +# https://github.com/maxmind/libmaxminddb/releases +ENV LIBMAXMINDDB_VERSION 1.3.2 + +# Tell nginx's build system where to find LuaJIT 2.1: +ENV LUAJIT_LIB=/usr/lib/ +ENV LUAJIT_INC=/usr/include/luajit-2.1/ + +RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ + && CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --with-stream_realip_module \ + --with-stream_geoip_module=dynamic \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-compat \ + --with-file-aio \ + --with-http_v2_module \ + --with-ld-opt='-Wl,-rpath,/usr/lib/' \ + --add-module=/usr/src/ngx_devel_kit \ + --add-module=/usr/src/lua-nginx-module \ + --add-module=/usr/src/ngx_http_geoip2_module \ + " \ + && addgroup -S nginx \ + && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ + && apk add --no-cache --virtual .build-deps \ + autoconf \ + automake \ + gcc \ + git \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + curl \ + gnupg \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + luajit-dev \ + musl-utils \ + file \ + && git clone --depth 1 --branch "${DEVELKIT_MODULE_VERSION}" https://github.com/simplresty/ngx_devel_kit.git /usr/src/ngx_devel_kit \ + && git clone --depth 1 --branch "${LUA_MODULE_VERSION}" https://github.com/openresty/lua-nginx-module.git /usr/src/lua-nginx-module \ + && git clone --depth 1 --branch "${GEOIP2_MODULE_VERSION}" https://github.com/leev/ngx_http_geoip2_module.git /usr/src/ngx_http_geoip2_module \ + && mkdir -p /usr/src/libmaxminddb \ + && curl -sSL "https://github.com/maxmind/libmaxminddb/releases/download/${LIBMAXMINDDB_VERSION}/libmaxminddb-${LIBMAXMINDDB_VERSION}.tar.gz" | tar -xzf - --strip-components 1 -C /usr/src/libmaxminddb \ + && ( \ + cd /usr/src/libmaxminddb \ + && ./configure \ + && make \ + && make check \ + && make install \ + && ldconfig || true \ + ) \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && export GNUPGHOME="$(mktemp -d)" \ + && found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ + && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ + && mkdir -p /usr/src \ + && tar -zxC /usr/src -f nginx.tar.gz \ + && rm nginx.tar.gz \ + && ( \ + cd /usr/src/nginx-$NGINX_VERSION \ + && ./configure $CONFIG --with-debug \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && mv objs/nginx objs/nginx-debug \ + && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ + && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ + && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ + && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ + && ./configure $CONFIG \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && make install \ + && rm -rf /etc/nginx/html/ \ + && mkdir /etc/nginx/conf.d/ \ + && mkdir -p /usr/share/nginx/html/ \ + && install -m644 html/index.html /usr/share/nginx/html/ \ + && install -m644 html/50x.html /usr/share/nginx/html/ \ + && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ + && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ + && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ + && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ + && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ + && strip /usr/sbin/nginx* \ + && strip /usr/lib/nginx/modules/*.so \ + ) \ + && rm -rf /usr/src/nginx-$NGINX_VERSION /usr/src/ngx_devel_kit /usr/src/lua-nginx-module /usr/src/ngx_http_geoip2_module /usr/src/libmaxminddb \ + \ + # Bring in gettext so we can get `envsubst`, then throw + # the rest away. To do this, we need to install `gettext` + # then move `envsubst` out of the way so `gettext` can + # be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .nginx-rundeps $runDeps \ + && apk del .build-deps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ + \ + # forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log -COPY nginx.conf /etc/nginx/nginx.conf -COPY mime.types /etc/nginx/mime.types -COPY telize.conf /etc/nginx/conf.d/telize.conf +STOPSIGNAL SIGTERM EXPOSE 80 443 ENV TELIZE_VERSION master -RUN buildDeps=' \ +RUN set -x \ + && apk add --no-cache --virtual .build-deps \ curl \ git \ - ' \ - && set -x \ - && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && mkdir -p /usr/share/GeoIP \ - && curl -sSL https://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz -o /usr/share/GeoIP/GeoIPv6.dat.gz \ - && curl -sSL http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz -o /usr/share/GeoIP/GeoLiteCityv6.dat.gz \ - && curl -sSL http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz -o /usr/share/GeoIP/GeoIPASNumv6.dat.gz \ - && gunzip /usr/share/GeoIP/*gz \ + && curl -sSL "http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz" | tar -xzf - --strip-components 1 -C /usr/share/GeoIP \ + && curl -sSL "http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz" | tar -xzf - --strip-components 1 -C /usr/share/GeoIP \ + && curl -sSL "http://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN.tar.gz" | tar -xzf - --strip-components 1 -C /usr/share/GeoIP \ && git clone --depth 1 --branch "${TELIZE_VERSION}" https://github.com/fcambus/telize.git /usr/src/telize \ && ( \ cd /usr/src/telize \ - && cp timezone*.conf /etc/nginx/ \ + && cp *.conf /etc/nginx/ \ ) \ && rm -rf /usr/src/telize \ - && apt-get purge -y --auto-remove $buildDeps + && apk del .build-deps + +COPY nginx.conf /etc/nginx/nginx.conf +COPY mime.types /etc/nginx/mime.types +COPY telize.conf /etc/nginx/conf.d/telize.conf CMD ["nginx", "-g", "daemon off;"] diff --git a/telize/nginx.conf b/telize/nginx.conf index 1c502cb..2ffc5a2 100644 --- a/telize/nginx.conf +++ b/telize/nginx.conf @@ -1,6 +1,6 @@ include /etc/nginx/modules-enabled/*; -user www-data; +user nginx; worker_processes 2; worker_rlimit_nofile 8192; @@ -99,12 +99,26 @@ http { map_hash_bucket_size 64; map_hash_max_size 8192; - include /etc/nginx/timezone.conf; - include /etc/nginx/timezone-offset.conf; + include /etc/nginx/country-code3.conf; + include /etc/nginx/timezone-offset.conf; - geoip_country /usr/share/GeoIP/GeoIPv6.dat; - geoip_city /usr/share/GeoIP/GeoLiteCityv6.dat; - geoip_org /usr/share/GeoIP/GeoIPASNumv6.dat; + geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { + $geoip2_continent_code continent code; + $geoip2_country country names en; + $geoip2_country_code country iso_code; + $geoip2_region subdivisions 0 names en; + $geoip2_region_code subdivisions 0 iso_code; + $geoip2_city city names en; + $geoip2_postal_code postal code; + $geoip2_latitude location latitude; + $geoip2_longitude location longitude; + $geoip2_timezone location time_zone; + } + + geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb { + $geoip2_asn autonomous_system_number; + $geoip2_organization autonomous_system_organization; + } # Virtual hosts include /etc/nginx/conf.d/telize.conf; diff --git a/telize/telize.conf b/telize/telize.conf index ad94a53..c2ae838 100644 --- a/telize/telize.conf +++ b/telize/telize.conf @@ -1,11 +1,11 @@ ############################################################################### # # -# Telize 1.07 # -# Copyright (c) 2013-2017, Frederic Cambus # +# Telize 2.0.0 # +# Copyright (c) 2013-2018, Frederic Cambus # # https://www.telize.com # # # # Created: 2013-08-15 # -# Last Updated: 2017-02-07 # +# Last Updated: 2018-03-15 # # # # Telize is released under the BSD 2-Clause license. # # See LICENSE file for details. # @@ -29,11 +29,11 @@ server { gzip off; location ~ /ip$ { - add_header Cache-Control no-cache; - charset off; default_type text/plain; + add_header Cache-Control no-cache; + content_by_lua_block { ngx.say(ngx.var.remote_addr) } @@ -43,8 +43,14 @@ server { charset utf-8; default_type application/json; + if ($cors = "true") { + add_header Access-Control-Allow-Origin $cors_origin; + } + content_by_lua_block { - local cjson = require("cjson") + local cjson = require "cjson" + + ngx.header["Cache-Control"] = "no-cache"; local json = cjson.encode({ ip = ngx.var.remote_addr @@ -75,10 +81,6 @@ server { } location /jsonify { - set_real_ip_from 127.0.0.1; - - access_log off; - charset utf-8; default_type application/json; @@ -86,10 +88,12 @@ server { add_header Access-Control-Allow-Origin $cors_origin; } + set_real_ip_from 127.0.0.1; + + access_log off; + content_by_lua_block { - local cjson = require("cjson") - local iconv = require("iconv") - local cd = iconv.new("utf-8","iso-8859-15") + local cjson = require "cjson" ngx.header["Cache-Control"] = "no-cache"; @@ -105,25 +109,22 @@ server { local payload = { ip = ngx.var.remote_addr, - country_code = ngx.var.geoip_city_country_code, - country_code3 = ngx.var.geoip_city_country_code3, - country = ngx.var.geoip_city_country_name, - region = ngx.var.geoip_region_name, - region_code = ngx.var.geoip_region, - city = ngx.var.geoip_city, - postal_code = ngx.var.geoip_postal_code, - continent_code = ngx.var.geoip_city_continent_code, - latitude = ngx.var.geoip_latitude, - longitude = ngx.var.geoip_longitude, - dma_code = ngx.var.geoip_dma_code, - area_code = ngx.var.geoip_area_code, - organization = ngx.var.geoip_org, - timezone = ngx.var.geoip_timezone, - offset = ngx.var.geoip_timezone_offset, + continent_code = ngx.var.geoip2_continent_code, + country = ngx.var.geoip2_country, + country_code = ngx.var.geoip2_country_code, + country_code3 = ngx.var.geoip2_country_code3, + region = ngx.var.geoip2_region, + region_code = ngx.var.geoip2_region_code, + city = ngx.var.geoip2_city, + postal_code = ngx.var.geoip2_postal_code, + latitude = ngx.var.geoip2_latitude, + longitude = ngx.var.geoip2_longitude, + timezone = ngx.var.geoip2_timezone, + offset = ngx.var.geoip2_offset, + asn = ngx.var.geoip2_asn, + organization = ngx.var.geoip2_organization, } - local callback = ngx.var.arg_callback - -- Validate payload for item, value in pairs(payload) do if payload[item] == "" then @@ -137,23 +138,20 @@ server { payload.longitude = tonumber(payload.longitude) end - -- Convert city name to UTF-8 if it exists - if payload.city ~= nil then - payload.city = cd:iconv(payload.city) + -- Convert timezone offset to numeric value + if payload.offset ~= nil then + payload.offset = tonumber(payload.offset) end - -- Convert region name to UTF-8 if it exists - if payload.region ~= nil then - payload.region = cd:iconv(payload.region) - end - - -- Convert organization name to UTF-8 if it exists - if payload.organization ~= nil then - payload.organization = cd:iconv(payload.organization) + -- Convert ASN to numeric value + if payload.asn ~= nil then + payload.asn = tonumber(payload.asn) end local json = cjson.encode(payload) + local callback = ngx.var.arg_callback + if callback ~= "" then ngx.say(callback, "(", json, ");") else