mirror of https://github.com/fail2ban/fail2ban
`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action
parent
6f4b6ec8cc
commit
63acc862b1
|
@ -84,8 +84,15 @@ srv_cfg_path = /etc/nginx/
|
|||
#srv_cmd = nginx -c %(srv_cfg_path)s/nginx.conf
|
||||
srv_cmd = nginx
|
||||
|
||||
# first test configuration is correct, hereafter send reload signal:
|
||||
blck_lst_reload = %(srv_cmd)s -qt; if [ $? -eq 0 ]; then
|
||||
# pid file (used to check nginx is running):
|
||||
srv_pid = /run/nginx.pid
|
||||
|
||||
# command used to check whether nginx is running and configuration is valid:
|
||||
srv_is_running = [ -f "%(srv_pid)s" ]
|
||||
srv_check_cmd = %(srv_is_running)s && %(srv_cmd)s -qt
|
||||
|
||||
# first test nginx is running and configuration is correct, hereafter send reload signal:
|
||||
blck_lst_reload = %(srv_check_cmd)s; if [ $? -eq 0 ]; then
|
||||
%(srv_cmd)s -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;
|
||||
fi;
|
||||
|
||||
|
|
|
@ -1281,7 +1281,7 @@ class Fail2banServerTest(Fail2banClientServerBase):
|
|||
'backend = polling',
|
||||
'usedns = no',
|
||||
'logpath = %(tmp)s/blck-failures.log',
|
||||
'action = nginx-block-map[blck_lst_reload="", blck_lst_file="%(tmp)s/blck-lst.map"]',
|
||||
'action = nginx-block-map[srv_cmd="echo nginx", srv_pid="%(tmp)s/f2b.pid", blck_lst_file="%(tmp)s/blck-lst.map"]',
|
||||
' blocklist_de[actionban=\'curl() { echo "*** curl" "$*";}; <Definition/actionban>\', email="Fail2Ban <fail2ban@localhost>", '
|
||||
'apikey="TEST-API-KEY", agent="fail2ban-test-agent", service=<name>]',
|
||||
'filter =',
|
||||
|
@ -1321,6 +1321,8 @@ class Fail2banServerTest(Fail2banClientServerBase):
|
|||
self.assertIn('\\125-000-004 1;\n', mp)
|
||||
self.assertIn('\\125-000-005 1;\n', mp)
|
||||
|
||||
# check nginx reload is logged (pid of fail2ban is used to simulate success check nginx is running):
|
||||
self.assertLogged("stdout: 'nginx -qt'", "stdout: 'nginx -s reload'", all=True)
|
||||
# check blocklist_de substitution (e. g. new-line after <matches>):
|
||||
self.assertLogged(
|
||||
"stdout: '*** curl --fail --data-urlencode server=Fail2Ban <fail2ban@localhost>"
|
||||
|
|
Loading…
Reference in New Issue