mirror of https://github.com/fail2ban/fail2ban
`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action
parent
6f4b6ec8cc
commit
63acc862b1
|
@ -84,8 +84,15 @@ srv_cfg_path = /etc/nginx/
|
||||||
#srv_cmd = nginx -c %(srv_cfg_path)s/nginx.conf
|
#srv_cmd = nginx -c %(srv_cfg_path)s/nginx.conf
|
||||||
srv_cmd = nginx
|
srv_cmd = nginx
|
||||||
|
|
||||||
# first test configuration is correct, hereafter send reload signal:
|
# pid file (used to check nginx is running):
|
||||||
blck_lst_reload = %(srv_cmd)s -qt; if [ $? -eq 0 ]; then
|
srv_pid = /run/nginx.pid
|
||||||
|
|
||||||
|
# command used to check whether nginx is running and configuration is valid:
|
||||||
|
srv_is_running = [ -f "%(srv_pid)s" ]
|
||||||
|
srv_check_cmd = %(srv_is_running)s && %(srv_cmd)s -qt
|
||||||
|
|
||||||
|
# first test nginx is running and configuration is correct, hereafter send reload signal:
|
||||||
|
blck_lst_reload = %(srv_check_cmd)s; if [ $? -eq 0 ]; then
|
||||||
%(srv_cmd)s -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;
|
%(srv_cmd)s -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
|
|
|
@ -1281,7 +1281,7 @@ class Fail2banServerTest(Fail2banClientServerBase):
|
||||||
'backend = polling',
|
'backend = polling',
|
||||||
'usedns = no',
|
'usedns = no',
|
||||||
'logpath = %(tmp)s/blck-failures.log',
|
'logpath = %(tmp)s/blck-failures.log',
|
||||||
'action = nginx-block-map[blck_lst_reload="", blck_lst_file="%(tmp)s/blck-lst.map"]',
|
'action = nginx-block-map[srv_cmd="echo nginx", srv_pid="%(tmp)s/f2b.pid", blck_lst_file="%(tmp)s/blck-lst.map"]',
|
||||||
' blocklist_de[actionban=\'curl() { echo "*** curl" "$*";}; <Definition/actionban>\', email="Fail2Ban <fail2ban@localhost>", '
|
' blocklist_de[actionban=\'curl() { echo "*** curl" "$*";}; <Definition/actionban>\', email="Fail2Ban <fail2ban@localhost>", '
|
||||||
'apikey="TEST-API-KEY", agent="fail2ban-test-agent", service=<name>]',
|
'apikey="TEST-API-KEY", agent="fail2ban-test-agent", service=<name>]',
|
||||||
'filter =',
|
'filter =',
|
||||||
|
@ -1321,6 +1321,8 @@ class Fail2banServerTest(Fail2banClientServerBase):
|
||||||
self.assertIn('\\125-000-004 1;\n', mp)
|
self.assertIn('\\125-000-004 1;\n', mp)
|
||||||
self.assertIn('\\125-000-005 1;\n', mp)
|
self.assertIn('\\125-000-005 1;\n', mp)
|
||||||
|
|
||||||
|
# check nginx reload is logged (pid of fail2ban is used to simulate success check nginx is running):
|
||||||
|
self.assertLogged("stdout: 'nginx -qt'", "stdout: 'nginx -s reload'", all=True)
|
||||||
# check blocklist_de substitution (e. g. new-line after <matches>):
|
# check blocklist_de substitution (e. g. new-line after <matches>):
|
||||||
self.assertLogged(
|
self.assertLogged(
|
||||||
"stdout: '*** curl --fail --data-urlencode server=Fail2Ban <fail2ban@localhost>"
|
"stdout: '*** curl --fail --data-urlencode server=Fail2Ban <fail2ban@localhost>"
|
||||||
|
|
Loading…
Reference in New Issue