This repository has been archived by the owner on Mar 1, 2023. It is now read-only.
/
entrypoint.sh
154 lines (142 loc) · 7.62 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#!/bin/sh
# check if bunkerized-phpmyadmin is already installed
if [ -f "/opt/phpmyadmin.installed" ] ; then
exit 0
fi
# replace pattern in file
function replace_in_file() {
# escape slashes
pattern=$(echo "$2" | sed "s/\//\\\\\//g")
replace=$(echo "$3" | sed "s/\//\\\\\//g")
sed -i "s/$pattern/$replace/g" "$1"
}
# define default variables
PMA_DIRECTORY="${PMA_DIRECTORY-/}"
BLOWFISH_SECRET="${BLOWFISH_SECRET-random}"
if [ "$BLOWFISH_SECRET" = "random" ] ; then
BLOWFISH_SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
fi
LOGIN_COOKIE_RECALL="${LOGIN_COOKIE_RECALL-false}"
LOGIN_COOKIE_VALIDITY="${LOGIN_COOKIE_VALIDITY-720}"
LOGIN_COOKIE_STORE="${LOGIN_COOKIE_STORE-0}"
LOGIN_COOKIE_DELETE_ALL="${LOGIN_COOKIE_DELETE_ALL-true}"
SEND_ERROR_REPORTS="${SEND_ERROR_REPORTS-never}"
ALLOW_THIRD_PARTY_FRAMING="${ALLOW_THIRD_PARTY_FRAMING-false}"
VERSION_CHECK="${VERSION_CHECK-false}"
ALLOW_USER_DROP_DATABASE="${ALLOW_USER_DROP_DATABASE-false}"
CONFIRM="${CONFIRM-true}"
ALLOW_ARBITRARY_SERVER="${ALLOW_ARBITRARY_SERVER-false}"
ARBITRARY_SERVER_REGEXP="${ARBITRARY_SERVER_REGEXP-}"
CAPTCHA_METHOD="${CAPTCHA_METHOD-invisible}"
CAPTCHA_LOGIN_PUBLIC_KEY="${CAPTCHA_LOGIN_PUBLIC_KEY-}"
CAPTCHA_LOGIN_PRIVATE_KEY="${CAPTCHA_LOGIN_PRIVATE_KEY-}"
CAPTCHA_SITE_VERIFY_URL="${CAPTCHA_SITE_VERIFY_URL-https://www.google.com/recaptcha/api/siteverify}"
SHOW_STATS="${SHOW_STATS-false}"
SHOW_SERVER_INFO="${SHOW_SERVER_INFO-false}"
SHOW_PHP_INFO="${SHOW_PHP_INFO-false}"
SHOW_GIT_REVISION="${SHOW_GIT_REVISION-false}"
USERPREFS_DISALLOW="${USERPREFS_DISALLOW-'VersionCheck', 'SendErrorReports', 'hide_db'}"
HIDE_PMA_VERSION="${HIDE_PMA_VERSION-yes}"
REMOVE_FILES="${REMOVE_FILES-setup *.md ChangeLog DCO LICENSE README RELEASE-DATE-* composer.json composer.lock config.sample.inc.php doc examples package.json yarn.lock}"
RESTRICT_PATHS="${RESTRICT_PATHS-yes}"
ZERO_CONF="${ZERO_CONF-false}"
PMA_NO_RELATION_DISABLE_WARNING="${PMA_NO_RELATION_DISABLE_WARNING-true}"
MODSECURITY_CRS_EXCLUSIONS="${MODSECURITY_CRS_EXCLUSIONS-yes}"
HIDE_DB="${HIDE_DB-^(information_schema|performance_schema)\$}"
PMA_FAIL2BAN="${PMA_FAIL2BAN-yes}"
PMA_FAIL2BAN_BANTIME="${PMA_FAIL2BAN_BANTIME-3600}"
PMA_FAIL2BAN_FINDTIME="${PMA_FAIL2BAN_FINDTIME-600}"
PMA_FAIL2BAN_MAXRETRY="${PMA_FAIL2BAN_MAXRETRY-5}"
# move to the right directory
mkdir /opt/phpmyadmin
if [ "$PMA_DIRECTORY" = "/" ] ; then
mv /opt/phpmyadmin-files/* /opt/phpmyadmin/
else
mv /opt/phpmyadmin-files /opt/phpmyadmin/$PMA_DIRECTORY
fi
cp /opt/config.inc.php /opt/phpmyadmin/$PMA_DIRECTORY
chown -R root:nginx /opt/phpmyadmin
chmod -R 750 /opt/phpmyadmin
# replace variables
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%BLOWFISH_SECRET%" "$BLOWFISH_SECRET"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%LOGIN_COOKIE_RECALL%" "$LOGIN_COOKIE_RECALL"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%LOGIN_COOKIE_VALIDITY%" "$LOGIN_COOKIE_VALIDITY"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%LOGIN_COOKIE_STORE%" "$LOGIN_COOKIE_STORE"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%LOGIN_COOKIE_DELETE_ALL%" "$LOGIN_COOKIE_DELETE_ALL"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%SEND_ERROR_REPORTS%" "$SEND_ERROR_REPORTS"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%ALLOW_THIRD_PARTY_FRAMING%" "$ALLOW_THIRD_PARTY_FRAMING"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%VERSION_CHECK%" "$VERSION_CHECK"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%ALLOW_USER_DROP_DATABASE%" "$ALLOW_USER_DROP_DATABASE"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%CONFIRM%" "$CONFIRM"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%ALLOW_ARBITRARY_SERVER%" "$ALLOW_ARBITRARY_SERVER"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%ARBITRARY_SERVER_REGEXP%" "$ARBITRARY_SERVER_REGEXP"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%CAPTCHA_METHOD%" "$CAPTCHA_METHOD"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%CAPTCHA_LOGIN_PUBLIC_KEY%" "$CAPTCHA_LOGIN_PUBLIC_KEY"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%CAPTCHA_LOGIN_PRIVATE_KEY%" "$CAPTCHA_LOGIN_PRIVATE_KEY"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%CAPTCHA_SITE_VERIFY_URL%" "$CAPTCHA_SITE_VERIFY_URL"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%SHOW_STATS%" "$SHOW_STATS"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%SHOW_SERVER_INFO%" "$SHOW_SERVER_INFO"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%SHOW_PHP_INFO%" "$SHOW_PHP_INFO"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%SHOW_GIT_REVISION%" "$SHOW_GIT_REVISION"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%ZERO_CONF%" "$ZERO_CONF"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%USERPREFS_DISALLOW%" "$USERPREFS_DISALLOW"
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%PMA_NO_RELATION_DISABLE_WARNING%" "$PMA_NO_RELATION_DISABLE_WARNING"
# include custom servers
for i in $(env | grep "^SERVERS_" | cut -d '_' -f 2 | sort -u) ; do
if [ "$HIDE_DB" != "" ] ; then
ALL_SERVERS="${ALL_SERVERS}\$cfg['Servers'][$i]['hide_db'] = '${HIDE_DB}';\n"
fi
done
for var in $(env) ; do
#echo "$var"
var_name=$(echo "$var" | cut -d '=' -f 1 | cut -d '_' -f 1)
if [ "$var_name" = "SERVERS" ] ; then
index=$(echo "$var" | cut -d '=' -f 1 | cut -d '_' -f 2)
param=$(echo "$var" | cut -d '=' -f 1 | cut -d '_' -f 3)
value=$(echo "$var" | cut -d '=' -f 2)
ALL_SERVERS="${ALL_SERVERS}\$cfg['Servers'][${index}]['${param}'] = $value;\n"
fi
done
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/config.inc.php" "%ALL_SERVERS%" "$ALL_SERVERS"
# hackish way to hide the real version of PMA
if [ "$HIDE_PMA_VERSION" = "yes" ] ; then
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/libraries/classes/Config.php" "$PMA_VERSION" "0.0.0"
for theme in $(ls /opt/phpmyadmin/${PMA_DIRECTORY}/themes | grep -v "dot.gif") ; do
replace_in_file "/opt/phpmyadmin/${PMA_DIRECTORY}/themes/${theme}/theme.json" "5.0" "0.0"
done
fi
# remove files from PMA directory
if [ -n "$REMOVE_FILES" ] ; then
current_dir=$(pwd)
cd /opt/phpmyadmin/${PMA_DIRECTORY}
rm -rf $REMOVE_FILES
cd $current_dir
fi
# include custom nginx configuration if we decided to restrict some paths
if [ "$RESTRICT_PATHS" = "yes" ] ; then
cp /opt/pma.conf /server-confs/pma.conf
replace_pma_directory="$PMA_DIRECTORY"
if [ "$(echo $PMA_DIRECTORY | head -c 1)" != "/" ] ; then
replace_pma_directory="/${replace_pma_directory}"
fi
if [ "$(echo -n $PMA_DIRECTORY | tail -c 1)" != "/" ] ; then
replace_pma_directory="${replace_pma_directory}/"
fi
replace_in_file "/server-confs/pma.conf" "%PMA_DIRECTORY%" "$replace_pma_directory"
fi
# include modsecurity crs exclusions
if [ "$MODSECURITY_CRS_EXCLUSIONS" = "yes" ] ; then
cp /opt/modsec.conf /modsec-confs
fi
# include fail2ban configs if needed
if [ "$PMA_FAIL2BAN" = "yes" ] ; then
cp /opt/pma-fail2ban/pma-action.local /etc/fail2ban/action.d/pma-action.local
cp /opt/pma-fail2ban/pma-filter.local /etc/fail2ban/filter.d/pma-filter.local
cp /opt/pma-fail2ban/pma-jail.local /etc/fail2ban/jail.d/pma-jail.local
replace_in_file "/etc/fail2ban/jail.d/pma-jail.local" "%PMA_FAIL2BAN_BANTIME%" "$PMA_FAIL2BAN_BANTIME"
replace_in_file "/etc/fail2ban/jail.d/pma-jail.local" "%PMA_FAIL2BAN_FINDTIME%" "$PMA_FAIL2BAN_FINDTIME"
replace_in_file "/etc/fail2ban/jail.d/pma-jail.local" "%PMA_FAIL2BAN_MAXRETRY%" "$PMA_FAIL2BAN_MAXRETRY"
fi
# we're done
echo "installed" > /opt/phpmyadmin.installed
exit 0