Nginx via script
Nginx support via script was added in knocknoc-agent version 1.0.30.
To get started, make sure you have that version. Your sudoers file needs to contain the following:
knocknoc-agent ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s reload
in /etc/sudoers.d/knocknoc-agent
And then you can:
mkdir /etc/nginx/acl
and chown knocknoc-agent /etc/nginx/acl/
then touch /etc/nginx/acl/librenms.acl
as an example.
A sample nginx config file for librenms is as follows:
server {
listen 80;
server_name librenms.domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name librenms.domain.com;
root /opt/librenms/html;
index index.php;
ssl_certificate /etc/nginx/ssl/star.domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/star.domain.com.key;
# Knocknoc manages this ACL
include /etc/nginx/acl/librenms.acl;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ [^/]\.php(/|$) {
fastcgi_pass unix:/var/run/php/php-fpm-librenms.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi.conf;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
Then, when a user with right rightACL ACLallocated logs in,in to knocknoc, they get added to the librenms ACL. Note that the script ensures all IPs are blocked by default.