update screenshots

Author: Safe3

README.md

@@ -79,7 +79,7 @@ Subsequently, `bash /opt/waf/manager.sh` is used to manage the UUSEC WAF contain
 
 1. Login to the management: Access https://ip:4443 ,the IP address is the server IP address for installing the UUSEC WAF, the default username is "admin", and the default password is "Passw0rd!".
 2. Add a site: Go to the "Sites" menu, click the "Add Site" button, and follow the prompts to add the site domain name and website server IP.
-3. Add SSL certificate: Go to the certificate management menu, click the "Add Certificate" button, and upload the HTTPS certificate and private key file of the domain name. If you do not add an SSL certificate, the UUSEC WAF will automatically attempt to apply for a Let's Encrypt free SSL certificate and renew it automatically before the certificate expires.
+3. Add SSL certificate: Go to the certificate management menu, click the "Add Certificate" button, and upload the HTTPS certificate and private key file of the domain name. If you don‘t have a SSL certificate, you can also apply for a Let's Encrypt free SSL certificate and renew it automatically before the certificate expires.
 4. Change the DNS address of the domain: Go to the domain name service provider's management backend and change the IP address recorded in the DNS A of the domain name to the IP address of the UUSEC WAF server.
 5. Test connectivity: Visit the site domain to see if the website can be opened, and check if the returned HTTP header server field is uuWAF.
 

docker/docker-compose.yml

@@ -12,58 +12,47 @@
 
 services:
   uuwaf:
-   image: swr.ap-southeast-1.myhuaweicloud.com/uusec/uuwaf:latest
-   ulimits:
-     nproc: 65535
-     nofile:
-       soft: 102400
-       hard: 102400
-   container_name: uuwaf
-   restart: always
-   network_mode: host
-   volumes:
-     - /etc/localtime:/etc/localtime:ro
-     - waf_config:/uuwaf/web/conf
-     - waf_acme_accounts:/uuwaf/web/accounts
-     - waf_acme_certificates:/uuwaf/web/certificates
-   command: ["/run.sh"]
-   environment:
-     - UUWAF_DB_DSN=root:${MYSQL_PASSWORD}@tcp(127.0.0.1:6612)/uuwaf?charset=utf8mb4&parseTime=true&loc=Local
-   depends_on:
+    image: uusec/waf:latest
+    ulimits:
+      nproc: 65535
+      nofile:
+        soft: 102400
+        hard: 102400
+    container_name: uuwaf
+    restart: always
+    network_mode: host
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ./waf_config:/uuwaf/web/conf
+      - ./waf_acme:/uuwaf/acme
+      - ./waf_logs:/uuwaf/logs
+    environment:
+      - UUWAF_DB_DSN=root:${MYSQL_PASSWORD}@tcp(127.0.0.1:6612)/uuwaf?charset=utf8mb4&parseTime=true&loc=Local
+    depends_on:
       wafdb:
         condition: service_healthy
 
   wafdb:
-   image: swr.ap-southeast-1.myhuaweicloud.com/uusec/percona-server:5.7
-   ulimits:
-     nproc: 65535
-     nofile:
-       soft: 102400
-       hard: 102400
-   container_name: wafdb
-   restart: always
-   networks:
+    image: mysql:5.7.44
+    container_name: wafdb
+    restart: always
+    networks:
       wafnet:
         ipv4_address: 172.31.254.3
-   ports:
-     - "6612:3306"
-   volumes:
-     - /etc/localtime:/etc/localtime:ro
-     - waf_data:/var/lib/mysql
-     #- ./low-memory-my.cnf:/etc/mysql/my.cnf
-   environment:
-     - INIT_ROCKSDB
-     - MYSQL_MAX_CONNECTIONS=512
-     - MYSQL_ROOT_PASSWORD=${MYSQL_PASSWORD}
-   healthcheck:
-     test: ["CMD", "mysqladmin", "-uroot", "-p${MYSQL_PASSWORD}", "ping", "-h", "127.0.0.1", "--silent"]
-     start_period: 3s
-     interval: 5s
-     timeout: 3s
-     retries: 10
+    ports:
+      - "6612:3306"
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - ./waf_data:/var/lib/mysql
+      #- ./low-memory-my.cnf:/etc/mysql/my.cnf
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_PASSWORD}
+    command: ["--max_connections=512"]
+    healthcheck:
+      test: ["CMD", "mysqladmin", "-uroot", "-p${MYSQL_PASSWORD}", "ping", "-h", "127.0.0.1", "--silent"]
+      start_period: 3s
+      interval: 5s
+      timeout: 3s
+      retries: 10
 
-volumes:
-  waf_config:
-  waf_acme_accounts:
-  waf_acme_certificates:
-  waf_data:

docker/install-docker.sh

@@ -256,6 +256,11 @@ get_distribution() {
 	# Every system that we officially support has /etc/os-release
 	if [ -r /etc/os-release ]; then
 		lsb_dist="$(. /etc/os-release && echo "$ID")"
+		case "$lsb_dist" in
+			rocky|almalinux)
+			lsb_dist="centos"
+			;;
+		esac		
 	fi
 	# Returning an empty string here should be alright since the
 	# case statements don't act unless you provide an actual value

docker/uuwaf.sh docker/manager.shdocker/uuwaf.sh renamed to docker/manager.sh

@@ -1,5 +1,9 @@
 #!/bin/bash
 
+info() {
+	echo -e "\033[32m[UUSEC WAF] $*\033[0m"
+}
+
 warning() {
 	echo -e "\033[33m[UUSEC WAF] $*\033[0m"
 }
@@ -10,7 +14,7 @@ abort() {
 }
 
 if [ -z "$BASH" ]; then
-	abort "Please execute this script using bash and refer to the latest official technical documentation https://uuwaf.uusec.com/"
+	abort "Please execute this script using bash and refer to the latest official technical documentation https://www.uusec.com/"
 fi
 
 if [ "$EUID" -ne "0" ]; then
@@ -37,44 +41,38 @@ fi
 
 if [ ! -f ".env" ];then
 	echo "MYSQL_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" > .env
-	if [ $(command -v firewall-cmd) ]; then
-		firewall-cmd --permanent --add-port={80,443,4443}/tcp > /dev/null 2>&1
-		firewall-cmd --reload > /dev/null 2>&1
-	elif [ $(command -v ufw) ]; then
-		for port in 80 443 4443; do ufw allow $port/tcp > /dev/null 2>&1; done
-		ufw reload > /dev/null 2>&1
-	fi
 fi
 
-stop_uuwaf(){
+stop_waf(){
 	$DC_CMD down
 }
 
-uninstall_uuwaf(){
-	stop_uuwaf
+uninstall_waf(){
+	stop_waf
 	docker rm -f uuwaf wafdb > /dev/null 2>&1
 	docker network rm wafnet > /dev/null 2>&1
 	docker images|grep uuwaf|awk '{print $3}'|xargs docker rmi -f > /dev/null 2>&1
-	docker volume ls|grep waf|awk '{print $2}'|xargs docker volume rm -f > /dev/null 2>&1
+	docker volume ls|grep _waf_|awk '{print $2}'|xargs docker volume rm -f > /dev/null 2>&1
 }
 
-start_uuwaf(){
+start_waf(){
 	if [ ! $(command -v netstat) ]; then
-		$( command -v yum || command -v apt-get ) -y install net-tools
+		$( command -v yum || command -v apt-get || command -v zypper ) -y install net-tools
 	fi
-	port_status=`netstat -nlt|grep -E ':(80|443|4443|6612)\s'|wc -l`
+	port_status=`netstat -nlt|grep -E ':(80|443|777|4443|4447)\s'|wc -l`
 	if [ $port_status -gt 0 ]; then
-		abort "One or more of ports 80, 443, 4443, 6612 are occupied. Please shutdown the corresponding service or modify its port"
+		abort "One or more of ports 80, 443, 777, 4443, 4447 are occupied. Please shutdown the corresponding service or modify its port"
 	fi
 	$DC_CMD up -d --remove-orphans
 }
 
-upgrade_uuwaf(){
+upgrade_waf(){
+	curl https://uuwaf.uusec.com/docker-compose.yml -o docker-compose.yml
 	$DC_CMD pull
 	$DC_CMD up -d --remove-orphans
 }
 
-repair_uuwaf(){
+repair_waf(){
 	if [ $(command -v firewall-cmd) ]; then
 		systemctl restart firewalld > /dev/null 2>&1
 	elif [ $(command -v ufw) ]; then
@@ -84,66 +82,56 @@ repair_uuwaf(){
 	systemctl restart docker
 }
 
-restart_uuwaf(){
-	stop_uuwaf
-	start_uuwaf
-}
-
-clean_uuwaf(){
-	docker system prune -a -f
-	docker volume prune -a -f
+restart_waf(){
+	stop_waf
+	start_waf
 }
 
 start_menu(){
     clear
     echo "========================="
-    echo "UUSEC WAF Docker Management"
+    echo "UUSEC WAF Management"
     echo "========================="
     echo "1. Start"
     echo "2. Stop"
     echo "3. Restart"
     echo "4. Upgrade"
     echo "5. Repair"
     echo "6. Uninstall"
-    echo "7. Clean"
-    echo "8. Exit"
+    echo "7. Exit"
     echo
     read -p "Please enter the number: " num
     case "$num" in
-    	1)
-	start_uuwaf
-	echo "Startup completed"
+	1)
+	start_waf
+	info "Startup completed"
 	;;
 	2)
-	stop_uuwaf
-	echo "Stop completed"
+	stop_waf
+	info "Stop completed"
 	;;
-    	3)
-	restart_uuwaf
-	echo "Restart completed"
+	3)
+	restart_waf
+	info "Restart completed"
 	;;
 	4)
-	upgrade_uuwaf
-	echo "Upgrade completed"
+	upgrade_waf
+	info "Upgrade completed"
 	;;
 	5)
-	repair_uuwaf
-	echo "Repair completed"
+	repair_waf
+	info "Repair completed"
 	;;
 	6)
-	uninstall_uuwaf
-	echo "Uninstall completed"
+	uninstall_waf
+	info "Uninstall completed"
 	;;
 	7)
-	clean_uuwaf
-	echo "Clean completed"
-	;;
-	8)
 	exit 1
 	;;
 	*)
 	clear
-	echo "Please enter the right number"
+	info "Please enter the right number"
 	;;
     esac
     sleep 3s

docker/readme.txt

@@ -34,7 +34,7 @@ Subsequently, `bash /opt/waf/manager.sh` is used to manage the UUSEC WAF contain
 
 1. Login to the management: Access https://ip:4443 ,the IP address is the server IP address for installing the UUSEC WAF, the default username is "admin", and the default password is "#Passw0rd".
 2. Add a site: Go to the "Sites" menu, click the "Add Site" button, and follow the prompts to add the site domain name and website server IP.
-3. Add SSL certificate: Go to the certificate management menu, click the "Add Certificate" button, and upload the HTTPS certificate and private key file of the domain name. If you do not have a SSL certificate, you can also apply for a Let's Encrypt free SSL certificate and renew it automatically before the certificate expires.
+3. Add SSL certificate: Go to the certificate management menu, click the "Add Certificate" button, and upload the HTTPS certificate and private key file of the domain name. If you don‘t have a SSL certificate, you can also apply for a Let's Encrypt free SSL certificate and renew it automatically before the certificate expires.
 4. Change the DNS address of the domain: Go to the domain name service provider's management backend and change the IP address recorded in the DNS A of the domain name to the IP address of the UUSEC WAF server.
 5. Test connectivity: Visit the site domain to see if the website can be opened, and check if the returned HTTP header server field is uuWAF.