From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Thu, 28 Dec 2023 10:43:21 +0000 (+0100)
Subject: wait #6549 @2
X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=caa75092ca2cb07d69507304d335b4903864d60c;p=fluidbook-toolbox.git

wait #6549 @2
---

diff --git a/app/Fluidbook/HostingLoadBalancer.php b/app/Fluidbook/HostingLoadBalancer.php
index 67a5ef6cf..792f84c10 100644
--- a/app/Fluidbook/HostingLoadBalancer.php
+++ b/app/Fluidbook/HostingLoadBalancer.php
@@ -7,7 +7,7 @@ use Cubist\Util\Files\Files;
 class HostingLoadBalancer
 {
     protected static $_servers = [
-        ['name' => 's1', 'host' => 's1.lb.fluidbook.com', 'weight' => 7],
+        ['name' => 's1', 'host' => 's1.lb.fluidbook.com', 'weight' => 2],
         ['name' => 's2', 'host' => 's2.lb.fluidbook.com', 'weight' => 2],
         ['name' => 's3', 'host' => 's3.lb.fluidbook.com', 'weight' => 2],
     ];
diff --git a/app/Http/Controllers/Admin/Operations/Tools/DockerWebContainer.php b/app/Http/Controllers/Admin/Operations/Tools/DockerWebContainer.php
index 8878950c5..8a80da4e1 100644
--- a/app/Http/Controllers/Admin/Operations/Tools/DockerWebContainer.php
+++ b/app/Http/Controllers/Admin/Operations/Tools/DockerWebContainer.php
@@ -66,10 +66,7 @@ trait DockerWebContainer
             }
 
             $variables = ['$name' => $name . $dockerSuffix,
-                '$portadminer' => rand(10000, 60000),
-                '$portmatomo' => rand(10000, 60000),
                 '$matomodbpassword' => Str::random(16),
-                '$port' => rand(10000, 60000),
                 '$sshport' => rand(10000, 60000),
                 '$domain' => $request->get('domain', ''),
                 '$dbpassword' => Str::random(16),
@@ -77,7 +74,6 @@ trait DockerWebContainer
                 '$locale' => 'fr_FR',
                 '$localeshort' => 'fr',
                 '$sshpassword' => Str::random(16),
-                '$fixrights' => '',
                 '$public' => $request->get('public') ? '/public' : '/'
             ];
 
@@ -95,7 +91,7 @@ trait DockerWebContainer
             $variables['$phpversion'] = $request->get('phpversion', '8.1');
             if ($variables['$phpversion'] !== 'none') {
                 $compose[] = 'php';
-                if (version_compare($variables['$phpversion'], '7.3', '<=')) {
+                if (version_compare($variables['$phpversion'], '5.6', '<=')) {
                     $variables['$phpfpmimage'] = 'php-' . $variables['$phpversion'] . '-fpm';
                 }
                 $fixRights[] = 'chown 0:0 ./config/cron/crontab';
diff --git a/app/Models/TeamServers.php b/app/Models/TeamServers.php
index 49becbc26..7799e0da8 100644
--- a/app/Models/TeamServers.php
+++ b/app/Models/TeamServers.php
@@ -42,8 +42,7 @@ class TeamServers extends CubistMagicAbstractModel
             $fw = '#!/bin/bash' . "\n\n";
 
             $fw .= 'export DEBIAN_FRONTEND=noninteractive' . "\n";
-            $fw .= 'apt install --no-install-recommends -y bind9 dnsutils' . "\n";
-            $fw .= 'service bind9 restart' . "\n\n";
+            $fw .= 'apt install --no-install-recommends -y dnsutils' . "\n";
 
             $fw .= '# Reset all rules
 ufw --force reset
@@ -156,8 +155,6 @@ rm /lib/ufw/user6.rules.*
 rm /lib/ufw/user.rules.*
 ';
             file_put_contents(Files::mkdir(resource_path('servers/' . $server['name'])) . 'firewall', $fw);
-
-
         }
 
         $update = '@echo off
@@ -171,8 +168,6 @@ cd /D D:\Works\Scripts\servers' . "\n\n";
         }
 
         file_put_contents(resource_path('servers') . '/' . 'update.bat', str_replace("\n", "\r\n", $update));
-
-
     }
 
     protected static function digOrIP($address)
diff --git a/resources/servers/alphaville/firewall b/resources/servers/alphaville/firewall
new file mode 100644
index 000000000..1fa986226
--- /dev/null
+++ b/resources/servers/alphaville/firewall
@@ -0,0 +1,83 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny in from $ip
+        ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out from $ip
+	ufw allow out to $ip
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
diff --git a/resources/servers/brazil/firewall b/resources/servers/brazil/firewall
new file mode 100644
index 000000000..543f3c2a9
--- /dev/null
+++ b/resources/servers/brazil/firewall
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny in from $ip
+        ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out from $ip
+	ufw allow out to $ip
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
diff --git a/resources/servers/dobermann/firewall b/resources/servers/dobermann/firewall
new file mode 100644
index 000000000..d625dad21
--- /dev/null
+++ b/resources/servers/dobermann/firewall
@@ -0,0 +1,92 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+c0=`dig +short s1.adangelis.com | tail -1`
+c1=`dig +short www.fondation-sycomore.com | tail -1`
+backup=($c0 $c1)
+ufw allow 53
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny in from $ip
+        ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out from $ip
+	ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+        ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
diff --git a/resources/servers/dracula/firewall b/resources/servers/dracula/firewall
new file mode 100644
index 000000000..df44850f6
--- /dev/null
+++ b/resources/servers/dracula/firewall
@@ -0,0 +1,84 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 53
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny in from $ip
+        ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out from $ip
+	ufw allow out to $ip
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
diff --git a/resources/servers/elephantman/firewall b/resources/servers/elephantman/firewall
new file mode 100644
index 000000000..1dc0eef8b
--- /dev/null
+++ b/resources/servers/elephantman/firewall
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny in from $ip
+        ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out from $ip
+	ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+        ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
diff --git a/resources/servers/fastandfurious/firewall b/resources/servers/fastandfurious/firewall
new file mode 100644
index 000000000..b503226a9
--- /dev/null
+++ b/resources/servers/fastandfurious/firewall
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 51820
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny in from $ip
+        ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out from $ip
+	ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+        ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
diff --git a/resources/servers/godzilla/firewall b/resources/servers/godzilla/firewall
new file mode 100644
index 000000000..ec7ff6731
--- /dev/null
+++ b/resources/servers/godzilla/firewall
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 53
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny in from $ip
+        ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out from $ip
+	ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+        ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
diff --git a/resources/servers/her2/firewall b/resources/servers/her2/firewall
new file mode 100644
index 000000000..4421c8bc9
--- /dev/null
+++ b/resources/servers/her2/firewall
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 53
+ufw allow 80
+ufw allow 443
+ufw allow 25
+ufw allow 143
+ufw allow 465
+ufw allow 487
+ufw allow 993
+ufw allow 4190
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny in from $ip
+        ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out from $ip
+	ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+        ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
diff --git a/resources/servers/kingkong/firewall b/resources/servers/kingkong/firewall
new file mode 100644
index 000000000..3aafb3d7e
--- /dev/null
+++ b/resources/servers/kingkong/firewall
@@ -0,0 +1,88 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny in from $ip
+        ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out from $ip
+	ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+        ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
diff --git a/resources/servers/update.bat b/resources/servers/update.bat
new file mode 100644
index 000000000..6b3760d53
--- /dev/null
+++ b/resources/servers/update.bat
@@ -0,0 +1,32 @@
+@echo off
+cd /D D:\Works\Scripts
+scp -P 58745 -r toolbox@toolbox.fluidbook.com:/application/resources/servers/ ./
+cd /D D:\Works\Scripts\servers
+
+scp -P 22 ./alphaville/firewall root@alphaville.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@alphaville.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./brazil/firewall root@brazil.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@brazil.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./dracula/firewall root@dracula.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@dracula.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./dobermann/firewall root@dobermann.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@dobermann.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22822 ./elephantman/firewall root@elephantman.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22822 root@elephantman.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./godzilla/firewall root@godzilla.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@godzilla.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./her2/firewall root@her2.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@her2.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./kingkong/firewall root@kingkong.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@kingkong.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22822 ./fastandfurious/firewall root@fastandfurious.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22822 root@fastandfurious.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
diff --git a/resources/tools/dockerwebcontainer/matomo b/resources/tools/dockerwebcontainer/matomo
index d70067557..4c1666dc4 100644
--- a/resources/tools/dockerwebcontainer/matomo
+++ b/resources/tools/dockerwebcontainer/matomo
@@ -28,8 +28,6 @@
         - ./matomo/matomo:/var/www/html
         - ./matomo/bin:/var/www/html/bin
       restart: unless-stopped
-      ports:
-        - $portmatomo:80
       networks:
         - $name
 
@@ -56,4 +54,3 @@
         - ./matomo/redis:/data
       networks:
         - $name
-