librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Migrate more examples and lint

This commit is contained in:
TheophileDiot 2022-12-02 15:37:23 +01:00
parent 016a8cd6d7
commit 03e98985ea
51 changed files with 705 additions and 246 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
examples/behind-reverse-proxy/docker-compose.yml
View File

@ -70,7 +70,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-cloudflare/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-digitalocean/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-google/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-ovh/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-route53/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/docker-configs/docker-compose.yml
View File

@ -96,7 +96,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

4
examples/drupal/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${DRUPAL_USER:-user}:${DRUPAL_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -86,7 +85,6 @@ volumes:
bw-data:
db-data:
networks:
bw-universe:
ipam:

1
examples/ghost/docker-compose.yml
View File

@ -65,7 +65,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

1
examples/hardened/docker-compose.yml
View File

@ -73,7 +73,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

4
examples/joomla/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${JOOMLA_USER:-user}:${JOOMLA_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -89,7 +88,6 @@ volumes:
bw-data:
db-data:
networks:
bw-universe:
ipam:

1
examples/load-balancer/docker-compose.yml
View File

@ -77,7 +77,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

4
examples/magento/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${MAGENTO_USER:-user}:${MAGENTO_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -102,7 +101,6 @@ volumes:
bw-data:
db-data:
networks:
bw-universe:
ipam:

4
examples/mattermost/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -140,7 +139,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

1
examples/mongo-express/docker-compose.yml
View File

@ -83,7 +83,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

4
examples/moodle/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${MOODLE_USER:-user}:${MOODLE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -93,7 +92,6 @@ volumes:
bw-data:
db-data:
networks:
bw-universe:
ipam:

29
examples/nextcloud/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${NEXTCLOUD_USER:-user}:${NEXTCLOUD_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -42,21 +41,21 @@ services:
LIMIT_REQ_RATE_3: "5r/s"
CUSTOM_CONF_MODSEC_CRS_nextcloud: "\
SecAction \
\"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_nextcloud=1\"
\"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_nextcloud=1\"
# WebDAV
SecAction \
\"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
\"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
CUSTOM_CONF_MODSEC_nextcloud: "\
SecRule REQUEST_FILENAME \"@rx ^/remote.php/dav/files/\" \"id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog\""
labels:
@ -64,7 +63,7 @@ services:
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:

6
examples/passbolt/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${PASSBOLT_USER:-user}:${PASSBOLT_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -86,7 +85,7 @@ services:
"0",
"mydb:3306",
"--",
"/docker-entrypoint.sh"
"/docker-entrypoint.sh",
]
networks:
- bw-services
@ -108,7 +107,6 @@ volumes:
db-data:
bw-data:
networks:
bw-universe:
ipam:

45
examples/php-multisite/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -16,6 +16,7 @@ services:
- ./bw-data:/data # contains web files (PHP, assets, ...), don't forget to rename the subfolders
environment:
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
@ -25,9 +26,33 @@ services:
- app1.example.com_REMOTE_PHP_PATH=/app
- app2.example.com_REMOTE_PHP=myapp2
- app2.example.com_REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- net_app1
- net_app2
- bw-universe
- net-app1
- net-app2
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- ./bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp1:
image: php:fpm
@ -38,7 +63,7 @@ services:
volumes:
- ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it)
networks:
- net_app1
- net-app1
myapp2:
image: php:fpm
@ -49,8 +74,14 @@ services:
volumes:
- ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it)
networks:
- net_app2
- net-app2
networks:
net_app1:
net_app2:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net-app1:
net-app2:

2
examples/php-multisite/setup-autoconf.sh
View File

@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

2
examples/php-multisite/setup-docker.sh
View File

@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

3
examples/php-multisite/setup-linux.sh
View File

@ -13,6 +13,9 @@ else
echo "❌ No PHP user found"
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
cp -r ./bw-data/www/* /var/www/html
chown -R $user:nginx /var/www/html
find /var/www/html -type f -exec chmod 0640 {} \;

40
examples/php-singlesite/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -16,12 +16,39 @@ services:
- ./bw-data:/data # contains web files (PHP, assets, ...)
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- REMOTE_PHP=myphp
- REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- ./bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myphp:
image: php:fpm
@ -31,3 +58,14 @@ services:
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www:/app # folder containing PHP app
networks:
- bw-services
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

2
examples/php-singlesite/setup-docker.sh
View File

@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

3
examples/php-singlesite/setup-linux.sh
View File

@ -13,6 +13,9 @@ else
echo "❌ No PHP user found"
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
cp -r ./bw-data/www/* /var/www/html
chown -R $user:nginx /var/www/html
find /var/www/html -type f -exec chmod 0640 {} \;

7
examples/prestashop/cleanup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete prestashop
kubectl delete pvc data-prestashop-mariadb-0
kubectl delete pvc data-prestashop-mariadb-0

92
examples/prestashop/docker-compose.yml
View File

@ -1,8 +1,11 @@
version: "3"
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${PRESTASHOP_USER:-user}:${PRESTASHOP_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,20 +16,50 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- MAX_CLIENT_SIZE=50m
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myps
- LIMIT_REQ_URL_1=/install/index.php
- LIMIT_REQ_RATE_1=8r/s
<<: *bunkerweb-env
SERVER_NAME: "www.example.com" # replace with your domain
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
SERVE_FILES: "no"
DISABLE_DEFAULT_SERVER: "yes"
AUTO_LETS_ENCRYPT: "yes"
USE_CLIENT_CACHE: "yes"
USE_GZIP: "yes"
MAX_CLIENT_SIZE: "50m"
USE_REVERSE_PROXY: "yes"
REVERSE_PROXY_URL: "/"
REVERSE_PROXY_HOST: "http://myps"
# Onces the installation is done, you can remove these lines
LIMIT_REQ_URL_1: "/install/index.php"
LIMIT_REQ_RATE_1: "8r/s"
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
<<: *bunkerweb-env
DOCKER_HOST: "tcp://docker-proxy:2375"
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myps:
image: prestashop/prestashop:1.7
@ -34,24 +67,37 @@ services:
- ./ps-data:/var/www/html
environment:
- DB_SERVER=mydb
- DB_USER=user
- DB_PASSWD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
- DB_USER=${PRESTASHOP_USER:-user}
- DB_PASSWD=${PRESTASHOP_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
- DB_PREFIX=prefix_ # replace with a random prefix (good security practice)
- DB_NAME=prestashop
- DB_NAME=${PRESTASHOP_DATABASE:-prestashop}
- PS_ENABLE_SSL=1
- ADMIN_MAIL=admin@example.com # change to the prestashop admin email
- ADMIN_PASSWD=changeme # change to the prestashop admin password
- PS_FOLDER_ADMIN=administration # change to the prestashop admin folder
networks:
- bw-services
mydb:
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=prestashop
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DB_PASSWD)
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${PRESTASHOP_USER:-user}\"; CREATE USER \"${PRESTASHOP_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${PRESTASHOP_DATABASE:-prestashop}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${PRESTASHOP_DATABASE:-prestashop}.* TO \"${PRESTASHOP_USER:-user}\"@\"%\" IDENTIFIED BY \"${PRESTASHOP_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${PRESTASHOP_USER:-user}\"@\"%\" IDENTIFIED BY \"${PRESTASHOP_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
networks:
- bw-universe
- bw-services
volumes:
bw_data:
bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/prestashop/setup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -f prestashop-chart-values.yml prestashop bitnami/prestashop
helm install -f prestashop-chart-values.yml prestashop bitnami/prestashop

2
examples/prestashop/tests.json
View File

@ -2,7 +2,7 @@
"name": "prestashop",
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
"timeout": 180,
"delay": 120,
"delay": 180,
"tests": [
{
"type": "string",

49
examples/proxy-protocol/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
@ -10,9 +10,10 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -26,9 +27,33 @@ services:
- USE_REAL_IP=yes
- REAL_IP_FROM=10.10.10.0/24
- REAL_IP_HEADER=proxy_protocol
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- net_proxy
- net_apps
- net-proxy
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myproxy:
image: haproxy
@ -38,20 +63,26 @@ services:
volumes:
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
networks:
- net_proxy
- net-proxy
myapp:
image: tutum/hello-world
networks:
- net_apps
- bw-services
volumes:
bw_data:
bw-data:
networks:
net_proxy:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:
net-proxy:
ipam:
driver: default
config:
- subnet: 10.10.10.0/24
net_apps:

44
examples/radarr/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3.5"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +13,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -34,6 +35,32 @@ services:
# Increase request rate for API endpoints
- LIMIT_REQ_URL_1=^/api/
- LIMIT_REQ_RATE_1=10r/s
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
radarr:
image: lscr.io/linuxserver/radarr:latest
@ -46,6 +73,17 @@ services:
- ./config:/config
- ./movies:/movies #optional
- ./downloads:/downloads #optional
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/redmine/cleanup-kubernetes.sh
View File

@ -1,10 +1,5 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete redmine
kubectl delete pvc data-redmine-mariadb-0
kubectl delete pvc data-redmine-postgresql-0
kubectl delete pvc data-redmine-postgresql-0

67
examples/redmine/docker-compose.yml
View File

@ -1,8 +1,11 @@
version: "3"
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${REDMINE_USER:-user}:${REDMINE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +16,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -24,6 +28,32 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myredmine:3000
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myredmine:
image: redmine
@ -32,19 +62,32 @@ services:
- ./redmine-data:/usr/src/redmine/files
environment:
- REDMINE_DB_MYSQL=mydb
- REDMINE_DB_DATABASE=redminedb
- REDMINE_DB_USERNAME=user
- REDMINE_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
- REDMINE_DB_DATABASE=${REDMINE_DATABASE:-redminedb}
- REDMINE_DB_USERNAME=${REDMINE_USER:-user}
- REDMINE_DB_PASSWORD=${REDMINE_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
networks:
- bw-services
mydb:
image: mysql
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=redminedb
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match REDMINE_DB_PASSWORD)
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${REDMINE_USER:-user}\"; CREATE USER \"${REDMINE_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${REDMINE_DATABASE:-redminedb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${REDMINE_DATABASE:-redminedb}.* TO \"${REDMINE_USER:-user}\"@\"%\" IDENTIFIED BY \"${REDMINE_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${REDMINE_USER:-user}\"@\"%\" IDENTIFIED BY \"${REDMINE_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
networks:
- bw-universe
- bw-services
volumes:
bw_data:
bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

2
examples/redmine/redmine-chart-values.yml
View File

@ -2,3 +2,5 @@ redmineUsername: "user"
redminePassword: "changeme42"
redmineEmail: "user@example.com"
redmineLanguage: "en"
service:
type: ClusterIP

7
examples/redmine/setup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -f redmine-chart-values.yml redmine bitnami/redmine
helm install -f redmine-chart-values.yml redmine bitnami/redmine

2
examples/redmine/tests.json
View File

@ -2,7 +2,7 @@
"name": "redmine",
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
"timeout": 120,
"delay": 60,
"delay": 180,
"tests": [
{
"type": "string",

49
examples/reverse-proxy-multisite/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,10 +13,11 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -27,23 +28,53 @@ services:
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- net_app1
- net_app2
- bw-universe
- net-app1
- net-app2
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
app1:
image: tutum/hello-world
networks:
- net_app1
- net-app1
app2:
image: tutum/hello-world
networks:
- net_app2
- net-app2
volumes:
bw_data:
bw-data:
networks:
net_app1:
net_app2:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net-app1:
net-app2:

46
examples/reverse-proxy-singlesite/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +13,10 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -32,12 +33,51 @@ services:
location ~ ^/(app1|app2)$$ {
rewrite ^(.*)$$ $$1/ permanent;
}
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
app1:
image: tutum/hello-world
networks:
- bw-services
app2:
image: tutum/hello-world
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

44
examples/reverse-proxy-websocket/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +13,10 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -25,9 +26,46 @@ services:
- REVERSE_PROXY_URL=/ws/
- REVERSE_PROXY_HOST=http://myws:8010/
- REVERSE_PROXY_WS=yes
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myws:
image: ksdn117/web-socket-test
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

17
examples/reverse-proxy-websocket/tests.json Normal file
View File

@ -0,0 +1,17 @@
{
"name": "reverse-proxy-websocket",
"kinds": ["docker"],
"timeout": 60,
"tests": [
{
"type": "string-ws",
"url": "https://www.example.com/app1",
"string": "hello"
},
{
"type": "string",
"url": "https://www.example.com/app2",
"string": "hello"
}
]
}

19
examples/reverse-proxy-websocket/tests.json.temp
View File

@ -1,19 +0,0 @@
{
"name": "reverse-proxy-websocket",
"kinds": [
"docker"
],
"timeout": 60,
"tests": [
{
"type": "string-ws",
"url": "https://www.example.com/app1",
"string": "hello"
},
{
"type": "string",
"url": "https://www.example.com/app2",
"string": "hello"
},
]
}

44
examples/syslog/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
logging:
driver: syslog
options:
@ -19,9 +19,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.10.10.0/24
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -29,8 +30,36 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- mynet
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
logging:
driver: syslog
options:
syslog-address: "udp://10.10.10.254:514"
depends_on:
- mybunker
- mysyslog
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-services
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mysyslog:
image: balabit/syslog-ng
@ -39,20 +68,21 @@ services:
- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
- ./log:/var/log
networks:
mynet:
bw-services:
ipv4_address: 10.10.10.254
myapp:
image: tutum/hello-world
networks:
- mynet
- bw-services
volumes:
bw_data:
bw-data:
networks:
mynet:
bw-services:
ipam:
driver: default
config:
- subnet: 10.10.10.0/24
net-docker:

15
examples/syslog/syslog-ng.conf Normal file
View File

@ -0,0 +1,15 @@
# This is a basic configuration file for syslog-ng.
@version: 3.38
@include "scl.conf"
log {
source {
udp(
ip("0.0.0.0")
);
};
destination {
file("/var/log/syslog");
};
};

44
examples/tomcat/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +13,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
- USE_CLIENT_CACHE=yes
@ -23,11 +24,48 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://mytomcat:8080/sample/
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mytomcat:
image: tomcat
volumes:
- ./app:/usr/local/tomcat/webapps/ # folder containing war files
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

46
examples/tor-hidden-service/docker-compose.yml
View File

@ -8,9 +8,11 @@ services:
environment:
- SERVICE1_TOR_SERVICE_HOSTS=80:mybunker:8080
- SERVICE1_TOR_SERVICE_VERSION=3
networks:
- bw-universe
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
@ -18,8 +20,9 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_cache:/cache
- bw-data:/data
environment:
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
# disable common security measures based on IP
- USE_BAD_BEHAVIOR=no
- USE_DNSBL=no
@ -32,9 +35,46 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp:
image: tutum/hello-world
networks:
- bw-services
volumes:
bw_cache:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/tor-hidden-service/web-files/index.php
View File

@ -1,7 +0,0 @@
<?php
echo "Hello onion world !";
?>
<script src="/js/script.js"></script>

1
examples/tor-hidden-service/web-files/js/script.js
View File

@ -1 +0,0 @@
alert("JavaScript is working!");

59
examples/web-ui/docker-compose.yml
View File

@ -1,8 +1,8 @@
version: "3"
version: "3.5"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,10 +13,9 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw_config:/etc/nginx
- bw-data:/data
environment:
- SERVER_NAME=www.example.com
- SERVER_NAME=www.example.com # replace with your domain
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
@ -27,7 +26,7 @@ services:
- www.example.com_SERVE_FILES=no
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme # replace with another url
- www.example.com_REVERSE_PROXY_HOST=http://myui:7000
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme # replace with another url
- www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
- www.example.com_LIMIT_REQ_URL=/changeme/plugins/upload # replace with another url
@ -35,45 +34,57 @@ services:
- www.example.com_LIMIT_REQ_URL_1=/changeme/logs # replace with another url
- www.example.com_LIMIT_REQ_RATE_1=4r/s
labels:
- "bunkerweb.UI"
- "bunkerweb.INSTANCE"
networks:
- net_ui
- net_svc
- bw-universe
- bw-services
myui:
image: bunkerity/bunkerweb-ui:1.4.3
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- myuiproxy
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw_data:/data
- bw_config:/etc/nginx
- bw-data:/data
networks:
- bw-universe
- net-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.0
depends_on:
- docker-proxy
environment:
- ABSOLUTE_URI=https://www.example.com/changeme/ # replace with another url
- DOCKER_HOST=tcp://myuiproxy:2375
- DOCKER_HOST=tcp://docker-proxy:2375
- ADMIN_USERNAME=admin
- ADMIN_PASSWORD=changeme # replace with a stronger password
volumes:
- bw-data:/data
networks:
- net_ui
- net_docker
- bw-universe
- net-docker
myuiproxy:
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net_docker
- net-docker
volumes:
bw_data:
bw_config:
bw-data:
networks:
net_ui:
bw-universe:
name: bw-universe
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net_docker:
net_svc:
bw-services:
net-docker:

7
examples/wordpress/cleanup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete wordpress
kubectl delete pvc data-wordpress-mariadb-0
kubectl delete pvc data-wordpress-mariadb-0

97
examples/wordpress/docker-compose.yml
View File

@ -1,8 +1,12 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${WORDPRESS_USER:-user}:${WORDPRESS_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -12,26 +16,47 @@ services:
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- MAX_CLIENT_SIZE=50m
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://mywp
- |
CUSTOM_CONF_MODSEC_CRS_wordpress=
SecAction \
"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_wordpress=1"
<<: *bunkerweb-env
SERVER_NAME: "www.example.com" # replace with your domain
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
AUTO_LETS_ENCRYPT: "yes"
DISABLE_DEFAULT_SERVER: "yes"
MAX_CLIENT_SIZE: "50m"
USE_CLIENT_CACHE: "yes"
USE_GZIP: "yes"
USE_REVERSE_PROXY: "yes"
REVERSE_PROXY_URL: "/"
REVERSE_PROXY_HOST: "http://mywp"
CUSTOM_CONF_MODSEC_CRS_wordpress: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_wordpress=1"'
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
<<: *bunkerweb-env
DOCKER_HOST: "tcp://docker-proxy:2375"
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mywp:
image: wordpress:5-apache
@ -39,20 +64,34 @@ services:
- ./wp-data:/var/www/html
environment:
- WORDPRESS_DB_HOST=mydb
- WORDPRESS_DB_NAME=wp
- WORDPRESS_DB_USER=user
- WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
- WORDPRESS_DB_NAME=${WORDPRESS_DATABASE:-wp}
- WORDPRESS_DB_USER=${WORDPRESS_USER:-user}
- WORDPRESS_DB_PASSWORD=${WORDPRESS_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
- WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix
networks:
- bw-services
mydb:
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=wp
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${WORDPRESS_USER:-user}\"; CREATE USER \"${WORDPRESS_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${WORDPRESS_DATABASE:-wp}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${WORDPRESS_DATABASE:-wp}.* TO \"${WORDPRESS_USER:-user}\"@\"%\" IDENTIFIED BY \"${WORDPRESS_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${WORDPRESS_USER:-user}\"@\"%\" IDENTIFIED BY \"${WORDPRESS_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
networks:
- bw-universe
- bw-services
volumes:
bw_data:
bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/wordpress/setup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add wordpress https://charts.bitnami.com/bitnami
helm install -f wordpress-chart-values.yml wordpress bitnami/wordpress
helm install -f wordpress-chart-values.yml wordpress bitnami/wordpress