Migrate more examples and lint
This commit is contained in:
parent
016a8cd6d7
commit
03e98985ea
|
@ -70,7 +70,6 @@ services:
|
|||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -92,7 +92,6 @@ volumes:
|
|||
bw-data:
|
||||
certs:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -92,7 +92,6 @@ volumes:
|
|||
bw-data:
|
||||
certs:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -92,7 +92,6 @@ volumes:
|
|||
bw-data:
|
||||
certs:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -92,7 +92,6 @@ volumes:
|
|||
bw-data:
|
||||
certs:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -92,7 +92,6 @@ volumes:
|
|||
bw-data:
|
||||
certs:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -96,7 +96,6 @@ services:
|
|||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
x-bunkerweb-env: &bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${DRUPAL_USER:-user}:${DRUPAL_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
|
@ -86,7 +85,6 @@ volumes:
|
|||
bw-data:
|
||||
db-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -65,7 +65,6 @@ services:
|
|||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -73,7 +73,6 @@ services:
|
|||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
x-bunkerweb-env: &bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${JOOMLA_USER:-user}:${JOOMLA_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
|
@ -89,7 +88,6 @@ volumes:
|
|||
bw-data:
|
||||
db-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -77,7 +77,6 @@ services:
|
|||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
x-bunkerweb-env: &bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${MAGENTO_USER:-user}:${MAGENTO_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
|
@ -102,7 +101,6 @@ volumes:
|
|||
bw-data:
|
||||
db-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
x-bunkerweb-env: &bunkerweb-env
|
||||
DATABASE_URI: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
|
@ -140,7 +139,6 @@ services:
|
|||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -83,7 +83,6 @@ services:
|
|||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
x-bunkerweb-env: &bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${MOODLE_USER:-user}:${MOODLE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
|
@ -93,7 +92,6 @@ volumes:
|
|||
bw-data:
|
||||
db-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
x-bunkerweb-env: &bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${NEXTCLOUD_USER:-user}:${NEXTCLOUD_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
|
@ -42,21 +41,21 @@ services:
|
|||
LIMIT_REQ_RATE_3: "5r/s"
|
||||
CUSTOM_CONF_MODSEC_CRS_nextcloud: "\
|
||||
SecAction \
|
||||
\"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_nextcloud=1\"
|
||||
\"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_nextcloud=1\"
|
||||
|
||||
# WebDAV
|
||||
SecAction \
|
||||
\"id:900200,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
|
||||
\"id:900200,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
|
||||
CUSTOM_CONF_MODSEC_nextcloud: "\
|
||||
SecRule REQUEST_FILENAME \"@rx ^/remote.php/dav/files/\" \"id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog\""
|
||||
labels:
|
||||
|
@ -64,7 +63,7 @@ services:
|
|||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
x-bunkerweb-env: &bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${PASSBOLT_USER:-user}:${PASSBOLT_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
|
@ -86,7 +85,7 @@ services:
|
|||
"0",
|
||||
"mydb:3306",
|
||||
"--",
|
||||
"/docker-entrypoint.sh"
|
||||
"/docker-entrypoint.sh",
|
||||
]
|
||||
networks:
|
||||
- bw-services
|
||||
|
@ -108,7 +107,6 @@ volumes:
|
|||
db-data:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -16,6 +16,7 @@ services:
|
|||
- ./bw-data:/data # contains web files (PHP, assets, ...), don't forget to rename the subfolders
|
||||
environment:
|
||||
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- MULTISITE=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
|
@ -25,9 +26,33 @@ services:
|
|||
- app1.example.com_REMOTE_PHP_PATH=/app
|
||||
- app2.example.com_REMOTE_PHP=myapp2
|
||||
- app2.example.com_REMOTE_PHP_PATH=/app
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- net_app1
|
||||
- net_app2
|
||||
- bw-universe
|
||||
- net-app1
|
||||
- net-app2
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
myapp1:
|
||||
image: php:fpm
|
||||
|
@ -38,7 +63,7 @@ services:
|
|||
volumes:
|
||||
- ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it)
|
||||
networks:
|
||||
- net_app1
|
||||
- net-app1
|
||||
|
||||
myapp2:
|
||||
image: php:fpm
|
||||
|
@ -49,8 +74,14 @@ services:
|
|||
volumes:
|
||||
- ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it)
|
||||
networks:
|
||||
- net_app2
|
||||
- net-app2
|
||||
|
||||
networks:
|
||||
net_app1:
|
||||
net_app2:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
net-docker:
|
||||
net-app1:
|
||||
net-app2:
|
||||
|
|
|
@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
chown -R root:101 bw-data
|
||||
chmod -R 770 bw-data
|
||||
chown -R 33:101 ./bw-data/www
|
||||
find ./bw-data/www -type f -exec chmod 0640 {} \;
|
||||
find ./bw-data/www -type d -exec chmod 0750 {} \;
|
||||
|
|
|
@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
chown -R root:101 bw-data
|
||||
chmod -R 770 bw-data
|
||||
chown -R 33:101 ./bw-data/www
|
||||
find ./bw-data/www -type f -exec chmod 0640 {} \;
|
||||
find ./bw-data/www -type d -exec chmod 0750 {} \;
|
||||
|
|
|
@ -13,6 +13,9 @@ else
|
|||
echo "❌ No PHP user found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
chown -R root:101 bw-data
|
||||
chmod -R 770 bw-data
|
||||
cp -r ./bw-data/www/* /var/www/html
|
||||
chown -R $user:nginx /var/www/html
|
||||
find /var/www/html -type f -exec chmod 0640 {} \;
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -16,12 +16,39 @@ services:
|
|||
- ./bw-data:/data # contains web files (PHP, assets, ...)
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- REMOTE_PHP=myphp
|
||||
- REMOTE_PHP_PATH=/app
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
myphp:
|
||||
image: php:fpm
|
||||
|
@ -31,3 +58,14 @@ services:
|
|||
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
|
||||
volumes:
|
||||
- ./bw-data/www:/app # folder containing PHP app
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
chown -R root:101 bw-data
|
||||
chmod -R 770 bw-data
|
||||
chown -R 33:101 ./bw-data/www
|
||||
find ./bw-data/www -type f -exec chmod 0640 {} \;
|
||||
find ./bw-data/www -type d -exec chmod 0750 {} \;
|
||||
|
|
|
@ -13,6 +13,9 @@ else
|
|||
echo "❌ No PHP user found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
chown -R root:101 bw-data
|
||||
chmod -R 770 bw-data
|
||||
cp -r ./bw-data/www/* /var/www/html
|
||||
chown -R $user:nginx /var/www/html
|
||||
find /var/www/html -type f -exec chmod 0640 {} \;
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm delete prestashop
|
||||
kubectl delete pvc data-prestashop-mariadb-0
|
||||
kubectl delete pvc data-prestashop-mariadb-0
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env: &bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${PRESTASHOP_USER:-user}:${PRESTASHOP_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,20 +16,50 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- MAX_CLIENT_SIZE=50m
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://myps
|
||||
- LIMIT_REQ_URL_1=/install/index.php
|
||||
- LIMIT_REQ_RATE_1=8r/s
|
||||
<<: *bunkerweb-env
|
||||
SERVER_NAME: "www.example.com" # replace with your domain
|
||||
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
||||
SERVE_FILES: "no"
|
||||
DISABLE_DEFAULT_SERVER: "yes"
|
||||
AUTO_LETS_ENCRYPT: "yes"
|
||||
USE_CLIENT_CACHE: "yes"
|
||||
USE_GZIP: "yes"
|
||||
MAX_CLIENT_SIZE: "50m"
|
||||
USE_REVERSE_PROXY: "yes"
|
||||
REVERSE_PROXY_URL: "/"
|
||||
REVERSE_PROXY_HOST: "http://myps"
|
||||
# Onces the installation is done, you can remove these lines
|
||||
LIMIT_REQ_URL_1: "/install/index.php"
|
||||
LIMIT_REQ_RATE_1: "8r/s"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
<<: *bunkerweb-env
|
||||
DOCKER_HOST: "tcp://docker-proxy:2375"
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
myps:
|
||||
image: prestashop/prestashop:1.7
|
||||
|
@ -34,24 +67,37 @@ services:
|
|||
- ./ps-data:/var/www/html
|
||||
environment:
|
||||
- DB_SERVER=mydb
|
||||
- DB_USER=user
|
||||
- DB_PASSWD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- DB_USER=${PRESTASHOP_USER:-user}
|
||||
- DB_PASSWD=${PRESTASHOP_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||
- DB_PREFIX=prefix_ # replace with a random prefix (good security practice)
|
||||
- DB_NAME=prestashop
|
||||
- DB_NAME=${PRESTASHOP_DATABASE:-prestashop}
|
||||
- PS_ENABLE_SSL=1
|
||||
- ADMIN_MAIL=admin@example.com # change to the prestashop admin email
|
||||
- ADMIN_PASSWD=changeme # change to the prestashop admin password
|
||||
- PS_FOLDER_ADMIN=administration # change to the prestashop admin folder
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
- db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=prestashop
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DB_PASSWD)
|
||||
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${PRESTASHOP_USER:-user}\"; CREATE USER \"${PRESTASHOP_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${PRESTASHOP_DATABASE:-prestashop}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${PRESTASHOP_DATABASE:-prestashop}.* TO \"${PRESTASHOP_USER:-user}\"@\"%\" IDENTIFIED BY \"${PRESTASHOP_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${PRESTASHOP_USER:-user}\"@\"%\" IDENTIFIED BY \"${PRESTASHOP_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
db-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
helm install -f prestashop-chart-values.yml prestashop bitnami/prestashop
|
||||
helm install -f prestashop-chart-values.yml prestashop bitnami/prestashop
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"name": "prestashop",
|
||||
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
|
||||
"timeout": 180,
|
||||
"delay": 120,
|
||||
"delay": 180,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
# ⚠️ read this if you use local folders for volumes ⚠️
|
||||
# bunkerweb runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
|
@ -10,9 +10,10 @@ services:
|
|||
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domains
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
@ -26,9 +27,33 @@ services:
|
|||
- USE_REAL_IP=yes
|
||||
- REAL_IP_FROM=10.10.10.0/24
|
||||
- REAL_IP_HEADER=proxy_protocol
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- net_proxy
|
||||
- net_apps
|
||||
- net-proxy
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
myproxy:
|
||||
image: haproxy
|
||||
|
@ -38,20 +63,26 @@ services:
|
|||
volumes:
|
||||
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
|
||||
networks:
|
||||
- net_proxy
|
||||
- net-proxy
|
||||
|
||||
myapp:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- net_apps
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
net_proxy:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
net-proxy:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.10.10.0/24
|
||||
net_apps:
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "3.5"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,9 +13,10 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
|
@ -34,6 +35,32 @@ services:
|
|||
# Increase request rate for API endpoints
|
||||
- LIMIT_REQ_URL_1=^/api/
|
||||
- LIMIT_REQ_RATE_1=10r/s
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
radarr:
|
||||
image: lscr.io/linuxserver/radarr:latest
|
||||
|
@ -46,6 +73,17 @@ services:
|
|||
- ./config:/config
|
||||
- ./movies:/movies #optional
|
||||
- ./downloads:/downloads #optional
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -1,10 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm delete redmine
|
||||
kubectl delete pvc data-redmine-mariadb-0
|
||||
kubectl delete pvc data-redmine-postgresql-0
|
||||
kubectl delete pvc data-redmine-postgresql-0
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env: &bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${REDMINE_USER:-user}:${REDMINE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,9 +16,10 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
@ -24,6 +28,32 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://myredmine:3000
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
myredmine:
|
||||
image: redmine
|
||||
|
@ -32,19 +62,32 @@ services:
|
|||
- ./redmine-data:/usr/src/redmine/files
|
||||
environment:
|
||||
- REDMINE_DB_MYSQL=mydb
|
||||
- REDMINE_DB_DATABASE=redminedb
|
||||
- REDMINE_DB_USERNAME=user
|
||||
- REDMINE_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- REDMINE_DB_DATABASE=${REDMINE_DATABASE:-redminedb}
|
||||
- REDMINE_DB_USERNAME=${REDMINE_USER:-user}
|
||||
- REDMINE_DB_PASSWORD=${REDMINE_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
mydb:
|
||||
image: mysql
|
||||
image: mariadb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
- db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=redminedb
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match REDMINE_DB_PASSWORD)
|
||||
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${REDMINE_USER:-user}\"; CREATE USER \"${REDMINE_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${REDMINE_DATABASE:-redminedb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${REDMINE_DATABASE:-redminedb}.* TO \"${REDMINE_USER:-user}\"@\"%\" IDENTIFIED BY \"${REDMINE_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${REDMINE_USER:-user}\"@\"%\" IDENTIFIED BY \"${REDMINE_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
db-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -2,3 +2,5 @@ redmineUsername: "user"
|
|||
redminePassword: "changeme42"
|
||||
redmineEmail: "user@example.com"
|
||||
redmineLanguage: "en"
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
helm install -f redmine-chart-values.yml redmine bitnami/redmine
|
||||
helm install -f redmine-chart-values.yml redmine bitnami/redmine
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"name": "redmine",
|
||||
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
|
||||
"timeout": 120,
|
||||
"delay": 60,
|
||||
"delay": 180,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,10 +13,11 @@ services:
|
|||
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- MULTISITE=yes
|
||||
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
@ -27,23 +28,53 @@ services:
|
|||
- app1.example.com_REVERSE_PROXY_HOST=http://app1
|
||||
- app2.example.com_REVERSE_PROXY_URL=/
|
||||
- app2.example.com_REVERSE_PROXY_HOST=http://app2
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- net_app1
|
||||
- net_app2
|
||||
- bw-universe
|
||||
- net-app1
|
||||
- net-app2
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
app1:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- net_app1
|
||||
- net-app1
|
||||
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- net_app2
|
||||
- net-app2
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
net_app1:
|
||||
net_app2:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
net-docker:
|
||||
net-app1:
|
||||
net-app2:
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,9 +13,10 @@ services:
|
|||
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
@ -32,12 +33,51 @@ services:
|
|||
location ~ ^/(app1|app2)$$ {
|
||||
rewrite ^(.*)$$ $$1/ permanent;
|
||||
}
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
app1:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,9 +13,10 @@ services:
|
|||
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
@ -25,9 +26,46 @@ services:
|
|||
- REVERSE_PROXY_URL=/ws/
|
||||
- REVERSE_PROXY_HOST=http://myws:8010/
|
||||
- REVERSE_PROXY_WS=yes
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
myws:
|
||||
image: ksdn117/web-socket-test
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"name": "reverse-proxy-websocket",
|
||||
"kinds": ["docker"],
|
||||
"timeout": 60,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string-ws",
|
||||
"url": "https://www.example.com/app1",
|
||||
"string": "hello"
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"url": "https://www.example.com/app2",
|
||||
"string": "hello"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
{
|
||||
"name": "reverse-proxy-websocket",
|
||||
"kinds": [
|
||||
"docker"
|
||||
],
|
||||
"timeout": 60,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string-ws",
|
||||
"url": "https://www.example.com/app1",
|
||||
"string": "hello"
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"url": "https://www.example.com/app2",
|
||||
"string": "hello"
|
||||
},
|
||||
]
|
||||
}
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
logging:
|
||||
driver: syslog
|
||||
options:
|
||||
|
@ -19,9 +19,10 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.10.10.0/24
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
|
@ -29,8 +30,36 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://myapp
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- mynet
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
logging:
|
||||
driver: syslog
|
||||
options:
|
||||
syslog-address: "udp://10.10.10.254:514"
|
||||
depends_on:
|
||||
- mybunker
|
||||
- mysyslog
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-services
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
mysyslog:
|
||||
image: balabit/syslog-ng
|
||||
|
@ -39,20 +68,21 @@ services:
|
|||
- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
|
||||
- ./log:/var/log
|
||||
networks:
|
||||
mynet:
|
||||
bw-services:
|
||||
ipv4_address: 10.10.10.254
|
||||
|
||||
myapp:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- mynet
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
mynet:
|
||||
bw-services:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.10.10.0/24
|
||||
net-docker:
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
# This is a basic configuration file for syslog-ng.
|
||||
@version: 3.38
|
||||
@include "scl.conf"
|
||||
|
||||
log {
|
||||
source {
|
||||
udp(
|
||||
ip("0.0.0.0")
|
||||
);
|
||||
};
|
||||
|
||||
destination {
|
||||
file("/var/log/syslog");
|
||||
};
|
||||
};
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,9 +13,10 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
|
@ -23,11 +24,48 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mytomcat:8080/sample/
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
mytomcat:
|
||||
image: tomcat
|
||||
volumes:
|
||||
- ./app:/usr/local/tomcat/webapps/ # folder containing war files
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -8,9 +8,11 @@ services:
|
|||
environment:
|
||||
- SERVICE1_TOR_SERVICE_HOSTS=80:mybunker:8080
|
||||
- SERVICE1_TOR_SERVICE_VERSION=3
|
||||
networks:
|
||||
- bw-universe
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
# ⚠️ read this if you use local folders for volumes ⚠️
|
||||
# bunkerweb runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
|
@ -18,8 +20,9 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_cache:/cache
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
# disable common security measures based on IP
|
||||
- USE_BAD_BEHAVIOR=no
|
||||
- USE_DNSBL=no
|
||||
|
@ -32,9 +35,46 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://myapp
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
myapp:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_cache:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
<?php
|
||||
|
||||
echo "Hello onion world !";
|
||||
|
||||
?>
|
||||
|
||||
<script src="/js/script.js"></script>
|
|
@ -1 +0,0 @@
|
|||
alert("JavaScript is working!");
|
|
@ -1,8 +1,8 @@
|
|||
version: "3"
|
||||
version: "3.5"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,10 +13,9 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw_config:/etc/nginx
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- MULTISITE=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
|
@ -27,7 +26,7 @@ services:
|
|||
- www.example.com_SERVE_FILES=no
|
||||
- www.example.com_USE_REVERSE_PROXY=yes
|
||||
- www.example.com_REVERSE_PROXY_URL=/changeme # replace with another url
|
||||
- www.example.com_REVERSE_PROXY_HOST=http://myui:7000
|
||||
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme # replace with another url
|
||||
- www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- www.example.com_LIMIT_REQ_URL=/changeme/plugins/upload # replace with another url
|
||||
|
@ -35,45 +34,57 @@ services:
|
|||
- www.example.com_LIMIT_REQ_URL_1=/changeme/logs # replace with another url
|
||||
- www.example.com_LIMIT_REQ_RATE_1=4r/s
|
||||
labels:
|
||||
- "bunkerweb.UI"
|
||||
- "bunkerweb.INSTANCE"
|
||||
networks:
|
||||
- net_ui
|
||||
- net_svc
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
myui:
|
||||
image: bunkerity/bunkerweb-ui:1.4.3
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- myuiproxy
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw_config:/etc/nginx
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
bw-ui:
|
||||
image: bunkerity/bunkerweb-ui:1.5.0
|
||||
depends_on:
|
||||
- docker-proxy
|
||||
environment:
|
||||
- ABSOLUTE_URI=https://www.example.com/changeme/ # replace with another url
|
||||
- DOCKER_HOST=tcp://myuiproxy:2375
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
- ADMIN_USERNAME=admin
|
||||
- ADMIN_PASSWORD=changeme # replace with a stronger password
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- net_ui
|
||||
- net_docker
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
myuiproxy:
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net_docker
|
||||
- net-docker
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw_config:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
net_ui:
|
||||
bw-universe:
|
||||
name: bw-universe
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
net_docker:
|
||||
net_svc:
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm delete wordpress
|
||||
kubectl delete pvc data-wordpress-mariadb-0
|
||||
kubectl delete pvc data-wordpress-mariadb-0
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${WORDPRESS_USER:-user}:${WORDPRESS_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -12,26 +16,47 @@ services:
|
|||
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
|
||||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- MAX_CLIENT_SIZE=50m
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mywp
|
||||
- |
|
||||
CUSTOM_CONF_MODSEC_CRS_wordpress=
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_wordpress=1"
|
||||
<<: *bunkerweb-env
|
||||
SERVER_NAME: "www.example.com" # replace with your domain
|
||||
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
||||
AUTO_LETS_ENCRYPT: "yes"
|
||||
DISABLE_DEFAULT_SERVER: "yes"
|
||||
MAX_CLIENT_SIZE: "50m"
|
||||
USE_CLIENT_CACHE: "yes"
|
||||
USE_GZIP: "yes"
|
||||
USE_REVERSE_PROXY: "yes"
|
||||
REVERSE_PROXY_URL: "/"
|
||||
REVERSE_PROXY_HOST: "http://mywp"
|
||||
CUSTOM_CONF_MODSEC_CRS_wordpress: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_wordpress=1"'
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
<<: *bunkerweb-env
|
||||
DOCKER_HOST: "tcp://docker-proxy:2375"
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
mywp:
|
||||
image: wordpress:5-apache
|
||||
|
@ -39,20 +64,34 @@ services:
|
|||
- ./wp-data:/var/www/html
|
||||
environment:
|
||||
- WORDPRESS_DB_HOST=mydb
|
||||
- WORDPRESS_DB_NAME=wp
|
||||
- WORDPRESS_DB_USER=user
|
||||
- WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- WORDPRESS_DB_NAME=${WORDPRESS_DATABASE:-wp}
|
||||
- WORDPRESS_DB_USER=${WORDPRESS_USER:-user}
|
||||
- WORDPRESS_DB_PASSWORD=${WORDPRESS_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||
- WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
- db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=wp
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
|
||||
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${WORDPRESS_USER:-user}\"; CREATE USER \"${WORDPRESS_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${WORDPRESS_DATABASE:-wp}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${WORDPRESS_DATABASE:-wp}.* TO \"${WORDPRESS_USER:-user}\"@\"%\" IDENTIFIED BY \"${WORDPRESS_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${WORDPRESS_USER:-user}\"@\"%\" IDENTIFIED BY \"${WORDPRESS_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
db-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm repo add wordpress https://charts.bitnami.com/bitnami
|
||||
helm install -f wordpress-chart-values.yml wordpress bitnami/wordpress
|
||||
helm install -f wordpress-chart-values.yml wordpress bitnami/wordpress
|
||||
|
|
Loading…
Reference in New Issue