various bug fixes
This commit is contained in:
bunkerity
parent
fbf81c94be
commit
0635eb368b
|
|
@ -1,5 +1,5 @@
|
|||
location ~ \.php$ {
|
||||
fastcgi_pass %REMOTE_PHP%:9000;
|
||||
fastcgi_index index.php;
|
||||
include /etc/nginx/fastcgi.conf;
|
||||
include %FASTCGI_PATH%fastcgi.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
location %REVERSE_PROXY_URL% {
|
||||
proxy_pass %REVERSE_PROXY_LOCATION%;
|
||||
proxy_pass %REVERSE_PROXY_HOST%;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ PROXY_CACHE_METHODS="${PROXY_CACHE_METHODS-GET HEAD}"
|
|||
PROXY_CACHE_MIN_USES="${PROXY_CACHE_MIN_USES-2}"
|
||||
PROXY_CACHE_KEY="${PROXY_CACHE_KEY-\$scheme\$host\$request_uri}"
|
||||
PROXY_CACHE_VALID="${PROXY_CACHE_VALID-200=10m 301=10m 301=1h any=1m}"
|
||||
PROXY_NO_CACHE="${PROXY_NO_CACHE-\$http_pragma \$http_authorization}"
|
||||
PROXY_CACHE_BYPASS="${PROXY_CACHE_BYPASS-\$http_pragma \$http_authorization}"
|
||||
PROXY_NO_CACHE="${PROXY_NO_CACHE-\$http_authorization}"
|
||||
PROXY_CACHE_BYPASS="${PROXY_CACHE_BYPASS-\$http_authorization}"
|
||||
USE_GZIP="${USE_GZIP-no}"
|
||||
GZIP_COMP_LEVEL="${GZIP_COMP_LEVEL-5}"
|
||||
GZIP_MIN_LENGTH="${GZIP_MIN_LENGTH-1000}"
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ else
|
|||
fi
|
||||
|
||||
# proxy_cache zone
|
||||
if [ "$(has_value USE_PROXY_CACHE yes)" = "yes" ] ; then
|
||||
if [ "$(has_value USE_PROXY_CACHE yes)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%PROXY_CACHE_PATH%" "proxy_cache_path /tmp/proxy_cache keys_zone=proxycache:${PROXY_CACHE_PATH_ZONE_SIZE} ${PROXY_CACHE_PATH_PARAMS};"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%PROXY_CACHE_PATH%" ""
|
||||
|
|
|
|||
|
|
@ -37,27 +37,29 @@ else
|
|||
fi
|
||||
|
||||
# max body size
|
||||
replace_in_file "{NGINX_PREFIX}server.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE"
|
||||
|
||||
# server tokens
|
||||
replace_in_file "{NGINX_PREFIX}server.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS"
|
||||
|
||||
# reverse proxy
|
||||
if [ "$USE_REVERSE_PROXY" = "yes" ] ; then
|
||||
i=1
|
||||
for var in $(env) ; do
|
||||
check=$(echo "$var" | grep "^REVERSE_PROXY_URL")
|
||||
if [ "$check" != "" ] ; then
|
||||
check1=$(echo "$var" | grep "^REVERSE_PROXY_URL")
|
||||
check2=$(echo "$var" | grep "^${1}_REVERSE_PROXY_URL")
|
||||
if [ "$check1" != "" ] || [ "$check2" != "" ] ; then
|
||||
name=$(echo "$var" | cut -d '=' -f 1)
|
||||
value=$(echo "$var" | sed "s/${name}//")
|
||||
host=$(echo "$name" | sed "s/URL/HOST//")
|
||||
value=$(echo "$var" | sed "s/${name}=//")
|
||||
host=$(echo "$name" | sed "s/URL/HOST/")
|
||||
host_value=$(env | grep "^${host}=" | sed "s/${host}=//")
|
||||
cp "${NGINX_PREFIX}reverse-proxy.conf" "${NGINX_PREFIX}reverse-proxy-${i}.conf"
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_URL%" "$value"
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy.${i}conf" "%REVERSE_PROXY_HOST%" "${!host}"
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HOST%" "$host_value"
|
||||
i=$(($i + 1))
|
||||
fi
|
||||
done
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "include ${NGINX_PREFIX}reverse-proxy-*.conf"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "include ${NGINX_PREFIX}reverse-proxy-*.conf;"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" ""
|
||||
fi
|
||||
|
|
@ -127,6 +129,10 @@ fi
|
|||
if [ "$REMOTE_PHP" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" "include ${NGINX_PREFIX}php.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}php.conf" "%REMOTE_PHP%" "$REMOTE_PHP"
|
||||
replace_in_file "${NGINX_PREFIX}php.conf" "%FASTCGI_PATH%" "$NGINX_PREFIX"
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
cp /etc/nginx/fastcgi.conf ${NGINX_PREFIX}fastcgi.conf
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}fastcgi.conf" "\$document_root" "${REMOTE_PHP_PATH}/"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" ""
|
||||
|
|
@ -321,26 +327,24 @@ fi
|
|||
if [ "$USE_MODSECURITY" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity.conf" "%MODSEC_RULES_FILE%" "${NGINX_PREFIX}/modsecurity-rules.conf"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_MODSECURITY%" "include ${NGINX_PREFIX}modsecurity.conf;"
|
||||
modsec_custom=""
|
||||
if ls /modsec-confs/*.conf > /dev/null 2>&1 ; then
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "include /modsec-confs/${1}/*.conf"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "include /modsec-confs/*.conf"
|
||||
fi
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" ""
|
||||
modsec_custom="include /modsec-confs/*.conf\n"
|
||||
fi
|
||||
if [ "$MULTISITE" = "yes" ] && ls /modsec-confs/${1}/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_custom="${modsec_custom}include /modsec-confs/${1}/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "$modsec_custom"
|
||||
if [ "$USE_MODSECURITY_CRS" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" "include /etc/nginx/owasp-crs.conf"
|
||||
modsec_crs_custom=""
|
||||
if ls /modsec-crs-confs/*.conf > /dev/null 2>&1 ; then
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "include /modsec-crs-confs/${1}/*.conf"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "include /modsec-crs-confs/*.conf"
|
||||
fi
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" ""
|
||||
modsec_crs_custom="include /modsec-crs-confs/*.conf\n"
|
||||
fi
|
||||
if [ "$MULTISITE" = "yes" ] && ls /modsec-crs-confs/${1}/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_crs_custom="${modsec_custom}include /modsec-crs-confs/${1}/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "$modsec_crs_custom"
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS_RULES%" "include /etc/nginx/owasp-crs/*.conf"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" ""
|
||||
|
|
|
|||
|
|
@ -12,9 +12,6 @@ services:
|
|||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./traefik/traefik.toml:/traefik.toml
|
||||
- ./traefik/acme.json:/acme.json
|
||||
networks:
|
||||
- netwww1
|
||||
- netwww2
|
||||
|
||||
mywww1:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
|
|
@ -33,9 +30,6 @@ services:
|
|||
- 'traefik.enable=true'
|
||||
- 'traefik.port=8080'
|
||||
- 'traefik.frontend.rule=Host:app1.website.com' # replace with your domain
|
||||
networks:
|
||||
- netwww1
|
||||
- netphp1
|
||||
|
||||
mywww2:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
|
|
@ -54,28 +48,15 @@ services:
|
|||
- 'traefik.enable=true'
|
||||
- 'traefik.port=8080'
|
||||
- 'traefik.frontend.rule=Host:app2.website.com' # replace with your domain
|
||||
networks:
|
||||
- netwww2
|
||||
- netphp2
|
||||
|
||||
myphp1:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web1:/app
|
||||
networks:
|
||||
- netphp1
|
||||
|
||||
myphp2:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web2:/app
|
||||
networks:
|
||||
- netphp2
|
||||
|
||||
networks:
|
||||
netwww1:
|
||||
netwww2:
|
||||
netphp1:
|
||||
netphp2:
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ services:
|
|||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web-files/app1:/app
|
||||
- ./web-files/app1.website.com:/app
|
||||
networks:
|
||||
- net1
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ services:
|
|||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web-files/app2:/app
|
||||
- ./web-files/app2.website.com:/app
|
||||
networks:
|
||||
- net2
|
||||
|
||||
|
|
@ -63,7 +63,7 @@ services:
|
|||
networks:
|
||||
- net3
|
||||
|
||||
networks:
|
||||
net1:
|
||||
net2:
|
||||
net3:
|
||||
networks:
|
||||
net1:
|
||||
net2:
|
||||
net3:
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ services:
|
|||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs:ro
|
||||
- ./modsec-confs:/modsec-confs:ro
|
||||
- ./modsec-crs-confs:/modsec-crs-conf:ro
|
||||
- ./modsec-crs-confs:/modsec-crs-confs:ro
|
||||
environment:
|
||||
- SERVER_NAME=wp.website.com nc.website.com # replace with your domains
|
||||
- MULTISITE=yes
|
||||
|
|
@ -88,3 +88,7 @@ services:
|
|||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
networks:
|
||||
- net2
|
||||
|
||||
networks:
|
||||
net1:
|
||||
net2:
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
SecRuleRemoveById 953120
|
||||
Loading…
Reference in New Issue