tests - inline configs for docker/autoconf
This commit is contained in:
parent
87c57c67c7
commit
07a962466b
|
@ -4,17 +4,11 @@ services:
|
|||
|
||||
# APPLICATIONS
|
||||
app1:
|
||||
image: node
|
||||
working_dir: /home/node/app
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- app1
|
||||
volumes:
|
||||
- ./js-app:/home/node/app
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
command: bash -c "npm install express && node index.js"
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=app1.example.com
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
|
|
|
@ -34,7 +34,7 @@ services:
|
|||
- auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
# Applications
|
||||
- app1.example.com_REVERSE_PROXY_URL=/
|
||||
- app1.example.com_REVERSE_PROXY_HOST=http://app1:3000
|
||||
- app1.example.com_REVERSE_PROXY_HOST=http://app1
|
||||
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
|
||||
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
||||
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
||||
|
@ -48,13 +48,7 @@ services:
|
|||
|
||||
# APPLICATIONS
|
||||
app1:
|
||||
image: node
|
||||
working_dir: /home/node/app
|
||||
volumes:
|
||||
- ./js-app:/home/node/app
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
command: bash -c "npm install express && node index.js"
|
||||
image: tutum/hello-world
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
const express = require('express')
|
||||
const app = express()
|
||||
const port = 3000
|
||||
|
||||
app.get('/', (req, res) => {
|
||||
res.send('Hello World from app1!')
|
||||
})
|
||||
|
||||
app.listen(port, () => {
|
||||
console.log(`Example app listening at http://localhost:${port}`)
|
||||
})
|
||||
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
{
|
||||
"name": "js-app",
|
||||
"version": "1.0.0",
|
||||
"description": "demo",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"test": "echo \"Error: no test specified\" && exit 1"
|
||||
},
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"express": "^4.17.1"
|
||||
}
|
||||
}
|
||||
|
|
@ -57,13 +57,7 @@ services:
|
|||
|
||||
# APPLICATIONS
|
||||
app1:
|
||||
image: node
|
||||
working_dir: /home/node/app
|
||||
volumes:
|
||||
- ./js-app:/home/node/app
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
command: bash -c "npm install express && node index.js"
|
||||
image: tutum/hello-world
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
const express = require('express')
|
||||
const app = express()
|
||||
const port = 3000
|
||||
|
||||
app.get('/', (req, res) => {
|
||||
res.send('Hello World from app1!')
|
||||
})
|
||||
|
||||
app.listen(port, () => {
|
||||
console.log(`Example app listening at http://localhost:${port}`)
|
||||
})
|
||||
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
{
|
||||
"name": "js-app",
|
||||
"version": "1.0.0",
|
||||
"description": "demo",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"test": "echo \"Error: no test specified\" && exit 1"
|
||||
},
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"express": "^4.17.1"
|
||||
}
|
||||
}
|
||||
|
|
@ -20,7 +20,16 @@ services:
|
|||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://mydrupal
|
||||
- bunkerweb.LIMIT_REQ_URL_1=/core/install.php
|
||||
- bunkerweb.LIMIT_REQ_RATE_1=5r/s
|
||||
- bunkerweb.LIMIT_REQ_RATE_1=5r/s
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_MODSEC_CRS_drupal=
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_drupal=1"
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
|
|
|
@ -14,7 +14,7 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- ./bw-data:/data # contains custom Core Rule Set confs to add Drupal exclusions
|
||||
- bw_data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
|
@ -25,9 +25,17 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mydrupal
|
||||
# Remove the following lines after finishing the installation of PrestaShop
|
||||
- LIMIT_REQ_URL_1=/core/install.php
|
||||
- LIMIT_REQ_RATE_1=5r/s
|
||||
- |
|
||||
CUSTOM_CONF_MODSEC_CRS_drupal=
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_drupal=1"
|
||||
|
||||
mydrupal:
|
||||
image: drupal:9-apache
|
||||
|
@ -45,4 +53,7 @@ services:
|
|||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=drupaldb
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password
|
||||
|
||||
volumes:
|
||||
bw_data:
|
|
@ -7,6 +7,7 @@
|
|||
"kubernetes",
|
||||
"linux"
|
||||
],
|
||||
"no_copy_container": true,
|
||||
"timeout": 60,
|
||||
"tests": [
|
||||
{
|
||||
|
|
|
@ -17,6 +17,15 @@ services:
|
|||
- bunkerweb.REVERSE_PROXY_HOST=http://mygogs:3000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
|
||||
- bunkerweb.MAX_CLIENT_SIZE=1G
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_MODSEC_CRS_gogs=
|
||||
SecAction \
|
||||
"id:900220,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -27,6 +27,15 @@ services:
|
|||
- REVERSE_PROXY_HOST=http://mygogs:3000
|
||||
- REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
|
||||
- MAX_CLIENT_SIZE=1G
|
||||
- |
|
||||
CUSTOM_CONF_MODSEC_CRS_gogs=
|
||||
SecAction \
|
||||
"id:900220,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
|
||||
|
||||
mygogs:
|
||||
image: gogs/gogs
|
||||
|
|
|
@ -18,6 +18,23 @@ spec:
|
|||
port:
|
||||
number: 3000
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: cfg-bunkerweb-gogs
|
||||
annotations:
|
||||
bunkerweb.io/CONFIG_TYPE: "modsec-crs"
|
||||
bunkerweb.io/CONFIG_SITE: "www.example.com"
|
||||
data:
|
||||
gogs.conf: |
|
||||
SecAction \
|
||||
"id:900220,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
# docker-compose doesn't support assigning labels to configs
|
||||
# so we need to create the configs with the CLI
|
||||
# bunkerweb.CONFIG_TYPE accepted values are http, stream, server-http, server-stream, default-server-http, modsec and modsec-crs
|
||||
# bunkerweb.CONFIG_SITE lets you choose on which web service the config should be applied (MULTISITE mode) and if it's not set, the config will be applied for all services
|
||||
# more info at https://docs.bunkerweb.io
|
||||
|
||||
# remove configs if existing
|
||||
docker config rm cfg_gogs_modsec_crs
|
||||
|
||||
# create configs
|
||||
docker config create -l bunkerweb.CONFIG_TYPE=modsec-crs cfg_gogs_modsec_crs -l bunkerweb.CONFIG_SITE=www.example.com ./bw-data/configs/modsec-crs/gogs.conf
|
|
@ -7,6 +7,7 @@
|
|||
"kubernetes",
|
||||
"linux"
|
||||
],
|
||||
"no_copy_container": true,
|
||||
"timeout": 60,
|
||||
"tests": [
|
||||
{
|
||||
|
|
|
@ -14,7 +14,7 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- ./bw-data:/data # contains upstreams definition at http context
|
||||
- bw_data:/data # contains upstreams definition at http context
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
|
@ -25,6 +25,13 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://app
|
||||
- |
|
||||
CUSTOM_CONF_HTTP_upstream.conf=
|
||||
upstream app {
|
||||
server app1:80;
|
||||
server app2:80;
|
||||
server app3:80;
|
||||
}
|
||||
|
||||
app1:
|
||||
image: tutum/hello-world
|
||||
|
@ -33,4 +40,7 @@ services:
|
|||
image: tutum/hello-world
|
||||
|
||||
app3:
|
||||
image: tutum/hello-world
|
||||
image: tutum/hello-world
|
||||
|
||||
volumes:
|
||||
bw_data:
|
|
@ -4,6 +4,7 @@
|
|||
"docker"
|
||||
],
|
||||
"timeout": 60,
|
||||
"no_copy_container": true,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
|
|
|
@ -27,6 +27,11 @@ services:
|
|||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://mymagento:8080
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_SERVER_HTTP_magento=
|
||||
proxy_busy_buffers_size 512k;
|
||||
proxy_buffers 4 512k;
|
||||
proxy_buffer_size 256k;
|
||||
|
||||
myelasticsearch:
|
||||
image: bitnami/elasticsearch:7
|
||||
|
|
|
@ -14,7 +14,7 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- ./bw-data:/data # contains custom server configuration for proxy buffers size
|
||||
- bw_data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
|
@ -25,6 +25,11 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mymagento:8080
|
||||
- |
|
||||
CUSTOM_CONF_SERVER_HTTP_magento=
|
||||
proxy_busy_buffers_size 512k;
|
||||
proxy_buffers 4 512k;
|
||||
proxy_buffer_size 256k;
|
||||
|
||||
mymagento:
|
||||
image: bitnami/magento:2
|
||||
|
|
|
@ -15,4 +15,16 @@ spec:
|
|||
service:
|
||||
name: magento
|
||||
port:
|
||||
number: 8080
|
||||
number: 8080
|
||||
---
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: cfg-bunkerweb-magento
|
||||
annotations:
|
||||
bunkerweb.io/CONFIG_TYPE: "server-http"
|
||||
bunkerweb.io/CONFIG_SITE: "www.example.com"
|
||||
data:
|
||||
buffering.conf: |
|
||||
proxy_busy_buffers_size 512k;
|
||||
proxy_buffers 4 512k;
|
||||
proxy_buffer_size 256k;
|
|
@ -5,8 +5,6 @@ if [ $(id -u) -ne 0 ] ; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
chown -R root:101 bw-data
|
||||
chmod -R 770 bw-data
|
||||
mkdir elasticsearch-data
|
||||
chown 1001:1001 elasticsearch-data
|
||||
chmod 770 elasticsearch-data
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
# docker-compose doesn't support assigning labels to configs
|
||||
# so we need to create the configs with the CLI
|
||||
# bunkerweb.CONFIG_TYPE accepted values are http, stream, server-http, server-stream, default-server-http, modsec and modsec-crs
|
||||
# bunkerweb.CONFIG_SITE lets you choose on which web service the config should be applied (MULTISITE mode) and if it's not set, the config will be applied for all services
|
||||
# more info at https://docs.bunkerweb.io
|
||||
|
||||
# remove configs if existing
|
||||
docker config rm cfg_magento_server_http
|
||||
|
||||
# create configs
|
||||
docker config create -l bunkerweb.CONFIG_TYPE=server-http cfg_magento_server_http -l bunkerweb.CONFIG_SITE=www.example.com ./bw-data/configs/server-http/buffering.conf
|
|
@ -7,6 +7,7 @@
|
|||
"kubernetes"
|
||||
],
|
||||
"timeout": 180,
|
||||
"no_copy_container": true,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
|
|
|
@ -35,6 +35,9 @@ services:
|
|||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://mongo-ui:8081
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_MODSEC_mongo-express=
|
||||
SecRule REQUEST_FILENAME "@rx ^/db" "id:1,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -7,8 +7,14 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# ⚠️ read this if you use local folders for volumes ⚠️
|
||||
# bunkerweb runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
|
||||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
- bw_data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
|
@ -20,6 +26,9 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mongo-ui:8081
|
||||
- |
|
||||
CUSTOM_CONF_MODSEC_mongo-express=
|
||||
SecRule REQUEST_FILENAME "@rx ^/db" "id:1,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"
|
||||
|
||||
mongo:
|
||||
image: mongo:latest
|
||||
|
@ -40,4 +49,7 @@ services:
|
|||
- ME_CONFIG_BASICAUTH_PASSWORD=changeme # replace with a better password
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- mongo
|
||||
- mongo
|
||||
|
||||
volumes:
|
||||
bw_data:
|
|
@ -6,6 +6,7 @@
|
|||
"swarm"
|
||||
],
|
||||
"timeout": 60,
|
||||
"no_copy_container": true,
|
||||
"tests": [
|
||||
{
|
||||
"type": "status",
|
||||
|
|
|
@ -35,6 +35,27 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_RATE_2=8r/s
|
||||
- bunkerweb.LIMIT_REQ_URL_3=/core/preview
|
||||
- bunkerweb.LIMIT_REQ_RATE_3=5r/s
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_MODSEC_CRS_nextcloud=
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_nextcloud=1"
|
||||
|
||||
# WebDAV
|
||||
SecAction \
|
||||
"id:900200,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'"
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_MODSEC_nextcloud=
|
||||
SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog"
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
|
|
|
@ -14,7 +14,7 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- ./bw-data:/data # contains custom Core Rule Set confs to add Nextcloud exclusions
|
||||
- bw_data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
@ -35,6 +35,27 @@ services:
|
|||
- LIMIT_REQ_RATE_2=8r/s
|
||||
- LIMIT_REQ_URL_3=/core/preview
|
||||
- LIMIT_REQ_RATE_3=5r/s
|
||||
- |
|
||||
CUSTOM_CONF_MODSEC_CRS_nextcloud=
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_nextcloud=1"
|
||||
|
||||
# WebDAV
|
||||
SecAction \
|
||||
"id:900200,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'"
|
||||
- |
|
||||
CUSTOM_CONF_MODSEC_nextcloud=
|
||||
SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog"
|
||||
|
||||
mync:
|
||||
image: nextcloud:stable-apache
|
||||
|
@ -61,3 +82,6 @@ services:
|
|||
- MYSQL_DATABASE=nc
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
|
||||
volumes:
|
||||
bw_data:
|
|
@ -7,6 +7,7 @@
|
|||
"kubernetes"
|
||||
],
|
||||
"timeout": 120,
|
||||
"no_copy_container": true,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
|
|
|
@ -13,6 +13,12 @@ services:
|
|||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL_1=~ ^/app1/(.+)$$
|
||||
- bunkerweb.REVERSE_PROXY_HOST_1=http://app1/$$1
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_SERVER_HTTP_redirects=
|
||||
port_in_redirect off;
|
||||
location ~ ^/(app1|app2)$ {
|
||||
rewrite ^(.*)$ $1/ permanent;
|
||||
}
|
||||
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
|
@ -25,6 +31,12 @@ services:
|
|||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL_2=~ ^/app2/(.+)$$
|
||||
- bunkerweb.REVERSE_PROXY_HOST_2=http://app2/$$1
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_SERVER_HTTP_redirects=
|
||||
port_in_redirect off;
|
||||
location ~ ^/(app1|app2)$ {
|
||||
rewrite ^(.*)$ $1/ permanent;
|
||||
}
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
port_in_redirect off;
|
||||
location ~ ^/(app1|app2)$ {
|
||||
rewrite ^(.*)$ $1/ permanent;
|
||||
}
|
||||
|
||||
}
|
|
@ -14,7 +14,7 @@ services:
|
|||
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- ./bw-data:/data # contains custom configuration to redirect /app1 and /app2 to /app1/ and /app2/
|
||||
- bw_data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
|
@ -27,9 +27,19 @@ services:
|
|||
- REVERSE_PROXY_HOST_1=http://app1/$$1
|
||||
- REVERSE_PROXY_URL_2=~ ^/app2/(.+)$$
|
||||
- REVERSE_PROXY_HOST_2=http://app2/$$1
|
||||
- |
|
||||
CUSTOM_CONF_SERVER_HTTP_redirects=
|
||||
port_in_redirect off;
|
||||
location ~ ^/(app1|app2)$ {
|
||||
rewrite ^(.*)$ $1/ permanent;
|
||||
}
|
||||
|
||||
|
||||
app1:
|
||||
image: tutum/hello-world
|
||||
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
image: tutum/hello-world
|
||||
|
||||
volumes:
|
||||
bw_data:
|
|
@ -22,6 +22,16 @@ services:
|
|||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://mywp
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_HTTP_MODSEC_CRS_wordpress=
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_wordpress=1"
|
||||
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
|
|
|
@ -13,7 +13,7 @@ services:
|
|||
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
|
||||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
volumes:
|
||||
- ./bw-data:/data # contains custom Core Rule Set configs for Wordpress exclusions
|
||||
- bw_data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
@ -24,6 +24,15 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mywp
|
||||
- |
|
||||
CUSTOM_CONF_HTTP_MODSEC_CRS_wordpress=
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_wordpress=1"
|
||||
|
||||
mywp:
|
||||
image: wordpress:5-apache
|
||||
|
@ -44,4 +53,7 @@ services:
|
|||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=wp
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
|
||||
|
||||
volumes:
|
||||
bw_data:
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"name": "tomcat",
|
||||
"name": "wordpress",
|
||||
"kinds": [
|
||||
"docker",
|
||||
"autoconf",
|
||||
|
@ -7,6 +7,7 @@
|
|||
"kubernetes"
|
||||
],
|
||||
"timeout": 60,
|
||||
"no_copy_container": true,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
|
@ -89,7 +89,7 @@ class AutoconfTest(Test) :
|
|||
proc = run("sudo ./setup-autoconf.sh", cwd=test, shell=True)
|
||||
if proc.returncode != 0 :
|
||||
raise(Exception("setup-autoconf failed"))
|
||||
if isdir(example_data) :
|
||||
if isdir(example_data) and not self._no_copy_container :
|
||||
proc = run("sudo bash -c 'cp -rp " + example_data + "/* /tmp/bw-data'", shell=True)
|
||||
if proc.returncode != 0 :
|
||||
raise(Exception("cp bw-data failed"))
|
||||
|
|
|
@ -48,7 +48,7 @@ class DockerTest(Test) :
|
|||
proc = run("sudo ./setup-docker.sh", cwd=test, shell=True)
|
||||
if proc.returncode != 0 :
|
||||
raise(Exception("setup-docker failed"))
|
||||
if isdir(example_data) :
|
||||
if isdir(example_data) and not self._no_copy_container :
|
||||
proc = run("sudo bash -c 'cp -rp " + example_data + "/* /tmp/bw-data'", shell=True)
|
||||
if proc.returncode != 0 :
|
||||
raise(Exception("cp bw-data failed"))
|
||||
|
|
|
@ -13,11 +13,12 @@ from logger import log
|
|||
|
||||
class Test(ABC) :
|
||||
|
||||
def __init__(self, name, kind, timeout, tests) :
|
||||
def __init__(self, name, kind, timeout, tests, no_copy_container=False) :
|
||||
self._name = name
|
||||
self.__kind = kind
|
||||
self.__timeout = timeout
|
||||
self.__tests = tests
|
||||
self._no_copy_container = no_copy_container
|
||||
log("TEST", "ℹ️", "instiantiated with " + str(len(tests)) + " tests and timeout of " + str(timeout) + "s for " + self._name)
|
||||
|
||||
# Class method
|
||||
|
|
|
@ -58,10 +58,13 @@ for example in glob("./examples/*") :
|
|||
log("TESTS", "ℹ️", "Skipping tests for " + tests["name"] + " (not in kinds)")
|
||||
continue
|
||||
test_obj = None
|
||||
no_copy_container = False
|
||||
if "no_copy_container" in tests :
|
||||
no_copy_container = tests["no_copy_container"]
|
||||
if test_type == "docker" :
|
||||
test_obj = DockerTest(tests["name"], tests["timeout"], tests["tests"])
|
||||
test_obj = DockerTest(tests["name"], tests["timeout"], tests["tests"], no_copy_container=no_copy_container)
|
||||
elif test_type == "autoconf" :
|
||||
test_obj = AutoconfTest(tests["name"], tests["timeout"], tests["tests"])
|
||||
test_obj = AutoconfTest(tests["name"], tests["timeout"], tests["tests"], no_copy_container=no_copy_container)
|
||||
elif test_type == "swarm" :
|
||||
test_obj = SwarmTest(tests["name"], tests["timeout"], tests["tests"])
|
||||
elif test_type == "kubernetes" :
|
||||
|
|
Loading…
Reference in New Issue