librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Merge pull request #378 from TheophileDiot/dev 

Changes on the UI + almost finished migrating the examples
This commit is contained in:
Théophile Diot 2022-12-02 15:38:40 +01:00 committed by GitHub
parent 7813b51db4 03e98985ea
commit 0d0f1aa95d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
59 changed files with 730 additions and 347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
examples/behind-reverse-proxy/docker-compose.yml
View File

@ -70,7 +70,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-cloudflare/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-digitalocean/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-google/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-ovh/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/certbot-dns-route53/docker-compose.yml
View File

@ -92,7 +92,6 @@ volumes:
bw-data:
certs:
networks:
bw-universe:
ipam:

1
examples/docker-configs/docker-compose.yml
View File

@ -96,7 +96,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

4
examples/drupal/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${DRUPAL_USER:-user}:${DRUPAL_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -86,7 +85,6 @@ volumes:
bw-data:
db-data:
networks:
bw-universe:
ipam:

1
examples/ghost/docker-compose.yml
View File

@ -65,7 +65,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

1
examples/hardened/docker-compose.yml
View File

@ -73,7 +73,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

4
examples/joomla/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${JOOMLA_USER:-user}:${JOOMLA_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -89,7 +88,6 @@ volumes:
bw-data:
db-data:
networks:
bw-universe:
ipam:

1
examples/load-balancer/docker-compose.yml
View File

@ -77,7 +77,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

4
examples/magento/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${MAGENTO_USER:-user}:${MAGENTO_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -102,7 +101,6 @@ volumes:
bw-data:
db-data:
networks:
bw-universe:
ipam:

4
examples/mattermost/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -140,7 +139,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

1
examples/mongo-express/docker-compose.yml
View File

@ -83,7 +83,6 @@ services:
volumes:
bw-data:
networks:
bw-universe:
ipam:

4
examples/moodle/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${MOODLE_USER:-user}:${MOODLE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -93,7 +92,6 @@ volumes:
bw-data:
db-data:
networks:
bw-universe:
ipam:

29
examples/nextcloud/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${NEXTCLOUD_USER:-user}:${NEXTCLOUD_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -42,21 +41,21 @@ services:
LIMIT_REQ_RATE_3: "5r/s"
CUSTOM_CONF_MODSEC_CRS_nextcloud: "\
SecAction \
\"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_nextcloud=1\"
\"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_nextcloud=1\"
# WebDAV
SecAction \
\"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
\"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
CUSTOM_CONF_MODSEC_nextcloud: "\
SecRule REQUEST_FILENAME \"@rx ^/remote.php/dav/files/\" \"id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog\""
labels:
@ -64,7 +63,7 @@ services:
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:

6
examples/passbolt/docker-compose.yml
View File

@ -1,7 +1,6 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${PASSBOLT_USER:-user}:${PASSBOLT_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
@ -86,7 +85,7 @@ services:
"0",
"mydb:3306",
"--",
"/docker-entrypoint.sh"
"/docker-entrypoint.sh",
]
networks:
- bw-services
@ -108,7 +107,6 @@ volumes:
db-data:
bw-data:
networks:
bw-universe:
ipam:

45
examples/php-multisite/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -16,6 +16,7 @@ services:
- ./bw-data:/data # contains web files (PHP, assets, ...), don't forget to rename the subfolders
environment:
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
@ -25,9 +26,33 @@ services:
- app1.example.com_REMOTE_PHP_PATH=/app
- app2.example.com_REMOTE_PHP=myapp2
- app2.example.com_REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- net_app1
- net_app2
- bw-universe
- net-app1
- net-app2
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- ./bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp1:
image: php:fpm
@ -38,7 +63,7 @@ services:
volumes:
- ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it)
networks:
- net_app1
- net-app1
myapp2:
image: php:fpm
@ -49,8 +74,14 @@ services:
volumes:
- ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it)
networks:
- net_app2
- net-app2
networks:
net_app1:
net_app2:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net-app1:
net-app2:

2
examples/php-multisite/setup-autoconf.sh
View File

@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

2
examples/php-multisite/setup-docker.sh
View File

@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

3
examples/php-multisite/setup-linux.sh
View File

@ -13,6 +13,9 @@ else
echo "❌ No PHP user found"
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
cp -r ./bw-data/www/* /var/www/html
chown -R $user:nginx /var/www/html
find /var/www/html -type f -exec chmod 0640 {} \;

40
examples/php-singlesite/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -16,12 +16,39 @@ services:
- ./bw-data:/data # contains web files (PHP, assets, ...)
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- REMOTE_PHP=myphp
- REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- ./bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myphp:
image: php:fpm
@ -31,3 +58,14 @@ services:
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www:/app # folder containing PHP app
networks:
- bw-services
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

2
examples/php-singlesite/setup-docker.sh
View File

@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

3
examples/php-singlesite/setup-linux.sh
View File

@ -13,6 +13,9 @@ else
echo "❌ No PHP user found"
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data
cp -r ./bw-data/www/* /var/www/html
chown -R $user:nginx /var/www/html
find /var/www/html -type f -exec chmod 0640 {} \;

7
examples/prestashop/cleanup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete prestashop
kubectl delete pvc data-prestashop-mariadb-0
kubectl delete pvc data-prestashop-mariadb-0

92
examples/prestashop/docker-compose.yml
View File

@ -1,8 +1,11 @@
version: "3"
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${PRESTASHOP_USER:-user}:${PRESTASHOP_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,20 +16,50 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- MAX_CLIENT_SIZE=50m
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myps
- LIMIT_REQ_URL_1=/install/index.php
- LIMIT_REQ_RATE_1=8r/s
<<: *bunkerweb-env
SERVER_NAME: "www.example.com" # replace with your domain
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
SERVE_FILES: "no"
DISABLE_DEFAULT_SERVER: "yes"
AUTO_LETS_ENCRYPT: "yes"
USE_CLIENT_CACHE: "yes"
USE_GZIP: "yes"
MAX_CLIENT_SIZE: "50m"
USE_REVERSE_PROXY: "yes"
REVERSE_PROXY_URL: "/"
REVERSE_PROXY_HOST: "http://myps"
# Onces the installation is done, you can remove these lines
LIMIT_REQ_URL_1: "/install/index.php"
LIMIT_REQ_RATE_1: "8r/s"
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
<<: *bunkerweb-env
DOCKER_HOST: "tcp://docker-proxy:2375"
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myps:
image: prestashop/prestashop:1.7
@ -34,24 +67,37 @@ services:
- ./ps-data:/var/www/html
environment:
- DB_SERVER=mydb
- DB_USER=user
- DB_PASSWD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
- DB_USER=${PRESTASHOP_USER:-user}
- DB_PASSWD=${PRESTASHOP_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
- DB_PREFIX=prefix_ # replace with a random prefix (good security practice)
- DB_NAME=prestashop
- DB_NAME=${PRESTASHOP_DATABASE:-prestashop}
- PS_ENABLE_SSL=1
- ADMIN_MAIL=admin@example.com # change to the prestashop admin email
- ADMIN_PASSWD=changeme # change to the prestashop admin password
- PS_FOLDER_ADMIN=administration # change to the prestashop admin folder
networks:
- bw-services
mydb:
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=prestashop
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DB_PASSWD)
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${PRESTASHOP_USER:-user}\"; CREATE USER \"${PRESTASHOP_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${PRESTASHOP_DATABASE:-prestashop}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${PRESTASHOP_DATABASE:-prestashop}.* TO \"${PRESTASHOP_USER:-user}\"@\"%\" IDENTIFIED BY \"${PRESTASHOP_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${PRESTASHOP_USER:-user}\"@\"%\" IDENTIFIED BY \"${PRESTASHOP_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
networks:
- bw-universe
- bw-services
volumes:
bw_data:
bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/prestashop/setup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -f prestashop-chart-values.yml prestashop bitnami/prestashop
helm install -f prestashop-chart-values.yml prestashop bitnami/prestashop

2
examples/prestashop/tests.json
View File

@ -2,7 +2,7 @@
"name": "prestashop",
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
"timeout": 180,
"delay": 120,
"delay": 180,
"tests": [
{
"type": "string",

49
examples/proxy-protocol/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
@ -10,9 +10,10 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -26,9 +27,33 @@ services:
- USE_REAL_IP=yes
- REAL_IP_FROM=10.10.10.0/24
- REAL_IP_HEADER=proxy_protocol
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- net_proxy
- net_apps
- net-proxy
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myproxy:
image: haproxy
@ -38,20 +63,26 @@ services:
volumes:
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
networks:
- net_proxy
- net-proxy
myapp:
image: tutum/hello-world
networks:
- net_apps
- bw-services
volumes:
bw_data:
bw-data:
networks:
net_proxy:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:
net-proxy:
ipam:
driver: default
config:
- subnet: 10.10.10.0/24
net_apps:

44
examples/radarr/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3.5"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +13,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -34,6 +35,32 @@ services:
# Increase request rate for API endpoints
- LIMIT_REQ_URL_1=^/api/
- LIMIT_REQ_RATE_1=10r/s
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
radarr:
image: lscr.io/linuxserver/radarr:latest
@ -46,6 +73,17 @@ services:
- ./config:/config
- ./movies:/movies #optional
- ./downloads:/downloads #optional
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/redmine/cleanup-kubernetes.sh
View File

@ -1,10 +1,5 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete redmine
kubectl delete pvc data-redmine-mariadb-0
kubectl delete pvc data-redmine-postgresql-0
kubectl delete pvc data-redmine-postgresql-0

67
examples/redmine/docker-compose.yml
View File

@ -1,8 +1,11 @@
version: "3"
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${REDMINE_USER:-user}:${REDMINE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +16,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -24,6 +28,32 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myredmine:3000
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myredmine:
image: redmine
@ -32,19 +62,32 @@ services:
- ./redmine-data:/usr/src/redmine/files
environment:
- REDMINE_DB_MYSQL=mydb
- REDMINE_DB_DATABASE=redminedb
- REDMINE_DB_USERNAME=user
- REDMINE_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
- REDMINE_DB_DATABASE=${REDMINE_DATABASE:-redminedb}
- REDMINE_DB_USERNAME=${REDMINE_USER:-user}
- REDMINE_DB_PASSWORD=${REDMINE_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
networks:
- bw-services
mydb:
image: mysql
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=redminedb
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match REDMINE_DB_PASSWORD)
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${REDMINE_USER:-user}\"; CREATE USER \"${REDMINE_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${REDMINE_DATABASE:-redminedb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${REDMINE_DATABASE:-redminedb}.* TO \"${REDMINE_USER:-user}\"@\"%\" IDENTIFIED BY \"${REDMINE_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${REDMINE_USER:-user}\"@\"%\" IDENTIFIED BY \"${REDMINE_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
networks:
- bw-universe
- bw-services
volumes:
bw_data:
bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

2
examples/redmine/redmine-chart-values.yml
View File

@ -2,3 +2,5 @@ redmineUsername: "user"
redminePassword: "changeme42"
redmineEmail: "user@example.com"
redmineLanguage: "en"
service:
type: ClusterIP

7
examples/redmine/setup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -f redmine-chart-values.yml redmine bitnami/redmine
helm install -f redmine-chart-values.yml redmine bitnami/redmine

2
examples/redmine/tests.json
View File

@ -2,7 +2,7 @@
"name": "redmine",
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
"timeout": 120,
"delay": 60,
"delay": 180,
"tests": [
{
"type": "string",

49
examples/reverse-proxy-multisite/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,10 +13,11 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -27,23 +28,53 @@ services:
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- net_app1
- net_app2
- bw-universe
- net-app1
- net-app2
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
app1:
image: tutum/hello-world
networks:
- net_app1
- net-app1
app2:
image: tutum/hello-world
networks:
- net_app2
- net-app2
volumes:
bw_data:
bw-data:
networks:
net_app1:
net_app2:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net-app1:
net-app2:

46
examples/reverse-proxy-singlesite/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +13,10 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -32,12 +33,51 @@ services:
location ~ ^/(app1|app2)$$ {
rewrite ^(.*)$$ $$1/ permanent;
}
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
app1:
image: tutum/hello-world
networks:
- bw-services
app2:
image: tutum/hello-world
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

44
examples/reverse-proxy-websocket/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +13,10 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -25,9 +26,46 @@ services:
- REVERSE_PROXY_URL=/ws/
- REVERSE_PROXY_HOST=http://myws:8010/
- REVERSE_PROXY_WS=yes
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myws:
image: ksdn117/web-socket-test
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

17
examples/reverse-proxy-websocket/tests.json Normal file
View File

@ -0,0 +1,17 @@
{
"name": "reverse-proxy-websocket",
"kinds": ["docker"],
"timeout": 60,
"tests": [
{
"type": "string-ws",
"url": "https://www.example.com/app1",
"string": "hello"
},
{
"type": "string",
"url": "https://www.example.com/app2",
"string": "hello"
}
]
}

19
examples/reverse-proxy-websocket/tests.json.temp
View File

@ -1,19 +0,0 @@
{
"name": "reverse-proxy-websocket",
"kinds": [
"docker"
],
"timeout": 60,
"tests": [
{
"type": "string-ws",
"url": "https://www.example.com/app1",
"string": "hello"
},
{
"type": "string",
"url": "https://www.example.com/app2",
"string": "hello"
},
]
}

44
examples/syslog/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
logging:
driver: syslog
options:
@ -19,9 +19,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.10.10.0/24
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -29,8 +30,36 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- mynet
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
logging:
driver: syslog
options:
syslog-address: "udp://10.10.10.254:514"
depends_on:
- mybunker
- mysyslog
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-services
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mysyslog:
image: balabit/syslog-ng
@ -39,20 +68,21 @@ services:
- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
- ./log:/var/log
networks:
mynet:
bw-services:
ipv4_address: 10.10.10.254
myapp:
image: tutum/hello-world
networks:
- mynet
- bw-services
volumes:
bw_data:
bw-data:
networks:
mynet:
bw-services:
ipam:
driver: default
config:
- subnet: 10.10.10.0/24
net-docker:

15
examples/syslog/syslog-ng.conf Normal file
View File

@ -0,0 +1,15 @@
# This is a basic configuration file for syslog-ng.
@version: 3.38
@include "scl.conf"
log {
source {
udp(
ip("0.0.0.0")
);
};
destination {
file("/var/log/syslog");
};
};

44
examples/tomcat/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +13,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
- USE_CLIENT_CACHE=yes
@ -23,11 +24,48 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://mytomcat:8080/sample/
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mytomcat:
image: tomcat
volumes:
- ./app:/usr/local/tomcat/webapps/ # folder containing war files
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

46
examples/tor-hidden-service/docker-compose.yml
View File

@ -8,9 +8,11 @@ services:
environment:
- SERVICE1_TOR_SERVICE_HOSTS=80:mybunker:8080
- SERVICE1_TOR_SERVICE_VERSION=3
networks:
- bw-universe
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
@ -18,8 +20,9 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_cache:/cache
- bw-data:/data
environment:
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
# disable common security measures based on IP
- USE_BAD_BEHAVIOR=no
- USE_DNSBL=no
@ -32,9 +35,46 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp:
image: tutum/hello-world
networks:
- bw-services
volumes:
bw_cache:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/tor-hidden-service/web-files/index.php
View File

@ -1,7 +0,0 @@
<?php
echo "Hello onion world !";
?>
<script src="/js/script.js"></script>

1
examples/tor-hidden-service/web-files/js/script.js
View File

@ -1 +0,0 @@
alert("JavaScript is working!");

59
examples/web-ui/docker-compose.yml
View File

@ -1,8 +1,8 @@
version: "3"
version: "3.5"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,10 +13,9 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw_config:/etc/nginx
- bw-data:/data
environment:
- SERVER_NAME=www.example.com
- SERVER_NAME=www.example.com # replace with your domain
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
@ -27,7 +26,7 @@ services:
- www.example.com_SERVE_FILES=no
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme # replace with another url
- www.example.com_REVERSE_PROXY_HOST=http://myui:7000
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme # replace with another url
- www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
- www.example.com_LIMIT_REQ_URL=/changeme/plugins/upload # replace with another url
@ -35,45 +34,57 @@ services:
- www.example.com_LIMIT_REQ_URL_1=/changeme/logs # replace with another url
- www.example.com_LIMIT_REQ_RATE_1=4r/s
labels:
- "bunkerweb.UI"
- "bunkerweb.INSTANCE"
networks:
- net_ui
- net_svc
- bw-universe
- bw-services
myui:
image: bunkerity/bunkerweb-ui:1.4.3
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- myuiproxy
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw_data:/data
- bw_config:/etc/nginx
- bw-data:/data
networks:
- bw-universe
- net-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.0
depends_on:
- docker-proxy
environment:
- ABSOLUTE_URI=https://www.example.com/changeme/ # replace with another url
- DOCKER_HOST=tcp://myuiproxy:2375
- DOCKER_HOST=tcp://docker-proxy:2375
- ADMIN_USERNAME=admin
- ADMIN_PASSWORD=changeme # replace with a stronger password
volumes:
- bw-data:/data
networks:
- net_ui
- net_docker
- bw-universe
- net-docker
myuiproxy:
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net_docker
- net-docker
volumes:
bw_data:
bw_config:
bw-data:
networks:
net_ui:
bw-universe:
name: bw-universe
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net_docker:
net_svc:
bw-services:
net-docker:

7
examples/wordpress/cleanup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete wordpress
kubectl delete pvc data-wordpress-mariadb-0
kubectl delete pvc data-wordpress-mariadb-0

97
examples/wordpress/docker-compose.yml
View File

@ -1,8 +1,12 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${WORDPRESS_USER:-user}:${WORDPRESS_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -12,26 +16,47 @@ services:
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- MAX_CLIENT_SIZE=50m
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://mywp
- |
CUSTOM_CONF_MODSEC_CRS_wordpress=
SecAction \
"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_wordpress=1"
<<: *bunkerweb-env
SERVER_NAME: "www.example.com" # replace with your domain
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
AUTO_LETS_ENCRYPT: "yes"
DISABLE_DEFAULT_SERVER: "yes"
MAX_CLIENT_SIZE: "50m"
USE_CLIENT_CACHE: "yes"
USE_GZIP: "yes"
USE_REVERSE_PROXY: "yes"
REVERSE_PROXY_URL: "/"
REVERSE_PROXY_HOST: "http://mywp"
CUSTOM_CONF_MODSEC_CRS_wordpress: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_wordpress=1"'
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
<<: *bunkerweb-env
DOCKER_HOST: "tcp://docker-proxy:2375"
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mywp:
image: wordpress:5-apache
@ -39,20 +64,34 @@ services:
- ./wp-data:/var/www/html
environment:
- WORDPRESS_DB_HOST=mydb
- WORDPRESS_DB_NAME=wp
- WORDPRESS_DB_USER=user
- WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
- WORDPRESS_DB_NAME=${WORDPRESS_DATABASE:-wp}
- WORDPRESS_DB_USER=${WORDPRESS_USER:-user}
- WORDPRESS_DB_PASSWORD=${WORDPRESS_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
- WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix
networks:
- bw-services
mydb:
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=wp
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${WORDPRESS_USER:-user}\"; CREATE USER \"${WORDPRESS_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${WORDPRESS_DATABASE:-wp}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${WORDPRESS_DATABASE:-wp}.* TO \"${WORDPRESS_USER:-user}\"@\"%\" IDENTIFIED BY \"${WORDPRESS_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${WORDPRESS_USER:-user}\"@\"%\" IDENTIFIED BY \"${WORDPRESS_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
networks:
- bw-universe
- bw-services
volumes:
bw_data:
bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/wordpress/setup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add wordpress https://charts.bitnami.com/bitnami
helm install -f wordpress-chart-values.yml wordpress bitnami/wordpress
helm install -f wordpress-chart-values.yml wordpress bitnami/wordpress

2
src/common/db/Database.py
View File

@ -1260,7 +1260,7 @@ class Database:
)
}
def get_job_cache_file(self, job_name: str, file_name: str) -> Optional[bytes]:
def get_job_cache_file(self, job_name: str, file_name: str) -> Optional[Any]:
"""Get job cache file."""
with self.__db_session() as session:
return (

8
src/ui/main.py
View File

@ -592,7 +592,7 @@ def configs():
if request.form["operation"] in ("new", "edit"):
if not app.config["CONFIGFILES"].check_name(variables["name"]):
flash(
f"Invalid {variables['type']} name. (Can only contain numbers, letters, underscores and hyphens (min 4 characters and max 64))",
f"Invalid {variables['type']} name. (Can only contain numbers, letters, underscores, dots and hyphens (min 4 characters and max 64))",
"error",
)
return redirect(url_for("loading", next=url_for("configs")))
@ -1439,10 +1439,8 @@ def jobs_download():
404,
)
with BytesIO(cache_file) as file:
file.seek(0)
return send_file(file, as_attachment=True, attachment_filename=file_name)
file = BytesIO(cache_file.data)
return send_file(file, as_attachment=True, download_name=file_name)
@app.route("/login", methods=["GET", "POST"])

4
src/ui/src/ConfigFiles.py
View File

@ -9,7 +9,7 @@ from utils import path_to_dict
class ConfigFiles:
def __init__(self, logger, db):
self.__name_regex = re_compile(r"^[a-zA-Z0-9_-]{1,64}$")
self.__name_regex = re_compile(r"^[a-zA-Z0-9_\-.]{1,64}$")
self.__root_dirs = [
child["name"]
for child in path_to_dict("/etc/bunkerweb/configs")["children"]
@ -93,7 +93,7 @@ class ConfigFiles:
return f"{path} was successfully deleted", 0
def create_folder(self, path: str, name: str) -> Tuple[str, int]:
folder_path = join(path, name)
folder_path = join(path, name) if not path.endswith(name) else path
try:
mkdir(folder_path)
except OSError:

27
src/ui/static/css/dashboard.css
View File

@ -903,6 +903,11 @@ h6 {
margin-right: auto;
}
.my-3 {
margin-top: 0.75rem;
margin-bottom: 0.75rem;
}
.mx-6 {
margin-left: 1.5rem;
margin-right: 1.5rem;
@ -933,11 +938,6 @@ h6 {
margin-bottom: 0.25rem;
}
.my-3 {
margin-top: 0.75rem;
margin-bottom: 0.75rem;
}
.mx-2\.5 {
margin-left: 0.625rem;
margin-right: 0.625rem;
@ -1334,10 +1334,6 @@ h6 {
min-width: 900px;
}
.min-w-\[400px\] {
min-width: 400px;
}
.min-w-\[500px\] {
min-width: 500px;
}
@ -1370,6 +1366,10 @@ h6 {
max-width: 100%;
}
.max-w-\[350px\] {
max-width: 350px;
}
.max-w-screen-sm {
max-width: 576px;
}
@ -1378,10 +1378,6 @@ h6 {
max-width: 32rem;
}
.max-w-\[350px\] {
max-width: 350px;
}
.flex-auto {
flex: 1 1 auto;
}
@ -2408,6 +2404,11 @@ h6 {
color: rgb(5 17 57 / var(--tw-text-opacity));
}
.text-gray-600 {
--tw-text-opacity: 1;
color: rgb(108 117 125 / var(--tw-text-opacity));
}
.antialiased {
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;

20
src/ui/static/js/services.js
View File

@ -13,7 +13,6 @@ class ServiceModal {
//modal forms
this.formNewEdit = this.modal.querySelector("[services-modal-form]");
this.formDelete = this.modal.querySelector("[services-modal-form-delete]");
this.formRename = this.modal.querySelector("[services-modal-form-rename]");
//container
this.container = document.querySelector("main");
//general inputs
@ -56,7 +55,6 @@ class ServiceModal {
let form;
if (action === "edit" || action === "new") form = this.formNewEdit;
if (action === "delete") form = this.formDelete;
if (action === "rename") form = this.formRename;
this.setForm(action, serviceName, form);
//reset settings value
if (action === "edit" || action === "new") this.setDefaultValue();
@ -160,16 +158,6 @@ class ServiceModal {
.setAttribute("value", serviceName);
}
if (action === "rename") {
this.showRenameForm();
formEl
.querySelector(`input[name="OLD_SERVER_NAME"]`)
.setAttribute("value", serviceName);
formEl
.querySelector(`input[name="SERVER_NAME"]`)
.setAttribute("value", serviceName);
}
if (action === "delete") {
this.showDeleteForm();
formEl.setAttribute("id", `form-${action}-${serviceName}`);
@ -197,13 +185,6 @@ class ServiceModal {
this.formDelete.classList.remove("hidden");
}
showRenameForm() {
this.cardNoViewport();
this.hideTabs();
this.hideForms();
this.formRename.classList.remove("hidden");
}
cardViewport() {
this.modalCard.classList.add("h-[90vh]");
this.modalCard.classList.add("w-full");
@ -217,7 +198,6 @@ class ServiceModal {
hideForms() {
this.formNewEdit.classList.add("hidden");
this.formDelete.classList.add("hidden");
this.formRename.classList.add("hidden");
}
hideTabs() {

2
src/ui/templates/plugins-modal.html
View File

@ -1,7 +1,7 @@
<!-- modal -->
<div
plugins-modal
class="dark:brightness-110 w-screen h-screen fixed bg-gray-600/50 z-[1001] top-0 left-0 flex justify-center items-center"
class="dark:brightness-110 w-screen h-screen fixed bg-gray-600/50 z-[1001] top-0 left-0 hidden justify-center items-center"
>
<div
plugins-modal-card

42
src/ui/templates/services-modal.html
View File

@ -119,48 +119,6 @@
<!-- end action button-->
</form>
<!-- end delete form-->
<!-- rename form-->
<form
services-modal-form-rename
class="w-full h-full flex flex-col justify-between"
id="form-rename-server_name"
method="POST"
>
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
<input type="hidden" value="OLD_SERVER_NAME" name="OLD_SERVER_NAME" />
<input type="hidden" value="rename" name="operation" />
<div
class="my-2 flex flex-row justify-center align-middle items-center"
{{current_endpoint}}-modal-path
>
<input
type="text"
name="SERVER_NAME"
id="SERVER_NAME"
class="dark:border-slate-600 dark:bg-slate-700 dark:text-gray-300 sm:ml-1 max-w-[350px] disabled:opacity-75 focus:valid:border-green-500 focus:file:invalid:border-red-500 outline-none focus:border-primary text-sm leading-5.6 ease block w-full appearance-none rounded-lg border border-solid border-gray-300 bg-white bg-clip-padding px-1.5 py-1 font-normal text-gray-700 transition-all placeholder:text-gray-500"
placeholder="path"
required
/>
</div>
<!-- action button -->
<div class="w-full justify-center flex mt-10">
<button
services-modal-close
type="button"
class="dark:brightness-90 mr-3 inline-block px-6 py-3 font-bold text-center text-white uppercase align-middle transition-all rounded-lg cursor-pointer bg-red-500 hover:bg-red-500/80 focus:bg-red-500/80 leading-normal text-md ease-in tracking-tight-rem shadow-xs bg-150 bg-x-25 hover:-translate-y-px active:opacity-85 hover:shadow-md"
>
Close
</button>
<button
type="submit"
class="dark:brightness-90 inline-block px-6 py-3 font-bold text-center text-white uppercase align-middle transition-all rounded-lg cursor-pointer bg-sky-500 hover:bg-sky-500/80 focus:bg-sky-500/80 leading-normal text-md ease-in tracking-tight-rem shadow-xs bg-150 bg-x-25 hover:-translate-y-px active:opacity-85 hover:shadow-md"
>
Rename
</button>
</div>
<!-- end action button-->
</form>
<!-- end rename form-->
</div>
</div>
<!-- end modal -->

21
src/ui/templates/services.html
View File

@ -34,6 +34,9 @@
<h5 class="transition duration-300 ease-in-out dark:opacity-90 text-center sm:text-left mb-1 font-bold dark:text-white">
{{ service["SERVER_NAME"]['value'] }}
</h5>
<h6 class="mb-2 font-semibold text-gray-600 dark:text-white">{{ service["SERVER_NAME"]['method'] }}</h5>
<!-- detail list -->
<div
@ -333,23 +336,7 @@
</svg>
</a>
<button
services-action="rename"
type="button"
services-name="{{service["SERVER_NAME"]['value']}}"
class="dark:brightness-90 z-20 mx-1 bg-yellow-500 hover:bg-yellow-500/80 focus:bg-yellow-500/80 inline-block p-3 font-bold text-center text-white uppercase align-middle transition-all rounded-lg cursor-pointer leading-normal text-xs ease-in tracking-tight-rem shadow-xs bg-150 bg-x-25 hover:-translate-y-px active:opacity-85 hover:shadow-md"
>
<svg
class="h-6 w-6 fill-white"
xmlns="http://www.w3.org/2000/svg"
viewBox="0 0 512 512"
>
<path
d="M471.6 21.7c-21.9-21.9-57.3-21.9-79.2 0L362.3 51.7l97.9 97.9 30.1-30.1c21.9-21.9 21.9-57.3 0-79.2L471.6 21.7zm-299.2 220c-6.1 6.1-10.8 13.6-13.5 21.9l-29.6 88.8c-2.9 8.6-.6 18.1 5.8 24.6s15.9 8.7 24.6 5.8l88.8-29.6c8.2-2.8 15.7-7.4 21.9-13.5L437.7 172.3 339.7 74.3 172.4 241.7zM96 64C43 64 0 107 0 160V416c0 53 43 96 96 96H352c53 0 96-43 96-96V320c0-17.7-14.3-32-32-32s-32 14.3-32 32v96c0 17.7-14.3 32-32 32H96c-17.7 0-32-14.3-32-32V160c0-17.7 14.3-32 32-32h96c17.7 0 32-14.3 32-32s-14.3-32-32-32H96z"
/>
</svg>
</button>
<button
services-action="edit"
type="button"