various fixes
This commit is contained in:
parent
8cdc155ac0
commit
0f0593456c
|
@ -19,7 +19,7 @@ COPY logs/ /opt/logs
|
|||
COPY lua/ /opt/lua
|
||||
COPY crowdsec/ /opt/crowdsec
|
||||
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
|
||||
chmod +x /opt/entrypoint/* /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
rm -f /var/log/nginx/* && \
|
||||
|
|
|
@ -19,7 +19,7 @@ COPY logs/ /opt/logs
|
|||
COPY lua/ /opt/lua
|
||||
COPY crowdsec/ /opt/crowdsec
|
||||
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
|
||||
chmod +x /opt/entrypoint/* /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
rm -f /var/log/nginx/* && \
|
||||
|
|
|
@ -26,7 +26,7 @@ COPY logs/ /opt/logs
|
|||
COPY lua/ /opt/lua
|
||||
COPY crowdsec/ /opt/crowdsec
|
||||
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
|
||||
chmod +x /opt/entrypoint/* /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
rm -f /var/log/nginx/* && \
|
||||
|
|
|
@ -26,7 +26,7 @@ COPY logs/ /opt/logs
|
|||
COPY lua/ /opt/lua
|
||||
COPY crowdsec/ /opt/crowdsec
|
||||
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
|
||||
chmod +x /opt/entrypoint/* /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
rm -f /var/log/nginx/* && \
|
||||
|
|
|
@ -19,7 +19,7 @@ COPY logs/ /opt/logs
|
|||
COPY lua/ /opt/lua
|
||||
COPY crowdsec/ /opt/crowdsec
|
||||
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
|
||||
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
|
||||
chmod +x /opt/entrypoint/* /opt/scripts/* && \
|
||||
mkdir /opt/entrypoint.d && \
|
||||
rm -f /var/log/nginx/* && \
|
||||
|
|
|
@ -30,7 +30,7 @@ function git_secure_clone() {
|
|||
NTASK=$(nproc)
|
||||
|
||||
# install build dependencies
|
||||
apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev musl-dev lua-dev gd-dev gnupg
|
||||
apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev musl-dev lua-dev gd-dev gnupg brotli-dev
|
||||
|
||||
# compile and install ModSecurity library
|
||||
cd /tmp
|
||||
|
|
|
@ -47,9 +47,6 @@ http {
|
|||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# load gzip custom config
|
||||
include /etc/nginx/gzip.conf;
|
||||
|
||||
# maximum request body size
|
||||
client_max_body_size %MAX_CLIENT_SIZE%;
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ HTTP_PORT="${HTTP_PORT-8080}"
|
|||
HTTPS_PORT="${HTTPS_PORT-8443}"
|
||||
MAX_CLIENT_SIZE="${MAX_CLIENT_SIZE-10m}"
|
||||
SERVER_TOKENS="${SERVER_TOKENS-off}"
|
||||
USE_CLIENT_CACHE="${USE_CLIENT_CACHE-yes}"
|
||||
USE_CLIENT_CACHE="${USE_CLIENT_CACHE-no}"
|
||||
CLIENT_CACHE_EXTENSIONS="${CLIENT_CACHE_EXTENSIONS-jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2}"
|
||||
CLIENT_CACHE_CONTROL="${CLIENT_CACHE_CONTROL-public, max-age=15552000}"
|
||||
CLIENT_CACHE_ETAG="${CLIENT_CACHE_ETAG-on}"
|
||||
|
|
|
@ -37,7 +37,7 @@ else
|
|||
fi
|
||||
|
||||
# client caching
|
||||
if [ "$USE_CLIENT_CACHE" = "yes" ] ;
|
||||
if [ "$USE_CLIENT_CACHE" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_CLIENT_CACHE%" "include ${NGINX_PREFIX}client-cache.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_EXTENSIONS%" "$CLIENT_CACHE_EXTENSIONS"
|
||||
replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_ETAG%" "$CLIENT_CACHE_ETAG"
|
||||
|
|
|
@ -16,6 +16,7 @@ services:
|
|||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- REMOTE_PHP=myphp
|
||||
- REMOTE_PHP_PATH=/app
|
||||
|
||||
|
|
|
@ -2,5 +2,5 @@ proxy_set_header Host $host;
|
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
proxy_pass http://app$request_uri;
|
||||
proxy_pass http://app;
|
||||
}
|
||||
|
|
|
@ -2,7 +2,5 @@ proxy_set_header Host $host;
|
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
if ($host = www.website.com) {
|
||||
proxy_pass http://mymoodle:8443$request_uri;
|
||||
}
|
||||
proxy_pass https://mymoodle:8443;
|
||||
}
|
||||
|
|
|
@ -18,11 +18,13 @@ services:
|
|||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- app1.website.com_REMOTE_PHP=myapp1
|
||||
- app1.website.com_REMOTE_PHP_PATH=/app
|
||||
- app2.website.com_REMOTE_PHP=myapp2
|
||||
- app2.website.com_REMOTE_PHP_PATH=/app
|
||||
- app3.website.com_SERVE_FILES=no
|
||||
- app3.website.com_USE_CLIENT_CACHE=no
|
||||
networks:
|
||||
- net1
|
||||
- net2
|
||||
|
|
|
@ -2,5 +2,5 @@ proxy_set_header Host $host;
|
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
proxy_pass http://myapp3:3000$request_uri;
|
||||
proxy_pass http://myapp3:3000;
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ services:
|
|||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- wp.website.com_REMOTE_PHP=mywp
|
||||
- wp.website.com_REMOTE_PHP_PATH=/var/www/html
|
||||
- nc.website.com_REMOTE_PHP=mync
|
||||
|
|
|
@ -20,6 +20,7 @@ services:
|
|||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- MAX_CLIENT_SIZE=10G
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- REMOTE_PHP=mync
|
||||
- REMOTE_PHP_PATH=/var/www/html
|
||||
- LIMIT_REQ_RATE=40r/s
|
||||
|
|
|
@ -2,8 +2,6 @@ proxy_set_header Host $host;
|
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
if ($host = www.website.com) {
|
||||
proxy_pass https://mypassbolt:443$request_uri;
|
||||
}
|
||||
proxy_pass https://mypassbolt;
|
||||
}
|
||||
|
||||
|
|
|
@ -3,10 +3,10 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|||
|
||||
location / {
|
||||
if ($host = app1.website.com) {
|
||||
proxy_pass http://app1:3000$request_uri;
|
||||
proxy_pass http://app1:3000;
|
||||
}
|
||||
|
||||
if ($host = app2.website.com) {
|
||||
proxy_pass http://app2$request_uri;
|
||||
proxy_pass http://app2;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,5 +2,5 @@ proxy_set_header Host $host;
|
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
proxy_pass http://mytomcat:8080/sample$request_uri;
|
||||
proxy_pass http://mytomcat:8080/sample;
|
||||
}
|
||||
|
|
|
@ -27,6 +27,7 @@ services:
|
|||
- USE_BLACKLIST_IP=no
|
||||
- USE_BLACKLIST_REVERSE=no
|
||||
- USE_FAIL2BAN=no
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- REMOTE_PHP=myphp
|
||||
- REMOTE_PHP_PATH=/app
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ services:
|
|||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- MAX_CLIENT_SIZE=50m
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- REMOTE_PHP=mywp
|
||||
- REMOTE_PHP_PATH=/var/www/html
|
||||
|
||||
|
|
Loading…
Reference in New Issue