various fixes

Dockerfile

@@ -19,7 +19,7 @@ COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
-RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
+RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
     chmod +x /opt/entrypoint/* /opt/scripts/* && \
     mkdir /opt/entrypoint.d && \
     rm -f /var/log/nginx/* && \

Dockerfile-amd64

@@ -19,7 +19,7 @@ COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
-RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
+RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
     chmod +x /opt/entrypoint/* /opt/scripts/* && \
     mkdir /opt/entrypoint.d && \
     rm -f /var/log/nginx/* && \

Dockerfile-arm32v7

@@ -26,7 +26,7 @@ COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
-RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
+RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
     chmod +x /opt/entrypoint/* /opt/scripts/* && \
     mkdir /opt/entrypoint.d && \
     rm -f /var/log/nginx/* && \

Dockerfile-arm64v8

@@ -26,7 +26,7 @@ COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
-RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
+RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
     chmod +x /opt/entrypoint/* /opt/scripts/* && \
     mkdir /opt/entrypoint.d && \
     rm -f /var/log/nginx/* && \

Dockerfile-i386

@@ -19,7 +19,7 @@ COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
-RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \
+RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
     chmod +x /opt/entrypoint/* /opt/scripts/* && \
     mkdir /opt/entrypoint.d && \
     rm -f /var/log/nginx/* && \

compile.sh

@@ -30,7 +30,7 @@ function git_secure_clone() {
 NTASK=$(nproc)
 
 # install build dependencies
-apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev musl-dev lua-dev gd-dev gnupg
+apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev musl-dev lua-dev gd-dev gnupg brotli-dev
 
 # compile and install ModSecurity library
 cd /tmp

confs/global/nginx.conf

@@ -47,9 +47,6 @@ http {
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 
-	# load gzip custom config
-	include /etc/nginx/gzip.conf;
-
 	# maximum request body size
 	client_max_body_size %MAX_CLIENT_SIZE%;
 

entrypoint/defaults.sh

@@ -4,7 +4,7 @@ HTTP_PORT="${HTTP_PORT-8080}"
 HTTPS_PORT="${HTTPS_PORT-8443}"
 MAX_CLIENT_SIZE="${MAX_CLIENT_SIZE-10m}"
 SERVER_TOKENS="${SERVER_TOKENS-off}"
-USE_CLIENT_CACHE="${USE_CLIENT_CACHE-yes}"
+USE_CLIENT_CACHE="${USE_CLIENT_CACHE-no}"
 CLIENT_CACHE_EXTENSIONS="${CLIENT_CACHE_EXTENSIONS-jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2}"
 CLIENT_CACHE_CONTROL="${CLIENT_CACHE_CONTROL-public, max-age=15552000}"
 CLIENT_CACHE_ETAG="${CLIENT_CACHE_ETAG-on}"

entrypoint/site-config.sh

@@ -37,7 +37,7 @@ else
 fi
 
 # client caching
-if [ "$USE_CLIENT_CACHE" = "yes" ] ;
+if [ "$USE_CLIENT_CACHE" = "yes" ] ; then
 	replace_in_file "${NGINX_PREFIX}server.conf" "%USE_CLIENT_CACHE%" "include ${NGINX_PREFIX}client-cache.conf;"
 	replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_EXTENSIONS%" "$CLIENT_CACHE_EXTENSIONS"
 	replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_ETAG%" "$CLIENT_CACHE_ETAG"

examples/basic-website-with-php/docker-compose.yml

@@ -16,6 +16,7 @@ services:
       - AUTO_LETS_ENCRYPT=yes
       - REDIRECT_HTTP_TO_HTTPS=yes
       - DISABLE_DEFAULT_SERVER=yes
+      - USE_CLIENT_CACHE=yes
       - REMOTE_PHP=myphp
       - REMOTE_PHP_PATH=/app
 

examples/load-balancer/server-confs/reverse-proxy.conf

@@ -2,5 +2,5 @@ proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
 location / {
-	proxy_pass http://app$request_uri;
+	proxy_pass http://app;
 }

examples/moodle/server-confs/reverse-proxy.conf

@@ -2,7 +2,5 @@ proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
 location / {
-	if ($host = www.website.com) {
-		proxy_pass http://mymoodle:8443$request_uri;
-	}
+	proxy_pass https://mymoodle:8443;
 }

examples/multisite-basic/docker-compose.yml

@@ -18,11 +18,13 @@ services:
       - AUTO_LETS_ENCRYPT=yes
       - REDIRECT_HTTP_TO_HTTPS=yes
       - DISABLE_DEFAULT_SERVER=yes
+      - USE_CLIENT_CACHE=yes
       - app1.website.com_REMOTE_PHP=myapp1
       - app1.website.com_REMOTE_PHP_PATH=/app
       - app2.website.com_REMOTE_PHP=myapp2
       - app2.website.com_REMOTE_PHP_PATH=/app
       - app3.website.com_SERVE_FILES=no
+      - app3.website.com_USE_CLIENT_CACHE=no
     networks:
       - net1
       - net2

examples/multisite-basic/server-confs/app3.website.com/reverse-proxy.conf

@@ -2,5 +2,5 @@ proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
 location / {
-	proxy_pass http://myapp3:3000$request_uri;
+	proxy_pass http://myapp3:3000;
 }

examples/multisite-complex/docker-compose.yml

@@ -20,6 +20,7 @@ services:
       - AUTO_LETS_ENCRYPT=yes
       - REDIRECT_HTTP_TO_HTTPS=yes
       - DISABLE_DEFAULT_SERVER=yes
+      - USE_CLIENT_CACHE=yes
       - wp.website.com_REMOTE_PHP=mywp
       - wp.website.com_REMOTE_PHP_PATH=/var/www/html
       - nc.website.com_REMOTE_PHP=mync

examples/nextcloud/docker-compose.yml

@@ -20,6 +20,7 @@ services:
       - REDIRECT_HTTP_TO_HTTPS=yes
       - DISABLE_DEFAULT_SERVER=yes
       - MAX_CLIENT_SIZE=10G
+      - USE_CLIENT_CACHE=yes
       - REMOTE_PHP=mync
       - REMOTE_PHP_PATH=/var/www/html
       - LIMIT_REQ_RATE=40r/s

examples/passbolt/server-confs/reverse-proxy.conf

@@ -2,8 +2,6 @@ proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
 location / {
-        if ($host = www.website.com) {
-                proxy_pass https://mypassbolt:443$request_uri;
-        }
+	proxy_pass https://mypassbolt;
 }
 

examples/reverse-proxy/server-confs/reverse-proxy.conf

@@ -3,10 +3,10 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
 location / {
 	if ($host = app1.website.com) {
-		proxy_pass http://app1:3000$request_uri;
+		proxy_pass http://app1:3000;
 	}
 
 	if ($host = app2.website.com) {
-		proxy_pass http://app2$request_uri;
+		proxy_pass http://app2;
 	}
 }

examples/tomcat/server-confs/reverse-proxy.conf

@@ -2,5 +2,5 @@ proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
 location / {
-	proxy_pass http://mytomcat:8080/sample$request_uri;
+	proxy_pass http://mytomcat:8080/sample;
 }

examples/tor-hidden-service/docker-compose.yml

@@ -27,6 +27,7 @@ services:
       - USE_BLACKLIST_IP=no
       - USE_BLACKLIST_REVERSE=no
       - USE_FAIL2BAN=no
+      - USE_CLIENT_CACHE=yes
       - REMOTE_PHP=myphp
       - REMOTE_PHP_PATH=/app
 

examples/wordpress/docker-compose.yml

@@ -19,6 +19,7 @@ services:
       - REDIRECT_HTTP_TO_HTTPS=yes
       - DISABLE_DEFAULT_SERVER=yes
       - MAX_CLIENT_SIZE=50m
+      - USE_CLIENT_CACHE=yes
       - REMOTE_PHP=mywp
       - REMOTE_PHP_PATH=/var/www/html