mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
stream - add example and fix ssl support
This commit is contained in:
parent
b64e55f75a
commit
1c3bbf1bc3
78
examples/stream-multisite/docker-compose.yml
Normal file
78
examples/stream-multisite/docker-compose.yml
Normal file
|
@ -0,0 +1,78 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.5.0-beta
|
||||
ports:
|
||||
- 80:8080 # required to resolve let's encrypt challenges
|
||||
- 10000:10000 # app1 without SSL/TLS
|
||||
- 10001:10001 # app1 with SSL/TLS
|
||||
- 20000:20000 # app2 without SSL/TLS
|
||||
- 20001:20001 # app2 with SSL/TLS
|
||||
environment:
|
||||
- MULTISITE=yes
|
||||
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- SERVER_TYPE=stream
|
||||
- app1.example.com_REVERSE_PROXY_HOST=app1:9000
|
||||
- app1.example.com_LISTEN_STREAM_PORT=10000
|
||||
- app1.example.com_LISTEN_STREAM_PORT_SSL=10001
|
||||
- app2.example.com_REVERSE_PROXY_HOST=app2:9000
|
||||
- app2.example.com_LISTEN_STREAM_PORT=20000
|
||||
- app2.example.com_LISTEN_STREAM_PORT_SSL=20001
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0-beta
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://bw-docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
|
||||
bw-docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy:0.1
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- bw-docker
|
||||
|
||||
app1:
|
||||
image: istio/tcp-echo-server:1.2
|
||||
command: [ "9000", "app1" ]
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
app2:
|
||||
image: istio/tcp-echo-server:1.2
|
||||
command: [ "9000", "app2" ]
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-docker:
|
|
@ -86,7 +86,7 @@ server_tokens off;
|
|||
{% set x = found.update({"res" : true}) %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% if not found["res"] and all[server_name + "_SERVER_TYPE"] == "stream" %}
|
||||
{% if not found["res"] and all[server_name + "_SERVER_TYPE"] == "http" %}
|
||||
{% set x = map_servers.update({server_name : [server_name]}) %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
|
|
@ -65,19 +65,19 @@ include /etc/nginx/init-worker-stream-lua.conf;
|
|||
{% endfor %}
|
||||
{% for first_server in map_servers +%}
|
||||
include /etc/nginx/{{ first_server }}/server-stream.conf;
|
||||
{% if all[first_server + "_USE_REVERSE_PROXY"] == "yes" and all[first_server + "_REVERSE_PROXY_HOST"] != "" +%}
|
||||
{% if all[first_server + "_USE_REVERSE_PROXY"] == "yes" and all[first_server + "_REVERSE_PROXY_HOST"] != "" +%}
|
||||
upstream {{ first_server }} {
|
||||
server {{ all[first_server + "_REVERSE_PROXY_HOST"] }};
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% elif MULTISITE == "no" and SERVER_NAME != "" and SERVER_TYPE == "stream" +%}
|
||||
include /etc/nginx/server-stream.conf;
|
||||
{% if USE_REVERSE_PROXY == "yes" and REVERSE_PROXY_HOST != "" +%}
|
||||
{% if USE_REVERSE_PROXY == "yes" and REVERSE_PROXY_HOST != "" +%}
|
||||
upstream {{ SERVER_NAME.split(" ")[0] }} {
|
||||
server {{ REVERSE_PROXY_HOST }};
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
|
@ -11,7 +11,7 @@ ssl_protocols {{ SSL_PROTOCOLS }};
|
|||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_tickets off;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_cache shared:MozSSLStream:10m;
|
||||
{% if "TLSv1.2" in SSL_PROTOCOLS +%}
|
||||
ssl_dhparam /etc/nginx/dhparam;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
|
|
|
@ -10,7 +10,7 @@ ssl_protocols {{ SSL_PROTOCOLS }};
|
|||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_tickets off;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_cache shared:MozSSLStream:10m;
|
||||
{% if "TLSv1.2" in SSL_PROTOCOLS +%}
|
||||
ssl_dhparam /etc/nginx/dhparam;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
|
|
|
@ -10,7 +10,7 @@ ssl_protocols {{ SSL_PROTOCOLS }};
|
|||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_tickets off;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_cache shared:MozSSLStream:10m;
|
||||
{% if "TLSv1.2" in SSL_PROTOCOLS +%}
|
||||
ssl_dhparam /etc/nginx/dhparam;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
|
|
Loading…
Reference in a new issue