stream - add example and fix ssl support

examples/stream-multisite/docker-compose.yml

@@ -0,0 +1,78 @@
+version: "3"
+
+services:
+  mybunker:
+    image: bunkerity/bunkerweb:1.5.0-beta
+    ports:
+      - 80:8080 # required to resolve let's encrypt challenges
+      - 10000:10000 # app1 without SSL/TLS
+      - 10001:10001 # app1 with SSL/TLS
+      - 20000:20000 # app2 without SSL/TLS
+      - 20001:20001 # app2 with SSL/TLS
+    environment:
+      - MULTISITE=yes
+      - SERVER_NAME=app1.example.com app2.example.com # replace with your domains
+      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
+      - SERVE_FILES=no
+      - DISABLE_DEFAULT_SERVER=yes
+      - AUTO_LETS_ENCRYPT=yes
+      - USE_CLIENT_CACHE=yes
+      - USE_GZIP=yes
+      - USE_REVERSE_PROXY=yes
+      - SERVER_TYPE=stream
+      - app1.example.com_REVERSE_PROXY_HOST=app1:9000
+      - app1.example.com_LISTEN_STREAM_PORT=10000
+      - app1.example.com_LISTEN_STREAM_PORT_SSL=10001
+      - app2.example.com_REVERSE_PROXY_HOST=app2:9000
+      - app2.example.com_LISTEN_STREAM_PORT=20000
+      - app2.example.com_LISTEN_STREAM_PORT_SSL=20001
+    labels:
+      - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.5.0-beta
+    depends_on:
+      - mybunker
+    environment:
+      - DOCKER_HOST=tcp://bw-docker-proxy:2375
+    volumes:
+      - bw-data:/data
+    networks:
+      - bw-universe
+      - bw-docker
+
+  bw-docker-proxy:
+    image: tecnativa/docker-socket-proxy:0.1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+    networks:
+      - bw-docker
+
+  app1:
+    image: istio/tcp-echo-server:1.2
+    command: [ "9000", "app1" ]
+    networks:
+      - bw-services
+
+  app2:
+    image: istio/tcp-echo-server:1.2
+    command: [ "9000", "app2" ]
+    networks:
+      - bw-services
+
+volumes:
+  bw-data:
+
+networks:
+  bw-services:
+  bw-universe:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-docker:

src/common/confs/http.conf

@@ -86,7 +86,7 @@ server_tokens off;
 					{% set x = found.update({"res" : true}) %}
 				{% endif %}
 			{% endfor %}
-			{% if not found["res"] and all[server_name + "_SERVER_TYPE"] == "stream" %}
+			{% if not found["res"] and all[server_name + "_SERVER_TYPE"] == "http" %}
 				{% set x = map_servers.update({server_name : [server_name]}) %}
 			{% endif %}
 		{% endif %}

src/common/confs/stream.conf

@@ -65,19 +65,19 @@ include /etc/nginx/init-worker-stream-lua.conf;
 	{% endfor %}
 	{% for first_server in map_servers +%}
 include /etc/nginx/{{ first_server }}/server-stream.conf;
-{% if all[first_server + "_USE_REVERSE_PROXY"] == "yes" and all[first_server + "_REVERSE_PROXY_HOST"] != "" +%}
+		{% if all[first_server + "_USE_REVERSE_PROXY"] == "yes" and all[first_server + "_REVERSE_PROXY_HOST"] != "" +%}
 upstream {{ first_server }} {
 	server {{ all[first_server + "_REVERSE_PROXY_HOST"] }};
 }
-{% endif %}
+		{% endif %}
 	{% endfor %}
 {% elif MULTISITE == "no" and SERVER_NAME != "" and SERVER_TYPE == "stream" +%}
 include /etc/nginx/server-stream.conf;
-{% if USE_REVERSE_PROXY == "yes" and REVERSE_PROXY_HOST != "" +%}
+	{% if USE_REVERSE_PROXY == "yes" and REVERSE_PROXY_HOST != "" +%}
 upstream {{ SERVER_NAME.split(" ")[0] }} {
 	server {{ REVERSE_PROXY_HOST }};
 }
-{% endif %}
+	{% endif %}
 {% endif %}
 
 {% endif %}

src/common/core/customcert/confs/server-stream/custom-cert.conf

@@ -11,7 +11,7 @@ ssl_protocols {{ SSL_PROTOCOLS }};
 ssl_prefer_server_ciphers on;
 ssl_session_tickets off;
 ssl_session_timeout 1d;
-ssl_session_cache shared:MozSSL:10m;
+ssl_session_cache shared:MozSSLStream:10m;
 {% if "TLSv1.2" in SSL_PROTOCOLS +%}
 ssl_dhparam /etc/nginx/dhparam;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

src/common/core/letsencrypt/confs/server-stream/lets-encrypt.conf

@@ -10,7 +10,7 @@ ssl_protocols {{ SSL_PROTOCOLS }};
 ssl_prefer_server_ciphers on;
 ssl_session_tickets off;
 ssl_session_timeout 1d;
-ssl_session_cache shared:MozSSL:10m;
+ssl_session_cache shared:MozSSLStream:10m;
 {% if "TLSv1.2" in SSL_PROTOCOLS +%}
 ssl_dhparam /etc/nginx/dhparam;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

src/common/core/selfsigned/confs/server-stream/self-signed.conf

@@ -10,7 +10,7 @@ ssl_protocols {{ SSL_PROTOCOLS }};
 ssl_prefer_server_ciphers on;
 ssl_session_tickets off;
 ssl_session_timeout 1d;
-ssl_session_cache shared:MozSSL:10m;
+ssl_session_cache shared:MozSSLStream:10m;
 {% if "TLSv1.2" in SSL_PROTOCOLS +%}
 ssl_dhparam /etc/nginx/dhparam;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;