librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

docs - quickstart (wip)

This commit is contained in:
bunkerity 2023-04-27 16:55:02 +02:00
parent a90d9e6273
commit 1d354c9c6b
1 changed files with 173 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

234
docs/quickstart-guide.md
View File

@ -1737,8 +1737,6 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- `LOCAL_PHP` : Path to the local socket file of PHP-FPM instance.
- `LOCAL_PHP_PATH` : Root folder containing files in the local PHP-FPM instance.
### Single application
=== "Docker"
When using the [Docker integration](/1.4/integrations/#docker), to support PHP applications, you will need to :
@ -1747,7 +1745,21 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- Set up a PHP-FPM container for your application and mount the folder containing PHP files
- Use the specific settings `REMOTE_PHP` and `REMOTE_PHP_PATH` as environment variables when starting BunkerWeb
We will assume that your PHP files are located into a folder named `www`. Please note that you will need to fix the permissions so BunkerWeb (UID/GID 101) can at least read files and list folders and PHP-FPM (UID/GID 33 if you use the `php:fpm` image) is the owner of the files and folders :
If you enable the [multisite mode](/1.5.0-beta/concepts/#integration), you will need to create separate directories for each of your applications. Each subdirectory should be named using the first value of `SERVER_NAME`. Here is a dummy example :
```
www
├── app1.example.com
│   └── index.php
├── app2.example.com
│   └── index.php
└── app3.example.com
└── index.php
3 directories, 3 files
```
We will assume that your PHP apps are located into a folder named `www`. Please note that you will need to fix the permissions so BunkerWeb (UID/GID 101) can at least read files and list folders and PHP-FPM (UID/GID 33 if you use the `php:fpm` image) is the owner of the files and folders :
```shell
chown -R 33:101 ./www && \
@ -1762,10 +1774,24 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
myapp:
myapp1:
image: php:fpm
volumes:
- ./www:/app
- ./www/app1.example.com:/app
networks:
- bw-services
myapp2:
image: php:fpm
volumes:
- ./www/app2.example.com:/app
networks:
- bw-services
myapp3:
image: php:fpm
volumes:
- ./www/app3.example.com:/app
networks:
- bw-services
@ -1777,7 +1803,8 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
labels:
- "bunkerweb.INSTANCE"
environment:
- SERVER_NAME=www.example.com
- SERVER_NAME=app1.example.com app2.example.com
- MULTISITE=yes
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- REMOTE_PHP=myapp
- REMOTE_PHP_PATH=/app
@ -1825,77 +1852,162 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
=== "Docker autoconf"
When using the [Docker autoconfintegration](/1.4/integrations/#docker-autoconf), to support PHP applications, you will need to :
!!! info "Multisite mode enabled"
The [Docker autoconf integration](/1.4/integrations/#docker-autoconf) integration implies the use of multisite mode : protecting one PHP application is the same as protection multiple ones.
When using the [Docker autoconf integration](/1.4/integrations/#docker-autoconf), to support PHP applications, you will need to :
- Mount your PHP files into the `/var/www/html` folder of BunkerWeb
- Set up a PHP-FPM container for your application and mount the folder containing PHP files
- Use the specific settings `REMOTE_PHP` and `REMOTE_PHP_PATH` as labels for your PHP-FPM container
Since the Docker autoconf implies using the [multisite mode](/1.5.0-beta/concepts/#integration), you will need to create separate directories for each of your applications. Each subdirectory should be named using the first value of `SERVER_NAME`. Here is
Since the Docker autoconf implies using the [multisite mode](/1.5.0-beta/concepts/#integration), you will need to create separate directories for each of your applications. Each subdirectory should be named using the first value of `SERVER_NAME`. Here is a dummy example :
```
www
├── app1.example.com
│   └── index.php
├── app2.example.com
│   └── index.php
└── app3.example.com
└── index.php
3 directories, 3 files
```
Once the folders are created, copy your files and fix the permissions so BunkerWeb (UID/GID 101) can at least read files and list folders and PHP-FPM (UID/GID 33 if you use the `php:fpm` image) is the owner of the files and folders :
First of all, create the application folder (e.g. `myapp`), copy your files and fix the permissions so BunkerWeb (UID/GID 101) can at least read files and list folders and PHP-FPM (UID/GID 33) is the owner of the files and folders :
```shell
chown -R 33:101 ./myapp && \
find ./myapp -type f -exec chmod 0640 {} \; && \
find ./myapp -type d -exec chmod 0750 {} \;
```
chown -R 33:101 ./www && \
find ./www -type f -exec chmod 0640 {} \; && \
find ./www -type d -exec chmod 0750 {} \;
```
When you create the BunkerWeb container, simply mount the folder containing your PHP application to a specific endpoint like `/app` :
```shell
docker run -d \
...
-v "${PWD}/myapp:/app" \
...
bunkerity/bunkerweb:1.5.0-beta
```
Once BunkerWeb and autoconf are ready, you will be able to create the PHP-FPM container, mount the application folder inside the container and configure it using specific labels :
```shell
docker run -d \
--name myphp \
--network bw-services \
-v "${PWD}/myapp:/app" \
-l bunkerweb.SERVER_NAME=www.example.com \
-l bunkerweb.AUTO_LETS_ENCRYPT=yes \
-l bunkerweb.ROOT_FOLDER=/app \
-l bunkerweb.REMOTE_PHP=myphp \
-l bunkerweb.REMOTE_PHP_PATH=/app \
php:fpm
```
When you start the BunkerWeb autoconf stack, mount the `www` folder into `/var/www/html` for the BunkerWeb container :
Here is the docker-compose equivalent :
```yaml
version: '3'
```yaml
version: '3.5'
services:
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.0-beta
volumes:
- ./www:/var/www/html
labels:
- "bunkerweb.INSTANCE"
environment:
- MULTISITE=yes
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
networks:
- bw-universe
- bw-services
myphp:
image: php:fpm
volumes:
- ./myapp:/app
networks:
bw-services:
aliases:
- myphp
labels:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.AUTO_LETS_ENCRYPT=yes
- bunkerweb.ROOT_FOLDER=/app
- bunkerweb.REMOTE_PHP=myphp
- bunkerweb.REMOTE_PHP_PATH=/app
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0-beta
depends_on:
- bunkerweb
- bw-docker
environment:
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database
- DOCKER_HOST=tcp://bw-docker:2375
networks:
- bw-universe
- bw-docker
networks:
bw-services:
external:
name: bw-services
```
bw-docker:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- bw-docker
bw-db:
image: mariadb:10.10
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
- MYSQL_DATABASE=db
- MYSQL_USER=bunkerweb
- MYSQL_PASSWORD=changeme # Remember to set a stronger password for the database
volumes:
- bw-data:/var/lib/mysql
networks:
- bw-docker
volumes:
bw-data:
networks:
bw-universe:
name: bw-universe
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
name: bw-services
bw-docker:
name: bw-docker
```
You can now create your PHP-FPM container, mount the correct subfolder and use labels to configure BunkerWeb :
```yaml
version: '3.5'
services:
myapp1:
image: php:fpm
volumes:
- ./www/app1.example.com:/app
networks:
bw-services:
aliases:
- myapp1
labels:
- "bunkerweb.SERVER_NAME=app1.example.com"
- "bunkerweb.REMOTE_PHP=myapp1"
- "bunkerweb.REMOTE_PHP_PATH=/app"
myapp2:
image: php:fpm
volumes:
- ./www/app2.example.com:/app
networks:
bw-services:
aliases:
- myapp2
labels:
- "bunkerweb.SERVER_NAME=app2.example.com"
- "bunkerweb.REMOTE_PHP=myapp2"
- "bunkerweb.REMOTE_PHP_PATH=/app"
myapp3:
image: php:fpm
volumes:
- ./www/app3.example.com:/app
networks:
bw-services:
aliases:
- myapp3
labels:
- "bunkerweb.SERVER_NAME=app3.example.com"
- "bunkerweb.REMOTE_PHP=myapp3"
- "bunkerweb.REMOTE_PHP_PATH=/app"
networks:
bw-services:
external:
name: bw-services
```
=== "Swarm"
!!! info "Shared volume"
Using PHP with the Docker Swarm integration needs a shared volume between all BunkerWeb and PHP-FPM instances.
!!! info "Shared volume"
Using PHP with the Docker Swarm integration needs a shared volume between all BunkerWeb and PHP-FPM instances which is not covered in this documentation.
When using the [Docker Swarm integration](/integrations/#swarm), your PHP files must not be mounted into the `bw-data/www` folder. Instead, you will need to create a specific folder containing your PHP application and mount it both on the BunkerWeb container (outside the `/data` endpoint) and your PHP-FPM container. As an example, we will consider that you have a shared folder mounted on your worker nodes on the `/shared` endpoint.
As an example, we will consider that you have a shared folder mounted on your worker nodes on the `/shared` endpoint.
First of all, create the application folder (e.g. `/shared/myapp`), copy your files and fix the permissions so BunkerWeb (UID/GID 101) can at least read files and list folders and PHP-FPM (UID/GID 33) is the owner of the files and folders :
```shell