examples and DNS_RESOLVERS fix

2020-10-18 01:41:29 +02:00 · 2020-10-18 01:41:29 +02:00 · 34254a09e9
parent 81cff3648c
commit 34254a09e9
11 changed files with 100 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -48,7 +48,7 @@ Fooling automated tools/scanners :
    + [HTTP](#http)
    + [Custom certificate](#custom-certificate)
    + [Self-signed certificate](#self-signed-certificate)
-    + [Misc](#misc-1)
+    + [Misc](#misc)
  * [ModSecurity](#modsecurity)
  * [Security headers](#security-headers)
  * [Blocking](#blocking)
@ -59,13 +59,12 @@ Fooling automated tools/scanners :
    + [Custom blacklisting](#custom-blacklisting)
    + [Requests limiting](#requests-limiting)
    + [Countries](#countries)
-    + [Misc](#misc-2)
  * [PHP](#php)
    + [Remote PHP](#remote-php)
    + [Local PHP (will be removed)](#local-php--will-be-removed-)
  * [Fail2ban](#fail2ban)
  * [ClamAV](#clamav)
-  * [Misc](#misc-3)
+  * [Misc](#misc-2)
 - [Create your own image](#create-your-own-image)
 - [Include custom configurations](#include-custom-configurations)

@ -184,6 +183,11 @@ Default value : *yes*
 If set to yes, nginx will serve files from /www directory within the container.  
 A use case to not serving files is when you setup bunkerized-nginx as a reverse proxy via a custom configuration.

+`DNS_RESOLVERS`  
+Values : *\<two IP addresses separated with a space\>*  
+Default value : *127.0.0.11 8.8.8.8*  
+The IP addresses of the DNS resolvers to use when performing DNS lookups.
+
 `WRITE_ACCESS`  
 Values : *yes* | *no*  
 Default value : *no*  
@ -574,13 +578,6 @@ Values : *\<country code 1\> \<country code 2\> ...*
 Default value :  
 Block some countries from accessing your website. Use 2 letters country code separated with space.

-### Misc
-
-`DNS_RESOLVERS`  
-Values : *\<two IP addresses separated with a space\>*  
-Default value : *8.8.8.8 8.8.4.4*  
-The IP addresses of the DNS resolvers to use when performing reverse DNS lookups.
-
 ## PHP

 ### Remote PHP
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -126,7 +126,7 @@ USE_CUSTOM_HTTPS="${USE_CUSTOM_HTTPS-no}"
 ROOT_FOLDER="${ROOT_FOLDER-/www}"
 LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
 LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
-DNS_RESOLVERS="${DNS_RESOLVERS-8.8.8.8 8.8.4.4}"
+DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11 8.8.8.8}"
 USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
 WHITELIST_IP_LIST="${WHITELIST_IP_LIST-23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
 USE_WHITELIST_REVERSE="${USE_WHITELIST_REVERSE-yes}"
--- a/examples/basic-website-with-php/docker-compose.yml
+++ b/examples/basic-website-with-php/docker-compose.yml
@ -12,7 +12,7 @@ services:
      - ./web-files:/www
      - ./letsencrypt:/etc/letsencrypt
    environment:
-      - SERVER_NAME=www.website.com		# replace with your domain
+      - SERVER_NAME=www.website.com # replace with your domain
      - AUTO_LETS_ENCRYPT=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - DISABLE_DEFAULT_SERVER=yes
--- a/examples/behind-traefik/docker-compose.yml
+++ b/examples/behind-traefik/docker-compose.yml
@ -3,14 +3,15 @@ version: '3'
 services:

  mytraefik:
-    image: traefik
+    image: traefik:v1.7.26
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
-      - ./traefik:/etc/traefik
+      - ./traefik/traefik.toml:/traefik.toml
+      - ./traefik/acme.json:/acme.json

  mywww1:
    image: bunkerity/bunkerized-nginx
@ -24,7 +25,7 @@ services:
    labels:
      - 'traefik.enable=true'
      - 'traefik.port=80'
-      - 'traefik.frontend.rule=Host:web1.domain.com	# replace with your domain
+      - 'traefik.frontend.rule=Host:app1.website.com' # replace with your domain

  mywww2:
    image: bunkerity/bunkerized-nginx
@ -38,7 +39,7 @@ services:
    labels:
      - 'traefik.enable=true'
      - 'traefik.port=80'
-      - 'traefik.frontend.rule=Host:web2.domain.com	# replace with your domain
+      - 'traefik.frontend.rule=Host:app2.website.com' # replace with your domain

  myphp1:
    image: php:fpm
--- a/examples/behind-traefik/traefik/acme.json
+++ b/examples/behind-traefik/traefik/acme.json
--- a/examples/behind-traefik/traefik/traefik.tml
+++ b/examples/behind-traefik/traefik/traefik.tml
@ -1 +0,0 @@
-todo
--- a/examples/behind-traefik/traefik/traefik.toml
+++ b/examples/behind-traefik/traefik/traefik.toml
@ -0,0 +1,29 @@
+debug = false
+
+logLevel = "ERROR"
+defaultEntryPoints = ["https","http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+  [entryPoints.https.tls]
+
+[retry]
+
+[docker]
+endpoint = "unix:///var/run/docker.sock"
+domain = "website.com"
+watch = true
+exposedByDefault = false
+
+[acme]
+email = "contact@website.com"
+storage = "acme.json"
+entryPoint = "https"
+onHostRule = true
+[acme.httpChallenge]
+entryPoint = "http"
--- a/examples/reverse-proxy/docker-compose.yml
+++ b/examples/reverse-proxy/docker-compose.yml
@ -9,12 +9,28 @@ services:
      - 80:80
      - 443:443
    volumes:
-      - ./http-confs:/www
+      - ./letsencrypt:/etc/letsencrypt
+      - ./server-confs:/server-confs
    environment:
-      - SERVER_NAME=pma.domain.com app.domain.com	# replace with your domains
+      - SERVER_NAME=app1.website.com app2.website.com # replace with your domains
      - SERVE_FILES=no
      - DISABLE_DEFAULT_SERVER=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - AUTO_LETS_ENCRYPT=yes

-# TODO : pma + nodeJS ?
+  app1:
+    image: node
+    restart: always
+    working_dir: /home/node/app
+    volumes:
+      - ./js-app:/home/node/app
+    environment:
+      - NODE_ENV=production
+    command: bash -c "npm install express && node index.js"
+
+  app2:
+    image: phpmyadmin:apache
+    restart: always
+    environment:
+      - PMA_ARBITRARY=1
+      - PMA_ABSOLUTE_URI=https://app2.website.com
--- a/examples/reverse-proxy/js-app/index.js
+++ b/examples/reverse-proxy/js-app/index.js
@ -0,0 +1,12 @@
+const express = require('express')
+const app = express()
+const port = 3000
+
+app.get('/', (req, res) => {
+  res.send('Hello World!')
+})
+
+app.listen(port, () => {
+  console.log(`Example app listening at http://localhost:${port}`)
+})
+
--- a/examples/reverse-proxy/js-app/package.json
+++ b/examples/reverse-proxy/js-app/package.json
@ -0,0 +1,14 @@
+{
+  "name": "js-app",
+  "version": "1.0.0",
+  "description": "demo",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "express": "^4.17.1"
+  }
+}
--- a/examples/reverse-proxy/server-confs/reverse-proxy.conf
+++ b/examples/reverse-proxy/server-confs/reverse-proxy.conf
@ -0,0 +1,12 @@
+proxy_set_header Host $host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+location / {
+	if ($host = app1.website.com) {
+		proxy_pass http://app1:3000$request_uri;
+	}
+
+	if ($host = app2.website.com) {
+		proxy_pass http://app2$request_uri;
+	}
+}