examples and DNS_RESOLVERS fix

This commit is contained in:
bunkerity 2020-10-18 01:41:29 +02:00
parent 81cff3648c
commit 34254a09e9
11 changed files with 100 additions and 20 deletions

View file

@ -48,7 +48,7 @@ Fooling automated tools/scanners :
+ [HTTP](#http)
+ [Custom certificate](#custom-certificate)
+ [Self-signed certificate](#self-signed-certificate)
+ [Misc](#misc-1)
+ [Misc](#misc)
* [ModSecurity](#modsecurity)
* [Security headers](#security-headers)
* [Blocking](#blocking)
@ -59,13 +59,12 @@ Fooling automated tools/scanners :
+ [Custom blacklisting](#custom-blacklisting)
+ [Requests limiting](#requests-limiting)
+ [Countries](#countries)
+ [Misc](#misc-2)
* [PHP](#php)
+ [Remote PHP](#remote-php)
+ [Local PHP (will be removed)](#local-php--will-be-removed-)
* [Fail2ban](#fail2ban)
* [ClamAV](#clamav)
* [Misc](#misc-3)
* [Misc](#misc-2)
- [Create your own image](#create-your-own-image)
- [Include custom configurations](#include-custom-configurations)
@ -184,6 +183,11 @@ Default value : *yes*
If set to yes, nginx will serve files from /www directory within the container.
A use case to not serving files is when you setup bunkerized-nginx as a reverse proxy via a custom configuration.
`DNS_RESOLVERS`
Values : *\<two IP addresses separated with a space\>*
Default value : *127.0.0.11 8.8.8.8*
The IP addresses of the DNS resolvers to use when performing DNS lookups.
`WRITE_ACCESS`
Values : *yes* | *no*
Default value : *no*
@ -574,13 +578,6 @@ Values : *\<country code 1\> \<country code 2\> ...*
Default value :
Block some countries from accessing your website. Use 2 letters country code separated with space.
### Misc
`DNS_RESOLVERS`
Values : *\<two IP addresses separated with a space\>*
Default value : *8.8.8.8 8.8.4.4*
The IP addresses of the DNS resolvers to use when performing reverse DNS lookups.
## PHP
### Remote PHP

View file

@ -126,7 +126,7 @@ USE_CUSTOM_HTTPS="${USE_CUSTOM_HTTPS-no}"
ROOT_FOLDER="${ROOT_FOLDER-/www}"
LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
DNS_RESOLVERS="${DNS_RESOLVERS-8.8.8.8 8.8.4.4}"
DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11 8.8.8.8}"
USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
WHITELIST_IP_LIST="${WHITELIST_IP_LIST-23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
USE_WHITELIST_REVERSE="${USE_WHITELIST_REVERSE-yes}"

View file

@ -12,7 +12,7 @@ services:
- ./web-files:/www
- ./letsencrypt:/etc/letsencrypt
environment:
- SERVER_NAME=www.website.com # replace with your domain
- SERVER_NAME=www.website.com # replace with your domain
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes

View file

@ -3,14 +3,15 @@ version: '3'
services:
mytraefik:
image: traefik
image: traefik:v1.7.26
restart: always
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik
- ./traefik/traefik.toml:/traefik.toml
- ./traefik/acme.json:/acme.json
mywww1:
image: bunkerity/bunkerized-nginx
@ -24,7 +25,7 @@ services:
labels:
- 'traefik.enable=true'
- 'traefik.port=80'
- 'traefik.frontend.rule=Host:web1.domain.com # replace with your domain
- 'traefik.frontend.rule=Host:app1.website.com' # replace with your domain
mywww2:
image: bunkerity/bunkerized-nginx
@ -38,7 +39,7 @@ services:
labels:
- 'traefik.enable=true'
- 'traefik.port=80'
- 'traefik.frontend.rule=Host:web2.domain.com # replace with your domain
- 'traefik.frontend.rule=Host:app2.website.com' # replace with your domain
myphp1:
image: php:fpm

View file

@ -1 +0,0 @@
todo

View file

@ -0,0 +1,29 @@
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "website.com"
watch = true
exposedByDefault = false
[acme]
email = "contact@website.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

View file

@ -9,12 +9,28 @@ services:
- 80:80
- 443:443
volumes:
- ./http-confs:/www
- ./letsencrypt:/etc/letsencrypt
- ./server-confs:/server-confs
environment:
- SERVER_NAME=pma.domain.com app.domain.com # replace with your domains
- SERVER_NAME=app1.website.com app2.website.com # replace with your domains
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- AUTO_LETS_ENCRYPT=yes
# TODO : pma + nodeJS ?
app1:
image: node
restart: always
working_dir: /home/node/app
volumes:
- ./js-app:/home/node/app
environment:
- NODE_ENV=production
command: bash -c "npm install express && node index.js"
app2:
image: phpmyadmin:apache
restart: always
environment:
- PMA_ARBITRARY=1
- PMA_ABSOLUTE_URI=https://app2.website.com

View file

@ -0,0 +1,12 @@
const express = require('express')
const app = express()
const port = 3000
app.get('/', (req, res) => {
res.send('Hello World!')
})
app.listen(port, () => {
console.log(`Example app listening at http://localhost:${port}`)
})

View file

@ -0,0 +1,14 @@
{
"name": "js-app",
"version": "1.0.0",
"description": "demo",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"dependencies": {
"express": "^4.17.1"
}
}

View file

@ -0,0 +1,12 @@
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
if ($host = app1.website.com) {
proxy_pass http://app1:3000$request_uri;
}
if ($host = app2.website.com) {
proxy_pass http://app2$request_uri;
}
}