examples and DNS_RESOLVERS fix

README.md

@@ -48,7 +48,7 @@ Fooling automated tools/scanners :
     + [HTTP](#http)
     + [Custom certificate](#custom-certificate)
     + [Self-signed certificate](#self-signed-certificate)
-    + [Misc](#misc-1)
+    + [Misc](#misc)
   * [ModSecurity](#modsecurity)
   * [Security headers](#security-headers)
   * [Blocking](#blocking)
@@ -59,13 +59,12 @@ Fooling automated tools/scanners :
     + [Custom blacklisting](#custom-blacklisting)
     + [Requests limiting](#requests-limiting)
     + [Countries](#countries)
-    + [Misc](#misc-2)
   * [PHP](#php)
     + [Remote PHP](#remote-php)
     + [Local PHP (will be removed)](#local-php--will-be-removed-)
   * [Fail2ban](#fail2ban)
   * [ClamAV](#clamav)
-  * [Misc](#misc-3)
+  * [Misc](#misc-2)
 - [Create your own image](#create-your-own-image)
 - [Include custom configurations](#include-custom-configurations)
 
@@ -184,6 +183,11 @@ Default value : *yes*
 If set to yes, nginx will serve files from /www directory within the container.  
 A use case to not serving files is when you setup bunkerized-nginx as a reverse proxy via a custom configuration.
 
+`DNS_RESOLVERS`  
+Values : *\<two IP addresses separated with a space\>*  
+Default value : *127.0.0.11 8.8.8.8*  
+The IP addresses of the DNS resolvers to use when performing DNS lookups.
+
 `WRITE_ACCESS`  
 Values : *yes* | *no*  
 Default value : *no*  
@@ -574,13 +578,6 @@ Values : *\<country code 1\> \<country code 2\> ...*
 Default value :  
 Block some countries from accessing your website. Use 2 letters country code separated with space.
 
-### Misc
-
-`DNS_RESOLVERS`  
-Values : *\<two IP addresses separated with a space\>*  
-Default value : *8.8.8.8 8.8.4.4*  
-The IP addresses of the DNS resolvers to use when performing reverse DNS lookups.
-
 ## PHP
 
 ### Remote PHP

entrypoint.sh

@@ -126,7 +126,7 @@ USE_CUSTOM_HTTPS="${USE_CUSTOM_HTTPS-no}"
 ROOT_FOLDER="${ROOT_FOLDER-/www}"
 LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
 LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
-DNS_RESOLVERS="${DNS_RESOLVERS-8.8.8.8 8.8.4.4}"
+DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11 8.8.8.8}"
 USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
 WHITELIST_IP_LIST="${WHITELIST_IP_LIST-23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
 USE_WHITELIST_REVERSE="${USE_WHITELIST_REVERSE-yes}"

examples/basic-website-with-php/docker-compose.yml

@@ -12,7 +12,7 @@ services:
       - ./web-files:/www
       - ./letsencrypt:/etc/letsencrypt
     environment:
-      - SERVER_NAME=www.website.com		# replace with your domain
+      - SERVER_NAME=www.website.com # replace with your domain
       - AUTO_LETS_ENCRYPT=yes
       - REDIRECT_HTTP_TO_HTTPS=yes
       - DISABLE_DEFAULT_SERVER=yes

examples/behind-traefik/docker-compose.yml

@@ -3,14 +3,15 @@ version: '3'
 services:
 
   mytraefik:
-    image: traefik
+    image: traefik:v1.7.26
     restart: always
     ports:
       - 80:80
       - 443:443
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - ./traefik:/etc/traefik
+      - ./traefik/traefik.toml:/traefik.toml
+      - ./traefik/acme.json:/acme.json
 
   mywww1:
     image: bunkerity/bunkerized-nginx
@@ -24,7 +25,7 @@ services:
     labels:
       - 'traefik.enable=true'
       - 'traefik.port=80'
-      - 'traefik.frontend.rule=Host:web1.domain.com	# replace with your domain
+      - 'traefik.frontend.rule=Host:app1.website.com' # replace with your domain
 
   mywww2:
     image: bunkerity/bunkerized-nginx
@@ -38,7 +39,7 @@ services:
     labels:
       - 'traefik.enable=true'
       - 'traefik.port=80'
-      - 'traefik.frontend.rule=Host:web2.domain.com	# replace with your domain
+      - 'traefik.frontend.rule=Host:app2.website.com' # replace with your domain
 
   myphp1:
     image: php:fpm

examples/behind-traefik/traefik/traefik.tml

@@ -1 +0,0 @@
-todo

examples/behind-traefik/traefik/traefik.toml

@@ -0,0 +1,29 @@
+debug = false
+
+logLevel = "ERROR"
+defaultEntryPoints = ["https","http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+  [entryPoints.https.tls]
+
+[retry]
+
+[docker]
+endpoint = "unix:///var/run/docker.sock"
+domain = "website.com"
+watch = true
+exposedByDefault = false
+
+[acme]
+email = "contact@website.com"
+storage = "acme.json"
+entryPoint = "https"
+onHostRule = true
+[acme.httpChallenge]
+entryPoint = "http"

examples/reverse-proxy/docker-compose.yml

@@ -9,12 +9,28 @@ services:
       - 80:80
       - 443:443
     volumes:
-      - ./http-confs:/www
+      - ./letsencrypt:/etc/letsencrypt
+      - ./server-confs:/server-confs
     environment:
-      - SERVER_NAME=pma.domain.com app.domain.com	# replace with your domains
+      - SERVER_NAME=app1.website.com app2.website.com # replace with your domains
       - SERVE_FILES=no
       - DISABLE_DEFAULT_SERVER=yes
       - REDIRECT_HTTP_TO_HTTPS=yes
       - AUTO_LETS_ENCRYPT=yes
 
-# TODO : pma + nodeJS ?
+  app1:
+    image: node
+    restart: always
+    working_dir: /home/node/app
+    volumes:
+      - ./js-app:/home/node/app
+    environment:
+      - NODE_ENV=production
+    command: bash -c "npm install express && node index.js"
+
+  app2:
+    image: phpmyadmin:apache
+    restart: always
+    environment:
+      - PMA_ARBITRARY=1
+      - PMA_ABSOLUTE_URI=https://app2.website.com

examples/reverse-proxy/js-app/index.js

@@ -0,0 +1,12 @@
+const express = require('express')
+const app = express()
+const port = 3000
+
+app.get('/', (req, res) => {
+  res.send('Hello World!')
+})
+
+app.listen(port, () => {
+  console.log(`Example app listening at http://localhost:${port}`)
+})
+

examples/reverse-proxy/js-app/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "js-app",
+  "version": "1.0.0",
+  "description": "demo",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "express": "^4.17.1"
+  }
+}

examples/reverse-proxy/server-confs/reverse-proxy.conf

@@ -0,0 +1,12 @@
+proxy_set_header Host $host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+location / {
+	if ($host = app1.website.com) {
+		proxy_pass http://app1:3000$request_uri;
+	}
+
+	if ($host = app2.website.com) {
+		proxy_pass http://app2$request_uri;
+	}
+}