mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
examples and DNS_RESOLVERS fix
This commit is contained in:
parent
81cff3648c
commit
34254a09e9
11 changed files with 100 additions and 20 deletions
17
README.md
17
README.md
|
@ -48,7 +48,7 @@ Fooling automated tools/scanners :
|
||||||
+ [HTTP](#http)
|
+ [HTTP](#http)
|
||||||
+ [Custom certificate](#custom-certificate)
|
+ [Custom certificate](#custom-certificate)
|
||||||
+ [Self-signed certificate](#self-signed-certificate)
|
+ [Self-signed certificate](#self-signed-certificate)
|
||||||
+ [Misc](#misc-1)
|
+ [Misc](#misc)
|
||||||
* [ModSecurity](#modsecurity)
|
* [ModSecurity](#modsecurity)
|
||||||
* [Security headers](#security-headers)
|
* [Security headers](#security-headers)
|
||||||
* [Blocking](#blocking)
|
* [Blocking](#blocking)
|
||||||
|
@ -59,13 +59,12 @@ Fooling automated tools/scanners :
|
||||||
+ [Custom blacklisting](#custom-blacklisting)
|
+ [Custom blacklisting](#custom-blacklisting)
|
||||||
+ [Requests limiting](#requests-limiting)
|
+ [Requests limiting](#requests-limiting)
|
||||||
+ [Countries](#countries)
|
+ [Countries](#countries)
|
||||||
+ [Misc](#misc-2)
|
|
||||||
* [PHP](#php)
|
* [PHP](#php)
|
||||||
+ [Remote PHP](#remote-php)
|
+ [Remote PHP](#remote-php)
|
||||||
+ [Local PHP (will be removed)](#local-php--will-be-removed-)
|
+ [Local PHP (will be removed)](#local-php--will-be-removed-)
|
||||||
* [Fail2ban](#fail2ban)
|
* [Fail2ban](#fail2ban)
|
||||||
* [ClamAV](#clamav)
|
* [ClamAV](#clamav)
|
||||||
* [Misc](#misc-3)
|
* [Misc](#misc-2)
|
||||||
- [Create your own image](#create-your-own-image)
|
- [Create your own image](#create-your-own-image)
|
||||||
- [Include custom configurations](#include-custom-configurations)
|
- [Include custom configurations](#include-custom-configurations)
|
||||||
|
|
||||||
|
@ -184,6 +183,11 @@ Default value : *yes*
|
||||||
If set to yes, nginx will serve files from /www directory within the container.
|
If set to yes, nginx will serve files from /www directory within the container.
|
||||||
A use case to not serving files is when you setup bunkerized-nginx as a reverse proxy via a custom configuration.
|
A use case to not serving files is when you setup bunkerized-nginx as a reverse proxy via a custom configuration.
|
||||||
|
|
||||||
|
`DNS_RESOLVERS`
|
||||||
|
Values : *\<two IP addresses separated with a space\>*
|
||||||
|
Default value : *127.0.0.11 8.8.8.8*
|
||||||
|
The IP addresses of the DNS resolvers to use when performing DNS lookups.
|
||||||
|
|
||||||
`WRITE_ACCESS`
|
`WRITE_ACCESS`
|
||||||
Values : *yes* | *no*
|
Values : *yes* | *no*
|
||||||
Default value : *no*
|
Default value : *no*
|
||||||
|
@ -574,13 +578,6 @@ Values : *\<country code 1\> \<country code 2\> ...*
|
||||||
Default value :
|
Default value :
|
||||||
Block some countries from accessing your website. Use 2 letters country code separated with space.
|
Block some countries from accessing your website. Use 2 letters country code separated with space.
|
||||||
|
|
||||||
### Misc
|
|
||||||
|
|
||||||
`DNS_RESOLVERS`
|
|
||||||
Values : *\<two IP addresses separated with a space\>*
|
|
||||||
Default value : *8.8.8.8 8.8.4.4*
|
|
||||||
The IP addresses of the DNS resolvers to use when performing reverse DNS lookups.
|
|
||||||
|
|
||||||
## PHP
|
## PHP
|
||||||
|
|
||||||
### Remote PHP
|
### Remote PHP
|
||||||
|
|
|
@ -126,7 +126,7 @@ USE_CUSTOM_HTTPS="${USE_CUSTOM_HTTPS-no}"
|
||||||
ROOT_FOLDER="${ROOT_FOLDER-/www}"
|
ROOT_FOLDER="${ROOT_FOLDER-/www}"
|
||||||
LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
|
LOGROTATE_MINSIZE="${LOGROTATE_MINSIZE-10M}"
|
||||||
LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
|
LOGROTATE_MAXAGE="${LOGROTATE_MAXAGE-7}"
|
||||||
DNS_RESOLVERS="${DNS_RESOLVERS-8.8.8.8 8.8.4.4}"
|
DNS_RESOLVERS="${DNS_RESOLVERS-127.0.0.11 8.8.8.8}"
|
||||||
USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
|
USE_WHITELIST_IP="${USE_WHITELIST_IP-yes}"
|
||||||
WHITELIST_IP_LIST="${WHITELIST_IP_LIST-23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
|
WHITELIST_IP_LIST="${WHITELIST_IP_LIST-23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8}"
|
||||||
USE_WHITELIST_REVERSE="${USE_WHITELIST_REVERSE-yes}"
|
USE_WHITELIST_REVERSE="${USE_WHITELIST_REVERSE-yes}"
|
||||||
|
|
|
@ -3,14 +3,15 @@ version: '3'
|
||||||
services:
|
services:
|
||||||
|
|
||||||
mytraefik:
|
mytraefik:
|
||||||
image: traefik
|
image: traefik:v1.7.26
|
||||||
restart: always
|
restart: always
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- ./traefik:/etc/traefik
|
- ./traefik/traefik.toml:/traefik.toml
|
||||||
|
- ./traefik/acme.json:/acme.json
|
||||||
|
|
||||||
mywww1:
|
mywww1:
|
||||||
image: bunkerity/bunkerized-nginx
|
image: bunkerity/bunkerized-nginx
|
||||||
|
@ -24,7 +25,7 @@ services:
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.enable=true'
|
- 'traefik.enable=true'
|
||||||
- 'traefik.port=80'
|
- 'traefik.port=80'
|
||||||
- 'traefik.frontend.rule=Host:web1.domain.com # replace with your domain
|
- 'traefik.frontend.rule=Host:app1.website.com' # replace with your domain
|
||||||
|
|
||||||
mywww2:
|
mywww2:
|
||||||
image: bunkerity/bunkerized-nginx
|
image: bunkerity/bunkerized-nginx
|
||||||
|
@ -38,7 +39,7 @@ services:
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.enable=true'
|
- 'traefik.enable=true'
|
||||||
- 'traefik.port=80'
|
- 'traefik.port=80'
|
||||||
- 'traefik.frontend.rule=Host:web2.domain.com # replace with your domain
|
- 'traefik.frontend.rule=Host:app2.website.com' # replace with your domain
|
||||||
|
|
||||||
myphp1:
|
myphp1:
|
||||||
image: php:fpm
|
image: php:fpm
|
||||||
|
|
0
examples/behind-traefik/traefik/acme.json
Normal file
0
examples/behind-traefik/traefik/acme.json
Normal file
|
@ -1 +0,0 @@
|
||||||
todo
|
|
29
examples/behind-traefik/traefik/traefik.toml
Normal file
29
examples/behind-traefik/traefik/traefik.toml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
debug = false
|
||||||
|
|
||||||
|
logLevel = "ERROR"
|
||||||
|
defaultEntryPoints = ["https","http"]
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.http]
|
||||||
|
address = ":80"
|
||||||
|
[entryPoints.http.redirect]
|
||||||
|
entryPoint = "https"
|
||||||
|
[entryPoints.https]
|
||||||
|
address = ":443"
|
||||||
|
[entryPoints.https.tls]
|
||||||
|
|
||||||
|
[retry]
|
||||||
|
|
||||||
|
[docker]
|
||||||
|
endpoint = "unix:///var/run/docker.sock"
|
||||||
|
domain = "website.com"
|
||||||
|
watch = true
|
||||||
|
exposedByDefault = false
|
||||||
|
|
||||||
|
[acme]
|
||||||
|
email = "contact@website.com"
|
||||||
|
storage = "acme.json"
|
||||||
|
entryPoint = "https"
|
||||||
|
onHostRule = true
|
||||||
|
[acme.httpChallenge]
|
||||||
|
entryPoint = "http"
|
|
@ -9,12 +9,28 @@ services:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
volumes:
|
volumes:
|
||||||
- ./http-confs:/www
|
- ./letsencrypt:/etc/letsencrypt
|
||||||
|
- ./server-confs:/server-confs
|
||||||
environment:
|
environment:
|
||||||
- SERVER_NAME=pma.domain.com app.domain.com # replace with your domains
|
- SERVER_NAME=app1.website.com app2.website.com # replace with your domains
|
||||||
- SERVE_FILES=no
|
- SERVE_FILES=no
|
||||||
- DISABLE_DEFAULT_SERVER=yes
|
- DISABLE_DEFAULT_SERVER=yes
|
||||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||||
- AUTO_LETS_ENCRYPT=yes
|
- AUTO_LETS_ENCRYPT=yes
|
||||||
|
|
||||||
# TODO : pma + nodeJS ?
|
app1:
|
||||||
|
image: node
|
||||||
|
restart: always
|
||||||
|
working_dir: /home/node/app
|
||||||
|
volumes:
|
||||||
|
- ./js-app:/home/node/app
|
||||||
|
environment:
|
||||||
|
- NODE_ENV=production
|
||||||
|
command: bash -c "npm install express && node index.js"
|
||||||
|
|
||||||
|
app2:
|
||||||
|
image: phpmyadmin:apache
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- PMA_ARBITRARY=1
|
||||||
|
- PMA_ABSOLUTE_URI=https://app2.website.com
|
||||||
|
|
12
examples/reverse-proxy/js-app/index.js
Normal file
12
examples/reverse-proxy/js-app/index.js
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
const express = require('express')
|
||||||
|
const app = express()
|
||||||
|
const port = 3000
|
||||||
|
|
||||||
|
app.get('/', (req, res) => {
|
||||||
|
res.send('Hello World!')
|
||||||
|
})
|
||||||
|
|
||||||
|
app.listen(port, () => {
|
||||||
|
console.log(`Example app listening at http://localhost:${port}`)
|
||||||
|
})
|
||||||
|
|
14
examples/reverse-proxy/js-app/package.json
Normal file
14
examples/reverse-proxy/js-app/package.json
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "js-app",
|
||||||
|
"version": "1.0.0",
|
||||||
|
"description": "demo",
|
||||||
|
"main": "index.js",
|
||||||
|
"scripts": {
|
||||||
|
"test": "echo \"Error: no test specified\" && exit 1"
|
||||||
|
},
|
||||||
|
"author": "",
|
||||||
|
"license": "ISC",
|
||||||
|
"dependencies": {
|
||||||
|
"express": "^4.17.1"
|
||||||
|
}
|
||||||
|
}
|
12
examples/reverse-proxy/server-confs/reverse-proxy.conf
Normal file
12
examples/reverse-proxy/server-confs/reverse-proxy.conf
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
if ($host = app1.website.com) {
|
||||||
|
proxy_pass http://app1:3000$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($host = app2.website.com) {
|
||||||
|
proxy_pass http://app2$request_uri;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue