fixed bugs with MULTISITE variables and swarm example
This commit is contained in:
parent
afc6678855
commit
361c66ca61
|
@ -26,7 +26,7 @@ if [ "$MULTISITE" = "yes" ] ; then
|
|||
done
|
||||
for var in $(cut -d '=' -f 1 "${NGINX_PREFIX}nginx.env") ; do
|
||||
name=$(echo "$var")
|
||||
check=$(echo "$name" | grep "^$1_")
|
||||
check=$(echo "$name" | grep "^${1}_")
|
||||
if [ "$check" != "" ] ; then
|
||||
repl_name=$(echo "$name" | sed "s~${1}_~~")
|
||||
repl_value=$(env | grep -E "^${name}=" | sed "s~^${name}=~~")
|
||||
|
@ -60,38 +60,34 @@ replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS"
|
|||
# reverse proxy
|
||||
if [ "$USE_REVERSE_PROXY" = "yes" ] ; then
|
||||
i=1
|
||||
for var in $(compgen -e) ; do
|
||||
check1=$(echo "$var" | grep "^REVERSE_PROXY_URL")
|
||||
check2=$(echo "$var" | grep "^${1}_REVERSE_PROXY_URL")
|
||||
if [ "$check1" != "" ] || [ "$check2" != "" ] ; then
|
||||
name=$(echo "$var")
|
||||
value=$(echo "${!var}")
|
||||
host=$(echo "$name" | sed "s/URL/HOST/")
|
||||
host_value=$(env | grep "^${host}=" | sed "s/${host}=//")
|
||||
custom_headers=$(echo "$name" | sed "s/URL/HEADERS/")
|
||||
custom_headers_value=$(env | grep "^${host}=" | sed "s/${host}=//")
|
||||
ws=$(echo "$name" | sed "s/URL/WS/")
|
||||
ws_value=$(env | grep "^${ws}=" | sed "s/${ws}=//")
|
||||
cp "${NGINX_PREFIX}reverse-proxy.conf" "${NGINX_PREFIX}reverse-proxy-${i}.conf"
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_URL%" "$value"
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HOST%" "$host_value"
|
||||
if [ "$custom_headers_value" != "" ] ; then
|
||||
IFS_=$IFS
|
||||
IFS=';'
|
||||
for header_value in $(echo "$custom_headers_value") ; do
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" "more_set_headers $header_value;\n%REVERSE_PROXY_CUSTOM_HEADERS%"
|
||||
done
|
||||
IFS=$IFS_
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" ""
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HEADERS%" "include ${NGINX_PREFIX}reverse-proxy-headers.conf;"
|
||||
if [ "$ws_value" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" "proxy_http_version 1.1;\nproxy_set_header Upgrade \$http_upgrade;\nproxy_set_header Connection \"Upgrade\";\n"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" ""
|
||||
fi
|
||||
i=$(($i + 1))
|
||||
for var in $(set | cut -d '=' -f 1 | grep "^REVERSE_PROXY_URL") ; do
|
||||
url=$(echo "$var")
|
||||
url_value=$(echo "${!var}")
|
||||
host=$(echo "$var" | sed "s/URL/HOST/")
|
||||
host_value=$(echo "${!host}")
|
||||
custom_headers=$(echo "$var" | sed "s/URL/HEADERS/")
|
||||
custom_headers_value=$(echo "${!custom_headers}")
|
||||
ws=$(echo "$var" | sed "s/URL/WS/")
|
||||
ws_value=$(echo "${!ws}")
|
||||
cp "${NGINX_PREFIX}reverse-proxy.conf" "${NGINX_PREFIX}reverse-proxy-${i}.conf"
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_URL%" "$url_value"
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HOST%" "$host_value"
|
||||
if [ "$custom_headers_value" != "" ] ; then
|
||||
IFS_=$IFS
|
||||
IFS=';'
|
||||
for header_value in $(echo "$custom_headers_value") ; do
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" "more_set_headers $header_value;\n%REVERSE_PROXY_CUSTOM_HEADERS%"
|
||||
done
|
||||
IFS=$IFS_
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" ""
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HEADERS%" "include ${NGINX_PREFIX}reverse-proxy-headers.conf;"
|
||||
if [ "$ws_value" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" "proxy_http_version 1.1;\nproxy_set_header Upgrade \$http_upgrade;\nproxy_set_header Connection \"Upgrade\";\n"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" ""
|
||||
fi
|
||||
i=$(($i + 1))
|
||||
done
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "include ${NGINX_PREFIX}reverse-proxy-*.conf;"
|
||||
else
|
||||
|
|
|
@ -0,0 +1,97 @@
|
|||
version: '3.8'
|
||||
|
||||
services:
|
||||
|
||||
autoconf:
|
||||
image: bunkerity/bunkerized-nginx-autoconf
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /shared/confs:/etc/nginx
|
||||
- /shared/letsencrypt:/etc/letsencrypt
|
||||
- /shared/acme-challenge:/acme-challenge
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx
|
||||
networks:
|
||||
- net_config
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==manager"
|
||||
|
||||
nginx:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
ports:
|
||||
- published: 80
|
||||
target: 8080
|
||||
mode: host
|
||||
protocol: tcp
|
||||
- published: 443
|
||||
target: 8443
|
||||
mode: host
|
||||
protocol: tcp
|
||||
volumes:
|
||||
- /shared/confs:/etc/nginx:ro
|
||||
- /shared/letsencrypt:/etc/letsencrypt:ro
|
||||
- /shared/acme-challenge:/acme-challenge:ro
|
||||
- /shared/www:/www:ro
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- USE_API=yes
|
||||
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from autoconf
|
||||
- MULTISITE=yes
|
||||
- SERVER_NAME=
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
networks:
|
||||
- net_config
|
||||
- net_services
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- "bunkerized-nginx.AUTOCONF"
|
||||
|
||||
app1:
|
||||
image: php:fpm-alpine
|
||||
volumes:
|
||||
- /shared/www/app1.website.com:/www
|
||||
networks:
|
||||
- net_services
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app1.website.com"
|
||||
- "bunkerized-nginx.REMOTE_PHP=php"
|
||||
- "bunkerized-nginx.REMOTE_PHP_PATH=/www"
|
||||
|
||||
app2:
|
||||
image: phpmyadmin:apache
|
||||
environment:
|
||||
- PMA_ARBITRARY=1
|
||||
- PMA_ABSOLUTE_URI=https://app2.website.com
|
||||
networks:
|
||||
- net_services
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app2.website.com"
|
||||
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2"
|
||||
|
||||
networks:
|
||||
net_config:
|
||||
driver: overlay
|
||||
net_services:
|
||||
driver: overlay
|
|
@ -10,9 +10,6 @@ COPY entrypoint/* /opt/entrypoint/
|
|||
COPY ui/ /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
EXPOSE 5000
|
||||
|
|
|
@ -10,9 +10,6 @@ COPY entrypoint/* /opt/entrypoint/
|
|||
COPY ui/ /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
EXPOSE 5000
|
||||
|
|
|
@ -17,9 +17,6 @@ COPY entrypoint/* /opt/entrypoint/
|
|||
COPY ui/ /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
EXPOSE 5000
|
||||
|
|
|
@ -17,9 +17,6 @@ COPY entrypoint/* /opt/entrypoint/
|
|||
COPY ui/ /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
EXPOSE 5000
|
||||
|
|
|
@ -10,9 +10,6 @@ COPY entrypoint/* /opt/entrypoint/
|
|||
COPY ui/ /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
EXPOSE 5000
|
||||
|
|
Loading…
Reference in New Issue