Update the docs from dev
This commit is contained in:
parent
5a8f812560
commit
3ec15eb4b0
File diff suppressed because one or more lines are too long
After Width: | Height: | Size: 42 KiB |
|
@ -0,0 +1,441 @@
|
|||
****** INTEGRATIONS ******
|
||||
=== "RHEL"
|
||||
|
||||
The first step is to add NGINX official repository. Create the following file at `/etc/yum.repos.d/nginx.repo` :
|
||||
```conf
|
||||
[nginx-stable]
|
||||
name=nginx stable repo
|
||||
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
|
||||
gpgcheck=1
|
||||
enabled=1
|
||||
gpgkey=https://nginx.org/keys/nginx_signing.key
|
||||
module_hotfixes=true
|
||||
```
|
||||
|
||||
You should now be able to install NGINX 1.20.2 :
|
||||
```shell
|
||||
sudo dnf install nginx-1.20.2
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.4.4 :
|
||||
```shell
|
||||
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
rpm -Uvh epel-release*rpm && \
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
|
||||
sudo dnf check-update && \
|
||||
sudo dnf install -y bunkerweb-1.4.4
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
|
||||
```shell
|
||||
sudo dnf versionlock add nginx && \
|
||||
sudo dnf versionlock add bunkerweb
|
||||
```
|
||||
|
||||
## Vagrant
|
||||
|
||||
<figure markdown>
|
||||
![Overwiew](assets/img/integration-ansible.svg){ align=center }
|
||||
<figcaption>Vagrant integration</figcaption>
|
||||
</figure>
|
||||
|
||||
List of supported Linux distros :
|
||||
|
||||
- Ubuntu 22.04 "Jammy"
|
||||
|
||||
[Vagrant](https://www.vagrantup.com/docs) is a tool for building and managing virtual machine environments in a single workflow. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases production parity, and makes the "works on my machine" excuse a relic of the past.
|
||||
|
||||
A specific BunkerWeb box is available on vagrantup.
|
||||
|
||||
First of all download the box from vagrantup : ```shell vagrant box add bunkerity/bunkerity```
|
||||
|
||||
Then an list of boxes should appear, select the one whith your provider (virtualbox, vmware, libvirt).
|
||||
|
||||
This will download the box named bunkerity/bunkerity from [HashiCorp's Vagrant Cloud box catalog](https://vagrantcloud.com/boxes/search), where you can find and host boxes.
|
||||
|
||||
Now you've added a box to Vagrant either by initializing or adding it explicitly, you need to configure your project to use it as a base.
|
||||
For initializing a new Vagrant project, you can use the `vagrant init bunkerity/bunkerity` command. This will create a Vagrantfile in the current directory.
|
||||
|
||||
Open the Vagrantfile and replace the contents with the following.
|
||||
|
||||
```shell
|
||||
Vagrant.configure("2") do |config|
|
||||
config.vm.box = "bunkerity/bunkerity"
|
||||
end
|
||||
```
|
||||
|
||||
Vagrant will automatically download the box in his latest version and add it to your Vagrant environment. If you want to use a specific version of the box, you can use the `config.vm.box_version` option.
|
||||
|
||||
For exemple:
|
||||
|
||||
```shell
|
||||
Vagrant.configure("2") do |config|
|
||||
config.vm.box = "bunkerity/bunkerity"
|
||||
config.vm.box_version = "1.4.2"
|
||||
end
|
||||
```
|
||||
|
||||
Now you can start the box :
|
||||
```shell
|
||||
vagrant up
|
||||
```
|
||||
|
||||
And then connect to it :
|
||||
```shell
|
||||
vagrant ssh
|
||||
```
|
||||
|
||||
****** QUICKSTART ******
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
|
||||
|
||||
The following command will run a basic HTTP server on the port 8000 and deliver the files in the current directory :
|
||||
```shell
|
||||
python3 -m http.server -b 127.0.0.1
|
||||
```
|
||||
|
||||
Configuration of BunkerWeb is done by editing the `/etc/bunkerweb/variables.env` file.
|
||||
|
||||
Connect to your vagrant machine :
|
||||
```shell
|
||||
vagrant ssh
|
||||
```
|
||||
|
||||
And then you can edit the `variables.env` file in your host machine like this :
|
||||
|
||||
```conf
|
||||
SERVER_NAME=www.example.com
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
USE_REVERSE_PROXY=yes
|
||||
REVERSE_PROXY_URL=/
|
||||
REVERSE_PROXY_HOST=http://127.0.0.1:8000
|
||||
```
|
||||
|
||||
If it's already running we can restart it :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
Otherwise, we will need to start it :
|
||||
```shell
|
||||
systemctl start bunkerweb
|
||||
```
|
||||
|
||||
Let's check the status of BunkerWeb :
|
||||
```shell
|
||||
systemctl status bunkerweb
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#Vagrant) stack running on your machine with some web applications running on the same machine as BunkerWeb.
|
||||
|
||||
Let's assume that you have some web applications running on the same machine as BunkerWeb :
|
||||
|
||||
=== "App #1"
|
||||
The following command will run a basic HTTP server on the port 8001 and deliver the files in the current directory :
|
||||
```shell
|
||||
python3 -m http.server -b 127.0.0.1 8001
|
||||
```
|
||||
|
||||
=== "App #2"
|
||||
The following command will run a basic HTTP server on the port 8002 and deliver the files in the current directory :
|
||||
```shell
|
||||
python3 -m http.server -b 127.0.0.1 8002
|
||||
```
|
||||
|
||||
=== "App #3"
|
||||
The following command will run a basic HTTP server on the port 8003 and deliver the files in the current directory :
|
||||
```shell
|
||||
python3 -m http.server -b 127.0.0.1 8003
|
||||
```
|
||||
|
||||
Connect to your vagrant machine :
|
||||
```shell
|
||||
vagrant ssh
|
||||
```
|
||||
|
||||
Configuration of BunkerWeb is done by editing the /etc/bunkerweb/variables.env file :
|
||||
```conf
|
||||
SERVER_NAME=app1.example.com app2.example.com app3.example.com
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
MULTISITE=yes
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
USE_REVERSE_PROXY=yes
|
||||
REVERSE_PROXY_URL=/
|
||||
app1.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8001
|
||||
app2.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8002
|
||||
app3.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8003
|
||||
```
|
||||
|
||||
If it's already running we can restart it :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
Otherwise, we will need to start it :
|
||||
```shell
|
||||
systemctl start bunkerweb
|
||||
```
|
||||
|
||||
Let's check the status of BunkerWeb :
|
||||
```shell
|
||||
systemctl status bunkerweb
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
You will need to add the settings to the `/etc/bunkerweb/variables.env` file :
|
||||
|
||||
```conf
|
||||
...
|
||||
USE_REAL_IP=yes
|
||||
REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16
|
||||
REAL_IP_HEADER=X-Forwarded-For
|
||||
...
|
||||
```
|
||||
|
||||
Don't forget to restart the BunkerWeb service once it's done.
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
You will need to add the settings to the `/etc/bunkerweb/variables.env` file :
|
||||
|
||||
```conf
|
||||
...
|
||||
USE_REAL_IP=yes
|
||||
USE_PROXY_PROTOCOL=yes
|
||||
REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16
|
||||
REAL_IP_HEADER=proxy_protocol
|
||||
...
|
||||
```
|
||||
|
||||
Don't forget to restart the BunkerWeb service once it's done.
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
When using the [Vagrant integration](/1.4/integrations/#vagrant), custom configurations must be written to the `/etc/bunkerweb/configs` folder.
|
||||
|
||||
Here is an example for server-http/hello-world.conf :
|
||||
```conf
|
||||
location /hello {
|
||||
default_type 'text/plain';
|
||||
content_by_lua_block {
|
||||
ngx.say('world')
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Because BunkerWeb runs as an unprivileged user (nginx:nginx), you will need to edit the permissions :
|
||||
```shell
|
||||
chown -R root:nginx /etc/bunkerweb/configs && \
|
||||
chmod -R 770 /etc/bunkerweb/configs
|
||||
```
|
||||
|
||||
Don't forget to restart the BunkerWeb service once it's done.
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
|
||||
|
||||
By default, BunkerWeb will search for web files inside the `/var/www/html` folder. You can use it to store your PHP application. Please note that you will need to configure your PHP-FPM service to get or set the user/group of the running processes and the UNIX socket file used to communicate with BunkerWeb.
|
||||
|
||||
First of all, you will need to make sure that your PHP-FPM instance can access the files inside the `/var/www/html` folder and also that BunkerWeb can access the UNIX socket file in order to communicate with PHP-FPM. We recommend to set a different user like `www-data` for the PHP-FPM service and to give the nginx group access to the UNIX socket file. Here is corresponding PHP-FPM configuration :
|
||||
```ini
|
||||
...
|
||||
[www]
|
||||
user = www-data
|
||||
group = www-data
|
||||
listen = /run/php/php-fpm.sock
|
||||
listen.owner = www-data
|
||||
listen.group = nginx
|
||||
listen.mode = 0660
|
||||
...
|
||||
```
|
||||
|
||||
Don't forget to restart your PHP-FPM service :
|
||||
```shell
|
||||
systemctl restart php8.1-fpm
|
||||
```
|
||||
|
||||
Once your application is copied to the `/var/www/html` folder, you will need to fix the permissions so BunkerWeb (user/group nginx) can at least read files and list folders and PHP-FPM (user/group www-data) is the owner of the files and folders :
|
||||
```shell
|
||||
chown -R www-data:nginx /var/www/html && \
|
||||
find /var/www/html -type f -exec chmod 0640 {} \; && \
|
||||
find /var/www/html -type d -exec chmod 0750 {} \;
|
||||
```
|
||||
|
||||
You can now edit the `/etc/bunkerweb/variable.env` file :
|
||||
```env
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
SERVER_NAME=www.example.com
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
LOCAL_PHP=/run/php/php-fpm.sock
|
||||
LOCAL_PHP_PATH=/var/www/html/
|
||||
```
|
||||
|
||||
Let's check the status of BunkerWeb :
|
||||
```shell
|
||||
systemctl status bunkerweb
|
||||
```
|
||||
If it's already running we can restart it :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
Otherwise, we will need to start it :
|
||||
```shell
|
||||
systemctl start bunkerweb
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
|
||||
|
||||
By default, BunkerWeb will search for web files inside the `/var/www/html` folder. You can use it to store your PHP applications : each application will be in its own subfolder named the same as the primary server name. Please note that you will need to configure your PHP-FPM service to get or set the user/group of the running processes and the UNIX socket file used to communicate with BunkerWeb.
|
||||
|
||||
First of all, you will need to make sure that your PHP-FPM instance can access the files inside the `/var/www/html` folder and also that BunkerWeb can access the UNIX socket file in order to communicate with PHP-FPM. We recommend to set a different user like `www-data` for the PHP-FPM service and to give the nginx group access to the UNIX socket file. Here is corresponding PHP-FPM configuration :
|
||||
```ini
|
||||
...
|
||||
[www]
|
||||
user = www-data
|
||||
group = www-data
|
||||
listen = /run/php/php-fpm.sock
|
||||
listen.owner = www-data
|
||||
listen.group = nginx
|
||||
listen.mode = 0660
|
||||
...
|
||||
```
|
||||
|
||||
Don't forget to restart your PHP-FPM service :
|
||||
```shell
|
||||
systemctl restart php8.1-fpm
|
||||
```
|
||||
|
||||
Once your application is copied to the `/var/www/html` folder, you will need to fix the permissions so BunkerWeb (user/group nginx) can at least read files and list folders and PHP-FPM (user/group www-data) is the owner of the files and folders :
|
||||
```shell
|
||||
chown -R www-data:nginx /var/www/html && \
|
||||
find /var/www/html -type f -exec chmod 0640 {} \; && \
|
||||
find /var/www/html -type d -exec chmod 0750 {} \;
|
||||
```
|
||||
|
||||
You can now edit the `/etc/bunkerweb/variable.env` file :
|
||||
```env
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
SERVER_NAME=app1.example.com app2.example.com app3.example.com
|
||||
MULTISITE=yes
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
app1.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||
app1.example.com_LOCAL_PHP_PATH=/var/www/html/app1.example.com
|
||||
app2.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||
app2.example.com_LOCAL_PHP_PATH=/var/www/html/app2.example.com
|
||||
app3.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||
app3.example.com_LOCAL_PHP_PATH=/var/www/html/app3.example.com
|
||||
```
|
||||
|
||||
Let's check the status of BunkerWeb :
|
||||
```shell
|
||||
systemctl status bunkerweb
|
||||
```
|
||||
If it's already running we can restart it :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
Otherwise, we will need to start it :
|
||||
```shell
|
||||
systemctl start bunkerweb
|
||||
```
|
||||
|
||||
****** PLUGINS ******
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
When using the [Linux integration](/1.4/integrations/#linux), plugins must be written to the `/etc/bunkerweb/plugins` folder :
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* /data/plugins
|
||||
```
|
||||
|
||||
****** UI ******
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
The installation of the web UI using the [Vagrant integration](/1.4/integrations/#vagrant) is pretty straightforward because it is installed with BunkerWeb.
|
||||
|
||||
The first thing to do is to edit the BunkerWeb configuration located at **/etc/bunkerweb/variables.env** to add settings related to the web UI :
|
||||
```conf
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
...
|
||||
SERVER_NAME=bwadm.example.com
|
||||
MULTISITE=yes
|
||||
USE_API=yes
|
||||
API_WHITELIST_IP=127.0.0.0/8
|
||||
bwadm.example.com_USE_UI=yes
|
||||
bwadm.example.com_USE_REVERSE_PROXY=yes
|
||||
bwadm.example.com_REVERSE_PROXY_URL=/changeme/
|
||||
bwadm.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
|
||||
bwadm.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
...
|
||||
```
|
||||
|
||||
Important things to note :
|
||||
|
||||
* `bwadm.example.com` is the dedicated (sub)domain for accessing the web UI
|
||||
* replace the `/changeme` URLs with a custom one of your choice
|
||||
|
||||
Once the configuration file is edited, you will need to restart BunkerWeb :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
You can edit the **/etc/bunkerweb/ui.env** file containing the settings of the web UI :
|
||||
```conf
|
||||
ADMIN_USERNAME=admin
|
||||
ADMIN_PASSWORD=changeme
|
||||
ABSOLUTE_URI=http(s)://bwadm.example.com/changeme/
|
||||
```
|
||||
|
||||
Important things to note :
|
||||
|
||||
* `http(s)://bwadmin.example.com/changeme/` is the full base URL of the web UI (must match the sub(domain) and /changeme URL used in **/etc/bunkerweb/variables.env**)
|
||||
* replace the username `admin` and password `changeme` with strong ones
|
||||
|
||||
Restart the BunkerWeb UI service and you are now ready to access it :
|
||||
```shell
|
||||
systemctl restart bunkerweb-ui
|
||||
```
|
||||
|
||||
****** TROUBLE ******
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
For errors related to BunkerWeb services (e.g. not starting), you can use `journalctl` :
|
||||
```shell
|
||||
journalctl -u bunkerweb --no-pager
|
||||
```
|
||||
|
||||
Common logs are located inside the `/var/log/nginx` directory :
|
||||
```shell
|
||||
cat /var/log/nginx/error.log
|
||||
cat /var/log/nginx/access.log
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
You can use the `bwcli` command (as root) :
|
||||
```shell
|
||||
sudo bwcli unban 1.2.3.4
|
||||
```
|
|
@ -0,0 +1 @@
|
|||
<mxfile host="app.diagrams.net" modified="2022-10-13T12:11:36.746Z" agent="5.0 (Windows)" etag="qIM9S_K3KBWfpHSqmD4a" version="20.4.0"><diagram id="C5RBs43oDa-KdzZeNtuy" name="Page-1">7Z1df6I4FIc/jZfdHxDevFSkrVuHzqjdrntHlVF20HQR2zqffkMhAglqtEJoYW4Gjrz/z3OScxJoCxjLtxvffl58gzPHa0nC7K0Fei1JkkRdR/+Flm1sAWo7ssx9dxbZxMQwcn87sVGIrRt35qwzGwYQeoH7nDVO4WrlTIOMzfZ9+Jrd7Cf0smd9tucOZRhNbY+2PrqzYBFZdUlL7LeOO1/gM4v4/pY23ji+k/XCnsHXlAmYLWD4EAbR0vLNcLzw6eHn8tjfPnqDX+rNnz/W/9kP3bux9ddVdLDrU3bZ3YLvrIKzD73a2Lf9lfFyfbUdXc2DjvjPuH8lg+jYL7a3iR9YfLPBFj9BZ4YeaLwK/WAB53Ble2Zi7fpws5o54XkEtJZsM4DwGRlFZPzXCYJt7B32JoDItAiWXvxrdM7wRIRoR+443m4NN/7UOXCbsYKB7c+d4NDjkHa6IiIcuHQCf4t29B3PDtyX7NXZsWfOd9slTx8txAKcIIaQo4XqoevtztwXtDgPFzuGYY5G+Ad0ntRvOZt3zZu+he1PPrkluT8pvechTkOJXxdu4Iye7ffH/IpiRZ6AL44fOG9nSEg/cRyA2nJ0nDj8KNHaa0KyiPFcpCjWhYIkwnh8cV5kRl6kPeqVw4tMafF42x+bg/5obKI19GyvKXH8BVw+bdbHPfqn63kG9KD/vh8QRUXVtNAOV0HKfv3+r0ACVFXIEHCF/T3NgJLDgAgKg4B+8F8Rgl135SgFgCcF+MBHmo3B0Oz0JiEVzI0B3Zh0LCsh68w2hZ3APaTtI7MoAvV29QhU60EgYCVQ4Uog3YnuDjrG3YUaoopgIO56WhXiQK8HBworBxpXDhRKjZuhOfliGAClehhoLF0A4/7BGg8nTWt/WF9Fr5y+oB5Zp9RmDHOAa9qJL/Mwbbuol5RfjhLXs0bdQe2BE9v8gatHhgtYM1zANcMFTBnuOcB1H6w7c2iZ49pBR/ZiqgBdXi+mfOjQY/W3f6dXJuHB/lDwau8tPni0to3XCoeVNRkG+gdhjXf9Dl104YnLCHLWZSRFyR4jurJ4N8IZdtfxAf/IG6uikB52xiYz/4P+t/64hn1cMpWvAv108niQfsd7gq9p8N8N6IfwcblT23sHdNYJh5CRderZ67U7zeqRjRXngu+8ucFuN7Sc2gutJTuFK2UFC5wRHq8YtPM9JeUIeX6AbR+NKaqWdUSF9K/oTqmYQh9JI1xaJscA90Qn5CD2NrXZc7jB+sAla8SAjKhmxt3RQnTIi8Y+WWmaQrKFYxnP55oogrzqJD0yY4373fuwB2rcmsYdc9tlmWavfk2X1q5cy4W7RRedt2Fava8zawMpQotU6rwNWW3iJxkWWeKnkK9zSfM7mPL+UQqVo1gZt53BwLRu9qYIZHzcuYDIECOzsRB1BAxVPxA7i8JPJgpqzNOm1MLwk7niJ1QMP4kVP670SSz0fR/en9SuDc0fD+ZofH6H5SsAydocFscj04Bhz7TYRwsbYdMq8lP2xBkRBZZRUoF2komzh8soeLkKZRSZtYyyr6NUThll97JF7IaA7EezVlEkorYByKTpQkUUmaw/KmXUUPLGbT9VhTHBYdJK6o2cKozMOcSeOUnloLErKOKyIBl5WdEgR6llsRg0qAJHGWgoeSWMBo2ip63yRUMjau9y+0w0dLL0LheDRlvggUZeEaJBo+iZrJxbDeFSrYZSTqshCjx6VEpeiaBho+gxW85skEO2pEuzsqGSzQYJ2aXYEAEPNk58s7rqbAh82WCdGsyZDfVIT4iZDTKjJ/tmn5uNE6fXNmwcYoN5Fi/ndIPwtLOn+mhkJl7UTB8+fapPPw+uUmx8jlScDPfntxtkAbegdqMt8kCDbT7VYHD/2Axb5XrznmErgN2N27CV0tTmecyPVPa8KlBSb5kojijnDlupwpGuxYWiHjlbGWglRD3MXAXQIEZ0RVY00t0BziO6CvPUYa4juoB412ZXkDwVDUAMJ8lKMWjIZMJaBhpasXnkCq6cg1yc0eFFh792w7ssZ/4CTx/WyfB+bqFQJI+EneviGR8gP7ZVxrsdGkvGV0pf5oPuWPHuxnE3Yq5AENGZtXJ9MY+hEyHrnvIZlDQEWS9ZBz785eBMIw5v6aQkNtmeO1+FroZkd5C9i+NjJ/5h6c5m7wE0L+HJ+mKroByGHHSmp1SqOa5U2EsgGp3A1E4SUSAjPl9NdLrnXD9NJL1amtDTKSbmqG6iKGK1RJEaUChN8mbpl6sKPYJcP1U08jslgLcqdM5ZP1XIRoU/K3QOVT9VBKFqqtCfqa1fY08WjfmrQr/8VTtWdLJcib+ozE0UOqWvISrkpzfxRCFeqrTpDLJ+qlBj/XidmypNDhmqIFdNliaLROmJVjVV6CyyhrAoxBdp+MtCp5GNLLtvqfGThc4jaygLFcS4y9IkknktfnGyoNXkDxtGw5bJ34cE5v8=</diagram></mxfile>
|
|
@ -12,7 +12,7 @@ Using BunkerWeb as a [Docker](https://www.docker.com/) container is a quick and
|
|||
We provide ready-to-use prebuilt images for x64, x86 armv8 and armv7 architectures on [Docker Hub](https://hub.docker.com/r/bunkerity/bunkerweb) :
|
||||
|
||||
```shell
|
||||
docker pull bunkerity/bunkerweb:1.4.3
|
||||
docker pull bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Alternatively, you can build the Docker images directly from the [source](https://github.com/bunkerity/bunkerweb) (and get a coffee ☕ because it may take a long time depending on your hardware) :
|
||||
|
@ -39,7 +39,7 @@ docker run \
|
|||
-e MY_SETTING=value \
|
||||
-e "MY_OTHER_SETTING=value with spaces" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -48,7 +48,7 @@ Here is the docker-compose equivalent :
|
|||
...
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
environment:
|
||||
- MY_SETTING=value
|
||||
```
|
||||
|
@ -73,7 +73,7 @@ docker run \
|
|||
...
|
||||
-v bw_data:/data \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -82,7 +82,7 @@ Here is the docker-compose equivalent :
|
|||
...
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
...
|
||||
|
@ -152,7 +152,7 @@ docker run \
|
|||
...
|
||||
--network mynetwork \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
You will also need to do the same with your web application(s). Please note that the other containers are accessible using their name as the hostname.
|
||||
|
@ -163,7 +163,7 @@ Here is the docker-compose equivalent :
|
|||
...
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
networks:
|
||||
- bw-net
|
||||
...
|
||||
|
@ -204,7 +204,7 @@ docker network create bw-services
|
|||
- One for communication between **BunkerWeb** and **autoconf**
|
||||
- Another one for communication between **BunkerWeb** and **web applications**
|
||||
|
||||
You can now create the BunkerWeb container with the `AUTOCONF_MODE=yes` setting and the `bunkerweb.INSTANCE` label (replace 10.20.30.0/24 with the subnet specified before) :
|
||||
You can now create the BunkerWeb container with the `AUTOCONF_MODE=yes` setting and the `bunkerweb.AUTOCONF` label (replace 10.20.30.0/24 with the subnet specified before) :
|
||||
|
||||
```shell
|
||||
docker run \
|
||||
|
@ -217,8 +217,8 @@ docker run \
|
|||
-e MULTISITE=yes \
|
||||
-e SERVER_NAME= \
|
||||
-e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \
|
||||
-l bunkerweb.INSTANCE \
|
||||
bunkerity/bunkerweb:1.4.3 && \
|
||||
-l bunkerweb.AUTOCONF \
|
||||
bunkerity/bunkerweb:1.4.4 && \
|
||||
|
||||
docker network connect bw-services mybunker
|
||||
```
|
||||
|
@ -235,7 +235,7 @@ docker run \
|
|||
--network bw-autoconf \
|
||||
-v bw-data:/data \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock:ro \
|
||||
bunkerity/bunkerweb-autoconf:1.4.3
|
||||
bunkerity/bunkerweb-autoconf:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent for the BunkerWeb autoconf stack :
|
||||
|
@ -246,7 +246,7 @@ version: '3.5'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -256,13 +256,13 @@ services:
|
|||
- SERVER_NAME=
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE"
|
||||
- "bunkerweb.AUTOCONF"
|
||||
networks:
|
||||
- bw-autoconf
|
||||
- bw-services
|
||||
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.3
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.4
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
|
@ -363,8 +363,8 @@ docker service create \
|
|||
-e SERVER_NAME= \
|
||||
-e MULTISITE=yes \
|
||||
-e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \
|
||||
-l bunkerweb.INSTANCE \
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
-l bunkerweb.AUTOCONF \
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
And the autoconf one :
|
||||
|
@ -378,7 +378,7 @@ docker service \
|
|||
--mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock,ro \
|
||||
--mount type=volume,source=bw-data,destination=/data \
|
||||
-e SWARM_MODE=yes \
|
||||
bunkerity/bunkerweb-autoconf:1.4.3
|
||||
bunkerity/bunkerweb-autoconf:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (using `docker stack deploy`) :
|
||||
|
@ -389,7 +389,7 @@ version: '3.5'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
ports:
|
||||
- published: 80
|
||||
target: 8080
|
||||
|
@ -413,10 +413,10 @@ services:
|
|||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE"
|
||||
- "bunkerweb.AUTOCONF"
|
||||
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.3
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.4
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
volumes:
|
||||
|
@ -544,7 +544,7 @@ spec:
|
|||
app: bunkerweb
|
||||
# mandatory annotation
|
||||
annotations:
|
||||
bunkerweb.io/INSTANCE: "yes"
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
|
@ -703,14 +703,14 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
You should now be able to install NGINX 1.20.2 :
|
||||
```shell
|
||||
sudo apt update && \
|
||||
sudo apt install -y nginx=1.20.2-1~bullseye
|
||||
sudo apt install -y nginx=1.20.2-1~$(lsb_release -cs)
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.4.3 :
|
||||
And finally install BunkerWeb 1.4.4 :
|
||||
```shell
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
|
||||
sudo apt update && \
|
||||
sudo apt install -y bunkerweb=1.4.3
|
||||
sudo apt install -y bunkerweb=1.4.4
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
|
||||
|
@ -736,11 +736,11 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
sudo apt install -y nginx=1.20.2-1~jammy
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.4.3 :
|
||||
And finally install BunkerWeb 1.4.4 :
|
||||
```shell
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
|
||||
sudo apt update && \
|
||||
sudo apt install -y bunkerweb=1.4.3
|
||||
sudo apt install -y bunkerweb=1.4.4
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
|
||||
|
@ -758,7 +758,7 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
```shell
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
|
||||
sudo dnf check-update && \
|
||||
sudo dnf install -y bunkerweb-1.4.3
|
||||
sudo dnf install -y bunkerweb-1.4.4
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
|
||||
|
@ -785,12 +785,12 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
sudo dnf install nginx-1.20.2
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.4.3 :
|
||||
And finally install BunkerWeb 1.4.4 :
|
||||
```shell
|
||||
dnf install -y epel-release && \
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
|
||||
sudo dnf check-update && \
|
||||
sudo dnf install -y bunkerweb-1.4.3
|
||||
sudo dnf install -y bunkerweb-1.4.4
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
|
||||
|
@ -818,13 +818,12 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
mkdir /usr/share/bunkerweb/deps && \
|
||||
/tmp/bunkerweb/deps/install.sh
|
||||
```
|
||||
|
||||
|
||||
Additional Python dependencies needs to be installed into the `/usr/share/bunkerweb/deps/python` folder :
|
||||
```shell
|
||||
mkdir /usr/share/bunkerweb/deps/python && \
|
||||
mkdir -p /usr/share/bunkerweb/deps/python && \
|
||||
cat src/scheduler/requirements.txt src/ui/requirements.txt src/common/gen/requirements.txt src/common/db/requirements.txt > /tmp/bunkerweb/deps/requirements.txt && \
|
||||
pip install --no-cache-dir --require-hashes --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/deps/requirements.txt && \
|
||||
pip install --no-cache-dir --target /usr/share/bunkerweb/deps/python -r /tmp/bunkerweb/ui/requirements.txt && \
|
||||
pip install --no-cache-dir gunicorn
|
||||
```
|
||||
|
||||
Once dependencies are installed, you will be able to copy the BunkerWeb sources to the target `/usr/share/bunkerweb` folder :
|
||||
|
@ -894,11 +893,11 @@ List of supported Linux distros :
|
|||
|
||||
[Ansible](https://docs.ansible.com/ansible/latest/index.html) is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
|
||||
|
||||
A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/fl0ppy_d1sk/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
|
||||
A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/bunkerity/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
|
||||
|
||||
First of all, download the role from ansible-galaxy :
|
||||
```shell
|
||||
ansible-galaxy install fl0ppy_d1sk.bunkerweb
|
||||
ansible-galaxy install bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
Next, create an inventory by adding the IP adress or FQDN of one or more remote systems, either in `/etc/ansible/hosts` or in your own playbook `inventory.yml` :
|
||||
|
@ -917,7 +916,7 @@ In order to use the role, we will create the playbook file named `playbook.yml`
|
|||
- hosts: all
|
||||
become: true
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
Run the playbook :
|
||||
|
@ -927,16 +926,16 @@ ansible-playbook -i inventory.yml playbook.yml
|
|||
|
||||
Configuration of BunkerWeb is done by using specific role variables :
|
||||
|
||||
| Name | Type | Description | Default value |
|
||||
| :-------------------: | :--------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.4.3` |
|
||||
| `nginx_version` | string | Version of NGINX to install. | `1.20.2` |
|
||||
| `freeze_versions` | boolean | Prevent upgrade of BunkerWeb and NGINX when performing packages upgrades. | `true` |
|
||||
| `variables_env` | string | Path of the variables.env file to configure BunkerWeb. | `files/variables.env` |
|
||||
| `enable_ui` | boolean | Activate the web UI. | `false` |
|
||||
| `custom_ui` | string | Path of the ui.env file to configure the web UI. | `files/ui.env` |
|
||||
| `custom_configs_path` | Dictionary | Each entry is a path of the folder containing custom configurations. Keys are the type of custom configs : `http`, `server-http`, `modsec`, `modsec-crs` and `default-server-http` | empty values |
|
||||
| `custom_www` | string | Path of the www directory to upload. | empty value |
|
||||
| `custom_plugins` | string | Path of the plugins directory to upload. | empty value |
|
||||
| `custom_www_owner` | string | Default owner for www files and folders. | `nginx` |
|
||||
| `custom_www_group` | string | Default group for www files and folders. | `nginx` |
|
||||
| Name | Type | Description | Default value |
|
||||
|:-----:|:-----:|--------------|----------------|
|
||||
| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.4.4` |
|
||||
| `nginx_version` | string | Version of NGINX to install. | `1.20.2` |
|
||||
| `freeze_versions` | boolean | Prevent upgrade of BunkerWeb and NGINX when performing packages upgrades. | `true` |
|
||||
| `variables_env` | string | Path of the variables.env file to configure BunkerWeb. | `files/variables.env` |
|
||||
| `enable_ui` | boolean | Activate the web UI. | `false` |
|
||||
| `custom_ui` | string | Path of the ui.env file to configure the web UI. | `files/ui.env` |
|
||||
| `custom_configs_path` | Dictionary | Each entry is a path of the folder containing custom configurations. Keys are the type of custom configs : `http`, `server-http`, `modsec`, `modsec-crs` and `default-server-http` | empty values |
|
||||
| `custom_www` | string | Path of the www directory to upload. | empty value |
|
||||
| `custom_plugins` | string | Path of the plugins directory to upload. | empty value |
|
||||
| `custom_www_owner` | string | Default owner for www files and folders. | `nginx` |
|
||||
| `custom_www_group` | string | Default group for www files and folders. | `nginx` |
|
||||
|
|
|
@ -8,6 +8,6 @@ fi
|
|||
if [ "$1" == "dev" ] ; then
|
||||
mike deploy --push --update-aliases dev
|
||||
else
|
||||
mike deploy --push --update-aliases "$(cat src/VERSION | sed -E 's/([0-9]+)\.([0-9]+)\.([0-9]+)/\1\.\2/')" latest
|
||||
mike deploy --push --update-aliases "$(cat VERSION | sed -E 's/([0-9]+)\.([0-9]+)\.([0-9]+)/\1\.\2/')" latest
|
||||
mike set-default --push latest
|
||||
fi
|
|
@ -53,13 +53,13 @@ The first step is to install the plugin by putting the plugin files inside the c
|
|||
...
|
||||
-v "${PWD}/bw-data:/data" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
|
@ -140,7 +140,7 @@ The first step is to install the plugin by putting the plugin files inside the c
|
|||
vars:
|
||||
- custom_plugins: "{{ playbook_dir }}/bunkerweb-plugins"
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
Run the playbook :
|
||||
|
|
|
@ -54,7 +54,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
-e USE_REVERSE_PROXY=yes \
|
||||
-e REVERSE_PROXY_URL=/ \
|
||||
-e REVERSE_PROXY_HOST=http://myapp \
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -64,7 +64,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -223,7 +223,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
metadata:
|
||||
name: ingress
|
||||
annotations:
|
||||
bunkerweb.io/INSTANCE: "yes"
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
|
@ -306,7 +306,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
vars:
|
||||
- variables_env: "{{ playbook_dir }}/my_variables.env"
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
You can now run the playbook :
|
||||
|
@ -379,7 +379,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
-e app1.example.com_REVERSE_PROXY_HOST=http://myapp1 \
|
||||
-e app2.example.com_REVERSE_PROXY_HOST=http://myapp2 \
|
||||
-e app3.example.com_REVERSE_PROXY_HOST=http://myapp3 \
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -389,7 +389,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -793,7 +793,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
metadata:
|
||||
name: ingress
|
||||
annotations:
|
||||
bunkerweb.io/INSTANCE: "yes"
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
rules:
|
||||
- host: app1.example.com
|
||||
|
@ -880,7 +880,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
```shell
|
||||
systemctl start bunkerweb
|
||||
```
|
||||
|
||||
|
||||
=== "Ansible"
|
||||
|
||||
Let's assume that you have some web applications running on the same machine as BunkerWeb :
|
||||
|
@ -930,7 +930,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
vars:
|
||||
- variables_env: "{{ playbook_dir }}/my_variables.env"
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
[]()
|
||||
Run the playbook :
|
||||
|
@ -981,13 +981,13 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=X-Forwarded-For \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -1006,13 +1006,13 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=X-Forwarded-For \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -1031,13 +1031,13 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=X-Forwarded-For \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (using `docker stack deploy`) :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -1062,7 +1062,7 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
...
|
||||
env:
|
||||
- name: USE_REAL_IP
|
||||
|
@ -1111,7 +1111,7 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
vars:
|
||||
- variables_env: "{{ playbook_dir }}/my_variables.env"
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
Run the playbook :
|
||||
|
@ -1146,13 +1146,13 @@ REAL_IP_HEADER=proxy_protocol
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=proxy_protocol \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -1173,13 +1173,13 @@ REAL_IP_HEADER=proxy_protocol
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=proxy_protocol \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -1200,13 +1200,13 @@ REAL_IP_HEADER=proxy_protocol
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=proxy_protocol \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (using `docker stack deploy`) :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -1232,7 +1232,7 @@ REAL_IP_HEADER=proxy_protocol
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
...
|
||||
env:
|
||||
- name: USE_REAL_IP
|
||||
|
@ -1285,7 +1285,7 @@ REAL_IP_HEADER=proxy_protocol
|
|||
vars:
|
||||
- variables_env: "{{ playbook_dir }}/my_variables.env"
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
Run the playbook :
|
||||
|
@ -1327,7 +1327,7 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
Here is a dummy example using a docker-compose file :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
environment:
|
||||
- |
|
||||
CUSTOM_CONF_SERVER_HTTP_hello-world=
|
||||
|
@ -1369,13 +1369,13 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
...
|
||||
-v "${PWD}/bw-data:/data" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
|
@ -1436,13 +1436,13 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
...
|
||||
-v "${PWD}/bw-data:/data" \
|
||||
...
|
||||
bunkerity/bunkerweb-autoconf:1.4.3
|
||||
bunkerity/bunkerweb-autoconf:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.3
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.4
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
|
@ -1551,7 +1551,7 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
server-http: "{{ playbook_dir }}/server-http"
|
||||
}
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
Run the playbook :
|
||||
|
@ -1622,7 +1622,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
-e AUTO_LETS_ENCRYPT=yes \
|
||||
-e REMOTE_PHP=myphp \
|
||||
-e REMOTE_PHP_PATH=/app \
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -1632,7 +1632,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -1674,7 +1674,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
...
|
||||
-v "${PWD}/myapp:/app" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Once BunkerWeb and autoconf are ready, you will be able to create the PHP-FPM container, mount the application folder inside the container and configure it using specific labels :
|
||||
|
@ -1738,7 +1738,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
...
|
||||
-v "/shared/myapp:/app" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Once BunkerWeb and autoconf are ready, you will be able to create the PHP-FPM service, mount the application folder inside the container and configure it using specific labels :
|
||||
|
@ -1891,7 +1891,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
- custom_www: "{{ playbook_dir }}/my_app"
|
||||
- custom_www_owner: "www-data"
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
You can now run the playbook :
|
||||
|
@ -1984,7 +1984,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
-e app2.example.com_REMOTE_PHP_PATH=/app \
|
||||
-e app3.example.com_REMOTE_PHP=myphp3 \
|
||||
-e app3.example.com_REMOTE_PHP_PATH=/app \
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -1994,7 +1994,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -2055,7 +2055,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
...
|
||||
-v "${PWD}/myapps:/apps" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Once BunkerWeb and autoconf are ready, you will be able to create the PHP-FPM containers, mount the right application folder inside each container and configure them using specific labels :
|
||||
|
@ -2179,7 +2179,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
...
|
||||
-v "/shared/myapps:/apps" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.3
|
||||
bunkerity/bunkerweb:1.4.4
|
||||
```
|
||||
|
||||
Once BunkerWeb and autoconf are ready, you will be able to create the PHP-FPM service, mount the application folder inside the container and configure it using specific labels :
|
||||
|
@ -2406,7 +2406,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
- custom_www: "{{ playbook_dir }}/my_app"
|
||||
- custom_www_owner: "www-data"
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
You can now run the playbook :
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
mkdocs==1.4.2
|
||||
mkdocs-material==8.5.9
|
||||
mkdocs==1.2.3
|
||||
mkdocs-material==8.2.5
|
||||
pytablewriter==0.64.2
|
||||
mike==1.1.2
|
||||
jinja2<3.1.0
|
||||
|
|
|
@ -5,6 +5,11 @@ BunkerWeb offers many security features that you can configure with [settings](/
|
|||
!!! tip "Other settings"
|
||||
This section only focuses on security tuning, see the [settings section](/1.4/settings) of the documentation for other settings.
|
||||
|
||||
<figure markdown>
|
||||
![Overview](assets/img/core-order.svg){ align=center }
|
||||
<figcaption>Overview and order of the core security plugins</figcaption>
|
||||
</figure>
|
||||
|
||||
## HTTP protocol
|
||||
|
||||
### Deny status code
|
||||
|
|
|
@ -260,4 +260,4 @@ If you have bots that need to access your website, the recommended way to avoid
|
|||
|
||||
- Healthcheck / status bot
|
||||
- Callback like IPN or webhook
|
||||
- Social media crawler
|
||||
- Social media crawler
|
|
@ -1,7 +1,7 @@
|
|||
# Web UI
|
||||
|
||||
!!! note "Supported integrations"
|
||||
At the moment, the web UI is only supported with the [Docker](/1.4/integrations/#docker), [Linux](/1.4/integrations/#linux) and [Ansible](/1.4/integrations/#ansible) integrations. Please note that we plan to support more integrations as the project evolves.
|
||||
At the moment, the web UI is only supported with the [Docker](/1.4/integrations/#docker), [Linux](/1.4/integrations/#linux) and [Ansible](/1.4/integrations/#ansible) integrations. It's not possible to use the web UI with other integrations like [Docker autoconf](/1.4/integrations/#docker-autoconf), [Swarm](/1.4/integrations/#swarm) or [Kubernetes](/1.4/integrations/#kubernetes). Please note that we plan to support more integrations as the project evolves.
|
||||
|
||||
## Overview
|
||||
|
||||
|
@ -76,7 +76,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
-e "bwadm.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme" \
|
||||
-e bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no \
|
||||
-l bunkerweb.UI \
|
||||
bunkerity/bunkerweb:1.4.3 && \
|
||||
bunkerity/bunkerweb:1.4.4 && \
|
||||
docker network connect bw-ui mybunker
|
||||
```
|
||||
|
||||
|
@ -115,7 +115,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
-e ADMIN_USERNAME=admin \
|
||||
-e ADMIN_PASSWORD=changeme \
|
||||
-e ABSOLUTE_URI=http(s)://bwadm.example.com/changeme/ \
|
||||
bunkerity/bunkerweb-ui:1.4.3 && \
|
||||
bunkerity/bunkerweb-ui:1.4.4 && \
|
||||
docker network connect bw-docker myui
|
||||
```
|
||||
|
||||
|
@ -131,7 +131,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.4.4
|
||||
networks:
|
||||
- bw-services
|
||||
- bw-ui
|
||||
|
@ -154,7 +154,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
- "bunkerweb.UI"
|
||||
|
||||
myui:
|
||||
image: bunkerity/bunkerweb-ui:1.4.3
|
||||
image: bunkerity/bunkerweb-ui:1.4.4
|
||||
depends_on:
|
||||
- mydocker
|
||||
networks:
|
||||
|
@ -297,10 +297,10 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
- enable_ui: true
|
||||
- custom_ui: "{{ playbook_dir }}/my_ui.env"
|
||||
roles:
|
||||
- fl0ppy_d1sk.bunkerweb
|
||||
- bunkerity.bunkerweb
|
||||
```
|
||||
|
||||
You can now run the playbook and be able to access the web UI :
|
||||
```shell
|
||||
ansible-playbook -i inventory.yml playbook.yml
|
||||
```
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue