librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

road to v1.4.3 🚀

This commit is contained in:
bunkerity 2022-08-24 15:14:26 +02:00
parent 66029a316c
commit 4244399eb1
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
47 changed files with 163 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/dev.yml vendored
View File

@ -374,12 +374,12 @@ jobs:
run: cat /opt/.runner_env >> $GITHUB_ENV
# Run tests
# - name: Run Docker tests
# run: ./tests/main.py "docker"
# - name: Run Autoconf tests
# run: ./tests/main.py "autoconf"
# - name: Run Swarm tests
# run: ./tests/main.py "swarm"
- name: Run Docker tests
run: ./tests/main.py "docker"
- name: Run Autoconf tests
run: ./tests/main.py "autoconf"
- name: Run Swarm tests
run: ./tests/main.py "swarm"
- name: Run Kubernetes tests
run: ./tests/main.py "kubernetes"
- name: Generate Linux packages and build test images

4
README.md
View File

@ -3,7 +3,7 @@
</p>
<p align="center">
<img src="https://img.shields.io/badge/bunkerweb-1.4.2-blue" />
<img src="https://img.shields.io/badge/bunkerweb-1.4.3-blue" />
<img src="https://img.shields.io/github/last-commit/bunkerity/bunkerweb" />
<img src="https://img.shields.io/github/workflow/status/bunkerity/bunkerweb/Automatic%20test%2C%20build%2C%20push%20and%20deploy%20%28DEV%29?label=CI%2FCD%20dev" />
<img src="https://img.shields.io/github/workflow/status/bunkerity/bunkerweb/Automatic%20test%2C%20build%2C%20push%20and%20deploy%20%28PROD%29?label=CI%2FCD%20prod" />
@ -286,4 +286,4 @@ If you would like to contribute to the plugins you can read the [contributing gu
# Security policy
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/tree/master/SECURITY.md) for more information.
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/tree/master/SECURITY.md) for more information.

2
VERSION
View File

@ -1 +1 @@
1.4.2
1.4.3

58
docs/integrations.md
View File

@ -12,7 +12,7 @@ Using BunkerWeb as a [Docker](https://www.docker.com/) container is a quick and
We provide ready to use prebuilt images for x64, x86 armv8 and armv7 architectures on [Docker Hub](https://hub.docker.com/r/bunkerity/bunkerweb) :
```shell
docker pull bunkerity/bunkerweb:1.4.2
docker pull bunkerity/bunkerweb:1.4.3
```
Alternatively, you can build the Docker images directly from the [source](https://github.com/bunkerity/bunkerweb) (and take a coffee ☕ because it may be long depending on your hardware) :
@ -39,7 +39,7 @@ docker run \
-e MY_SETTING=value \
-e "MY_OTHER_SETTING=value with spaces" \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
@ -48,7 +48,7 @@ Here is the docker-compose equivalent :
...
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
environment:
- MY_SETTING=value
```
@ -73,7 +73,7 @@ docker run \
...
-v bw_data:/data \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
@ -82,7 +82,7 @@ Here is the docker-compose equivalent :
...
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
volumes:
- bw_data:/data
...
@ -152,7 +152,7 @@ docker run \
...
--network mynetwork \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
You will also need to do the same with your web application(s). Please note that the other containers are accessible using their name as the hostname.
@ -163,7 +163,7 @@ Here is the docker-compose equivalent :
...
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
networks:
- bw-net
...
@ -218,7 +218,7 @@ docker run \
-e SERVER_NAME= \
-e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \
-l bunkerweb.AUTOCONF \
bunkerity/bunkerweb:1.4.2 && \
bunkerity/bunkerweb:1.4.3 && \
docker network connect bw-services mybunker
```
@ -235,7 +235,7 @@ docker run \
--network bw-autoconf \
-v bw-data:/data \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
bunkerity/bunkerweb-autoconf:1.4.2
bunkerity/bunkerweb-autoconf:1.4.3
```
Here is the docker-compose equivalent for the BunkerWeb autoconf stack :
@ -246,7 +246,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443
@ -262,7 +262,7 @@ services:
- bw-services
myautoconf:
image: bunkerity/bunkerweb-autoconf:1.4.2
image: bunkerity/bunkerweb-autoconf:1.4.3
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
@ -364,7 +364,7 @@ docker service create \
-e MULTISITE=yes \
-e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \
-l bunkerweb.AUTOCONF \
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
And the autoconf one :
@ -378,7 +378,7 @@ docker service \
--mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock,ro \
--mount type=volume,source=bw-data,destination=/data \
-e SWARM_MODE=yes \
bunkerity/bunkerweb-autoconf:1.4.2
bunkerity/bunkerweb-autoconf:1.4.3
```
Here is the docker-compose equivalent (using `docker stack deploy`) :
@ -389,7 +389,7 @@ version: '3.5'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- published: 80
target: 8080
@ -416,7 +416,7 @@ services:
- "bunkerweb.AUTOCONF"
myautoconf:
image: bunkerity/bunkerweb-autoconf:1.4.2
image: bunkerity/bunkerweb-autoconf:1.4.3
environment:
- SWARM_MODE=yes
volumes:
@ -706,11 +706,11 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
sudo apt install -y nginx=1.20.2-1~bullseye
```
And finally install BunkerWeb 1.4.2 :
And finally install BunkerWeb 1.4.3 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
sudo apt install -y bunkerweb=1.4.2
sudo apt install -y bunkerweb=1.4.3
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
@ -736,11 +736,11 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
sudo apt install -y nginx=1.20.2-1~jammy
```
And finally install BunkerWeb 1.4.2 :
And finally install BunkerWeb 1.4.3 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
sudo apt install -y bunkerweb=1.4.2
sudo apt install -y bunkerweb=1.4.3
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
@ -758,7 +758,7 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo dnf install -y bunkerweb-1.4.2
sudo dnf install -y bunkerweb-1.4.3
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@ -785,12 +785,12 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
sudo dnf install nginx-1.20.2
```
And finally install BunkerWeb 1.4.2 :
And finally install BunkerWeb 1.4.3 :
```shell
dnf install -y epel-release && \
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo dnf install -y bunkerweb-1.4.2
sudo dnf install -y bunkerweb-1.4.3
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@ -870,7 +870,6 @@ MY_SETTING_2=value2
BunkerWeb is managed using systemctl :
- Check BunkerWeb status : `systemctl status bunkerweb`
- Reload the configuration : `systemctl reload bunkerweb`
- Start it if it's stopped : `systemctl start bunkerweb`
- Stop it if it's started : `systemctl stop bunkerweb`
- And restart : `systemctl restart bunkerweb`
@ -895,7 +894,7 @@ A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galax
First of all download the role from ansible-galaxy :
```shell
ansible-galaxy install bunkerity.bunkerweb
ansible-galaxy install fl0ppy_d1sk.bunkerweb
```
Next create an inventory by adding the IP adress or FQDN of one or more remote systems, either in `/etc/ansible/hosts` or in your own playbook `inventory.yml` :
@ -914,7 +913,7 @@ In order to use the role, we will create the playbook file named `playbook.yml`
- hosts: all
become: true
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
Run the playbook :
@ -926,13 +925,14 @@ Configuration of BunkerWeb is done by using specific role variables :
| Name | Type | Description | Default value |
|:-----:|:-----:|--------------|----------------|
| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.4.2` |
| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.4.3` |
| `nginx_version` | string | Version of NGINX to install. | `1.20.2` |
| `freeze_versions` | boolean | Prevent upgrade of BunkerWeb and NGINX when performing packages upgrades. | `true` |
| `variables_env` | string | Path of the variables.env file to configure BunkerWeb. | `files/variables.env` |
| `enable_ui` | boolean | Activate the web UI. | `false` |
| `custom_ui` | string | Path of the ui.env file to configure the web UI. | `files/ui.env` |
| `custom_configs` | boolean | Enable provisioning of custom configurations using the `custom_configs_path` variable. | `false` |
| `custom_configs_path` | Dictionary | Each entry is a path of the folder containing custom configurations. Keys are the type of custom configs : `http`, `server-http`, `modsec`, `modsec-crs` and `default-server-http` | empty values |
| `custom_site` | string | Path of the www directory to upload. | empty value |
| `plugins` | string | Path of the plugins directory to upload. | empty value |
| `custom_www` | string | Path of the www directory to upload. | empty value |
| `custom_plugins` | string | Path of the plugins directory to upload. | empty value |
| `custom_www_owner` | string | Default owner for www files and folders. | `nginx` |
| `custom_www_group` | string | Default group for www files and folders. | `nginx` |

10
docs/plugins.md
View File

@ -53,13 +53,13 @@ The first step is to install the plugin by putting the plugin files inside the c
...
-v "${PWD}/bw-data:/data" \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
```yaml
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
volumes:
- ./bw-data:/data
...
@ -130,7 +130,7 @@ The first step is to install the plugin by putting the plugin files inside the c
In your Ansible inventory, you can use the `plugins` variable to set the path of plugins folder :
```ini
[mybunkers]
192.168.0.42 ... plugins="{{ playbook_dir }}/bunkerweb-plugins"
192.168.0.42 ... custom_plugins="{{ playbook_dir }}/bunkerweb-plugins"
```
Or alternatively, in your playbook file :
@ -138,9 +138,9 @@ The first step is to install the plugin by putting the plugin files inside the c
- hosts: all
become: true
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
- custom_plugins: "{{ playbook_dir }}/bunkerweb-plugins"
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
Run the playbook :

126
docs/quickstart-guide.md
View File

@ -54,7 +54,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
-e USE_REVERSE_PROXY=yes \
-e REVERSE_PROXY_URL=/ \
-e REVERSE_PROXY_HOST=http://myapp \
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
@ -64,7 +64,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443
@ -263,9 +263,9 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
systemctl status bunkerweb
```
If it's already running we can just reload it :
If it's already running we can restart it :
```shell
systemctl reload bunkerweb
systemctl restart bunkerweb
```
Otherwise, we will need to start it :
@ -306,7 +306,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
You can now run the playbook :
@ -379,7 +379,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
-e app1.example.com_REVERSE_PROXY_HOST=http://myapp1 \
-e app2.example.com_REVERSE_PROXY_HOST=http://myapp2 \
-e app3.example.com_REVERSE_PROXY_HOST=http://myapp3 \
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
@ -389,7 +389,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443
@ -871,9 +871,9 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
systemctl status bunkerweb
```
If it's already running we can just reload it :
If it's already running we can restart it :
```shell
systemctl reload bunkerweb
systemctl restart bunkerweb
```
Otherwise, we will need to start it :
@ -916,13 +916,13 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
app2.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8002
app3.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8003
```
[]()
In your Ansible inventory, you can use the `variables_env` variable to set the path of configuration file :
```yaml
[mybunkers]
192.168.0.42 variables_env="{{ playbook_dir }}/my_variables.env"
```
[]()
Or alternatively, in your playbook file :
```yaml
- hosts: all
@ -930,9 +930,9 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
[]()
Run the playbook :
```shell
ansible-playbook -i inventory.yml playbook.yml
@ -981,13 +981,13 @@ REAL_IP_HEADER=X-Forwarded-For
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=X-Forwarded-For \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
```yaml
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
...
environment:
- USE_REAL_IP=yes
@ -1006,13 +1006,13 @@ REAL_IP_HEADER=X-Forwarded-For
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=X-Forwarded-For \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
```yaml
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
...
environment:
- USE_REAL_IP=yes
@ -1031,13 +1031,13 @@ REAL_IP_HEADER=X-Forwarded-For
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=X-Forwarded-For \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent (using `docker stack deploy`) :
```yaml
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
...
environment:
- USE_REAL_IP=yes
@ -1062,7 +1062,7 @@ REAL_IP_HEADER=X-Forwarded-For
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
...
env:
- name: USE_REAL_IP
@ -1085,7 +1085,7 @@ REAL_IP_HEADER=X-Forwarded-For
...
```
Don't forget to reload the bunkerweb service once it's done.
Don't forget to restart the bunkerweb service once it's done.
=== "Ansible"
@ -1111,7 +1111,7 @@ REAL_IP_HEADER=X-Forwarded-For
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
Run the playbook :
@ -1146,13 +1146,13 @@ REAL_IP_HEADER=proxy_protocol
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=proxy_protocol \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
```yaml
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
...
environment:
- USE_REAL_IP=yes
@ -1173,13 +1173,13 @@ REAL_IP_HEADER=proxy_protocol
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=proxy_protocol \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
```yaml
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
...
environment:
- USE_REAL_IP=yes
@ -1200,13 +1200,13 @@ REAL_IP_HEADER=proxy_protocol
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
-e REAL_IP_HEADER=proxy_protocol \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent (using `docker stack deploy`) :
```yaml
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
...
environment:
- USE_REAL_IP=yes
@ -1232,7 +1232,7 @@ REAL_IP_HEADER=proxy_protocol
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
...
env:
- name: USE_REAL_IP
@ -1258,7 +1258,7 @@ REAL_IP_HEADER=proxy_protocol
...
```
Don't forget to reload the bunkerweb service once it's done.
Don't forget to restart the bunkerweb service once it's done.
=== "Ansible"
@ -1285,7 +1285,7 @@ REAL_IP_HEADER=proxy_protocol
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
Run the playbook :
@ -1327,7 +1327,7 @@ Some integrations offer a more convenient way of applying configurations for exa
Here is a dummy example using a docker-compose file :
```yaml
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1369,13 +1369,13 @@ Some integrations offer a more convenient way of applying configurations for exa
...
-v "${PWD}/bw-data:/data" \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
```yaml
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
volumes:
- ./bw-data:/data
...
@ -1436,13 +1436,13 @@ Some integrations offer a more convenient way of applying configurations for exa
...
-v "${PWD}/bw-data:/data" \
...
bunkerity/bunkerweb-autoconf:1.4.2
bunkerity/bunkerweb-autoconf:1.4.3
```
Here is the docker-compose equivalent :
```yaml
myautoconf:
image: bunkerity/bunkerweb-autoconf:1.4.2
image: bunkerity/bunkerweb-autoconf:1.4.3
volumes:
- ./bw-data:/data
...
@ -1520,7 +1520,7 @@ Some integrations offer a more convenient way of applying configurations for exa
chmod -R 770 /opt/bunkerweb/configs
```
Don't forget to reload the bunkerweb service once it's done.
Don't forget to restart the bunkerweb service once it's done.
=== "Ansible"
@ -1551,7 +1551,7 @@ Some integrations offer a more convenient way of applying configurations for exa
server-http: "{{ playbook_dir }}/server-http"
}
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
Run the playbook :
@ -1595,6 +1595,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
Now you can copy your application files to the `bw-data/www` folder. Please note that you will need to fix the permissions so BunkerWeb (UID/GID 101) can at least read files and list folders and PHP-FPM (UID/GID 33) is the owner of the files and folders :
```shell
chown -R 101:101 ./bw-data && \
chown -R 33:101 ./bw-data/www && \
find ./bw-data/www -type f -exec chmod 0640 {} \; && \
find ./bw-data/www -type d -exec chmod 0750 {} \;
@ -1621,7 +1622,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
-e AUTO_LETS_ENCRYPT=yes \
-e REMOTE_PHP=myphp \
-e REMOTE_PHP_PATH=/app \
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
@ -1631,7 +1632,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443
@ -1673,7 +1674,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
...
-v "${PWD}/myapp:/app" \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Once BunkerWeb and autoconf are ready, you can now create the PHP-FPM container, mount the application folder inside the container and configure it using specific labels :
@ -1681,9 +1682,10 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
docker run -d \
--name myphp \
--network bw-services \
-v "${PWD}/bw-data/www:/app" \
-v "${PWD}/myapp:/app" \
-l bunkerweb.SERVER_NAME=www.example.com \
-l bunkerweb.AUTO_LETS_ENCRYPT=yes \
-l bunkerweb.ROOT_FOLDER=/app \
-l bunkerweb.REMOTE_PHP=myphp \
-l bunkerweb.REMOTE_PHP_PATH=/app \
php:fpm
@ -1706,10 +1708,10 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
labels:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.AUTO_LETS_ENCRYPT=yes
- bunkerweb.ROOT_FOLDER=/app
- bunkerweb.REMOTE_PHP=myphp
- bunkerweb.REMOTE_PHP_PATH=/app
- bunkerweb.ROOT_FOLDER=/app
networks:
bw-services:
external:
@ -1736,7 +1738,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
...
-v "/shared/myapp:/app" \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Once BunkerWeb and autoconf are ready, you can now create the PHP-FPM service, mount the application folder inside the container and configure it using specific labels :
@ -1744,9 +1746,10 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
docker service create \
--name myphp \
--network bw-services \
-v "${PWD}/bw-data/www:/app" \
-v "/shared/myapp:/app" \
-l bunkerweb.SERVER_NAME=www.example.com \
-l bunkerweb.AUTO_LETS_ENCRYPT=yes \
-l bunkerweb.ROOT_FOLDER=/app \
-l bunkerweb.REMOTE_PHP=myphp \
-l bunkerweb.REMOTE_PHP_PATH=/app \
php:fpm
@ -1771,10 +1774,10 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
labels:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.AUTO_LETS_ENCRYPT=yes
- bunkerweb.ROOT_FOLDER=/app
- bunkerweb.REMOTE_PHP=myphp
- bunkerweb.REMOTE_PHP_PATH=/app
- bunkerweb.ROOT_FOLDER=/app
networks:
bw-services:
external:
@ -1832,9 +1835,9 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
```shell
systemctl status bunkerweb
```
If it's already running we can just reload it :
If it's already running we can restart it :
```shell
systemctl reload bunkerweb
systemctl restart bunkerweb
```
Otherwise, we will need to start it :
@ -1888,7 +1891,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- custom_www: "{{ playbook_dir }}/my_app"
- custom_www_owner: "www-data"
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
You can now run the playbook :
@ -1929,6 +1932,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
Now you can copy your application files to the `bw-data/www` subfolders. Please note that you will need to fix the permissions so BunkerWeb (UID/GID 101) can at least read files and list folders and PHP-FPM (UID/GID 33) is the owner of the files and folders :
```shell
chown -R 101:101 ./bw-data && \
chown -R 33:101 ./bw-data/www && \
find ./bw-data/www -type f -exec chmod 0640 {} \; && \
find ./bw-data/www -type d -exec chmod 0750 {} \;
@ -1980,7 +1984,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
-e app2.example.com_REMOTE_PHP_PATH=/app \
-e app3.example.com_REMOTE_PHP=myphp3 \
-e app3.example.com_REMOTE_PHP_PATH=/app \
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Here is the docker-compose equivalent :
@ -1990,7 +1994,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443
@ -2051,7 +2055,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
...
-v "${PWD}/myapps:/apps" \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Once BunkerWeb and autoconf are ready, you can now create the PHP-FPM containers, mount the right application folder inside each container and configure them using specific labels :
@ -2111,7 +2115,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
networks:
bw-services:
aliases:
- myphp1
- myphp1
labels:
- bunkerweb.SERVER_NAME=app1.example.com
- bunkerweb.AUTO_LETS_ENCRYPT=yes
@ -2126,7 +2130,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
networks:
bw-services:
aliases:
- myphp2
- myphp2
labels:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.AUTO_LETS_ENCRYPT=yes
@ -2141,7 +2145,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
networks:
bw-services:
aliases:
- myphp3
- myphp3
labels:
- bunkerweb.SERVER_NAME=app3.example.com
- bunkerweb.AUTO_LETS_ENCRYPT=yes
@ -2175,7 +2179,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
...
-v "/shared/myapps:/apps" \
...
bunkerity/bunkerweb:1.4.2
bunkerity/bunkerweb:1.4.3
```
Once BunkerWeb and autoconf are ready, you can now create the PHP-FPM service, mount the application folder inside the container and configure it using specific labels :
@ -2341,9 +2345,9 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
```shell
systemctl status bunkerweb
```
If it's already running we can just reload it :
If it's already running we can restart it :
```shell
systemctl reload bunkerweb
systemctl restart bunkerweb
```
Otherwise, we will need to start it :
@ -2402,7 +2406,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- custom_www: "{{ playbook_dir }}/my_app"
- custom_www_owner: "www-data"
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
You can now run the playbook :

22
docs/web-ui.md
View File

@ -73,10 +73,10 @@ Because the web UI is a web application, the recommended installation procedure
-e bwadm.example.com_USE_REVERSE_PROXY=yes \
-e bwadm.example.com_REVERSE_PROXY_URL=/changeme/ \
-e bwadm.example.com_REVERSE_PROXY_HOST=http://myui:7000 \
-e "bwadm.example.com_REVERSE_PROXY_HEADER=X-Script-Name /changeme" \
-e "bwadm.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme" \
-e bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no \
-l bunkerweb.UI \
bunkerity/bunkerweb:1.4.2 && \
bunkerity/bunkerweb:1.4.3 && \
docker network connect bw-ui mybunker
```
@ -115,7 +115,7 @@ Because the web UI is a web application, the recommended installation procedure
-e ADMIN_USERNAME=admin \
-e ADMIN_PASSWORD=changeme \
-e ABSOLUTE_URI=http(s)://bwadm.example.com/changeme/
bunkerity/bunkerweb-ui:1.4.2 && \
bunkerity/bunkerweb-ui:1.4.3 && \
docker network connect bw-docker myui
```
@ -131,7 +131,7 @@ Because the web UI is a web application, the recommended installation procedure
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
networks:
- bw-services
- bw-ui
@ -154,7 +154,7 @@ Because the web UI is a web application, the recommended installation procedure
- "bunkerweb.UI"
myui:
image: bunkerity/bunkerweb-ui:1.4.2
image: bunkerity/bunkerweb-ui:1.4.3
depends_on:
- mydocker
networks:
@ -210,7 +210,7 @@ Because the web UI is a web application, the recommended installation procedure
bwadm.example.com_USE_REVERSE_PROXY=yes
bwadm.example.com_REVERSE_PROXY_URL=/changeme/
bwadm.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
bwadm.example.com_REVERSE_PROXY_HEADER=X-Script-Name /changeme
bwadm.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
...
```
@ -220,9 +220,9 @@ Because the web UI is a web application, the recommended installation procedure
* `bwadm.example.com` is the dedicated (sub)domain for accessing the web UI
* replace the `/changeme` URLs with a custom one of your choice
Once the configuration file is edited, you will need to reload BunkerWeb :
Once the configuration file is edited, you will need to restart BunkerWeb :
```shell
systemctl reload bunkerweb
systemctl restart bunkerweb
```
You can edit the **/opt/bunkerweb/ui.env** file containing the settings of the web UI :
@ -260,7 +260,7 @@ Because the web UI is a web application, the recommended installation procedure
bwadm.example.com_USE_REVERSE_PROXY=yes
bwadm.example.com_REVERSE_PROXY_URL=/changeme/
bwadm.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
bwadm.example.com_REVERSE_PROXY_HEADER=X-Script-Name /changeme
bwadm.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
...
```
@ -295,9 +295,9 @@ Because the web UI is a web application, the recommended installation procedure
vars:
- variables_env: "{{ playbook_dir }}/my_variables.env"
- enable_ui: true
- custom_ui="{{ playbook_dir }}/my_ui.env"
- custom_ui: "{{ playbook_dir }}/my_ui.env"
roles:
- bunkerweb
- fl0ppy_d1sk.bunkerweb
```
You can now run the playbook and be able to access the web UI :

2
examples/authelia/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3.4'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/authentik/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3.4'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/behind-reverse-proxy/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly

2
examples/bigbluebutton/docker-compose.yml
View File

@ -27,7 +27,7 @@ services:
...
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/certbot-dns-cloudflare/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/certbot-dns-digitalocean/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/certbot-dns-google/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/certbot-dns-ovh/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/certbot-dns-route53/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/cors/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/docker-configs/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/drupal/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/ghost/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/gogs/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/hardened/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
# dropping all capabilities
cap_drop:
- ALL

2
examples/joomla/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/load-balancer/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/magento/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/mattermost/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/mongo-express/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/moodle/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/nextcloud/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/passbolt/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/php-multisite/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/php-singlesite/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/prestashop/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/proxy-protocol/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly

2
examples/radarr/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3.5'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/redmine/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/reverse-proxy-multisite/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/reverse-proxy-singlesite/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/reverse-proxy-websocket/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/syslog/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
logging:
driver: syslog
options:

2
examples/tomcat/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

2
examples/tor-hidden-service/docker-compose.yml
View File

@ -11,7 +11,7 @@ services:
- SERVICE1_TOR_SERVICE_VERSION=3
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly

4
examples/web-ui/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443
@ -42,7 +42,7 @@ services:
- net_svc
myui:
image: bunkerity/bunkerweb-ui:1.4.2
image: bunkerity/bunkerweb-ui:1.4.3
depends_on:
- myuiproxy
volumes:

2
examples/wordpress/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443

4
integrations/autoconf/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: '3'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- 80:8080
- 443:8443
@ -20,7 +20,7 @@ services:
- bw-services
myautoconf:
image: bunkerity/bunkerweb-autoconf:1.4.2
image: bunkerity/bunkerweb-autoconf:1.4.3
volumes:
- ./bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro

4
integrations/kubernetes/bunkerweb.yml
View File

@ -16,7 +16,7 @@ spec:
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
imagePullPolicy: Always
securityContext:
runAsUser: 101
@ -108,7 +108,7 @@ spec:
claimName: pvc-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.2
image: bunkerity/bunkerweb-autoconf:1.4.3
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE

4
integrations/swarm/stack.yml
View File

@ -3,7 +3,7 @@ version: '3.5'
services:
mybunker:
image: bunkerity/bunkerweb:1.4.2
image: bunkerity/bunkerweb:1.4.3
ports:
- published: 80
target: 8080
@ -31,7 +31,7 @@ services:
- "bunkerweb.AUTOCONF"
myautoconf:
image: bunkerity/bunkerweb-autoconf:1.4.2
image: bunkerity/bunkerweb-autoconf:1.4.3
environment:
- SWARM_MODE=yes
volumes: