examples improvement - traefik alternative, autoconf reverse proxy and basic website

examples/autoconf-php/README.md

@@ -6,7 +6,7 @@ Quickly deploy PHP app on Docker containers without restarting bunkerized-nginx.
 
 <img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/autoconf-php/architecture.png?raw=true" />
 
-## Docker
+## Autoconf
 
 First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-nginx.yml).
 

examples/autoconf-reverse-proxy/README.md

@@ -0,0 +1,13 @@
+# Autoconf reverse proxy
+
+Quickly deploy web app on Docker containers without restarting bunkerized-nginx.
+
+## Architecture
+
+<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/autoconf-reverse-proxy/architecture.png?raw=true" />
+
+## Autoconf
+
+First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-nginx.yml).
+
+Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-apps.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-apps.yml).

examples/autoconf-reverse-proxy/docker-compose-apps.yml

@@ -0,0 +1,50 @@
+version: '3'
+
+services:
+
+  myapp1:
+    build: js-app
+    restart: always
+    environment:
+      - NODE_ENV=production
+    labels:
+      - "bunkerized-nginx.SERVER_NAME=app1.example.com"            # replace with your domain
+      - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+      - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
+    networks:
+      myappnet:
+        aliases:
+          - myapp1
+
+  myapp2:
+    build: js-app
+    restart: always
+    environment:
+      - NODE_ENV=production
+    labels:
+      - "bunkerized-nginx.SERVER_NAME=app2.example.com"            # replace with your domain
+      - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+      - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
+    networks:
+      myappnet:
+        aliases:
+          - myapp2
+
+  myapp3:
+    build: js-app
+    restart: always
+    environment:
+      - NODE_ENV=production
+    labels:
+      - "bunkerized-nginx.SERVER_NAME=app3.example.com"            # replace with your domain
+      - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+      - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
+    networks:
+      myappnet:
+        aliases:
+          - myapp3
+
+networks:
+  myphpnet:
+    external:
+      name: myphpnet

examples/autoconf-reverse-proxy/docker-compose-nginx.yml

@@ -0,0 +1,45 @@
+version: '3'
+
+services:
+
+  mywww:
+    image: bunkerity/bunkerized-nginx
+    restart: always
+    ports:
+      - 80:8080
+      - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
+    volumes:
+      - ./letsencrypt:/etc/letsencrypt
+      - autoconf:/etc/nginx
+    environment:
+      - SERVER_NAME=                                              # must be left blank if you don't want to setup "static" conf
+      - MULTISITE=yes
+      - AUTO_LETS_ENCRYPT=yes
+      - REDIRECT_HTTP_TO_HTTPS=yes
+      - DISABLE_DEFAULT_SERVER=yes
+      - USE_CLIENT_CACHE=yes
+      - USE_PROXY_CACHE=yes
+      - USE_GZIP=yes
+      - USE_REVERSE_PROXY=yes
+    labels:
+      - "bunkerized-nginx.AUTOCONF"
+    networks:
+      - myappnet
+
+  myautoconf:
+    image: bunkerity/bunkerized-nginx-autoconf
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - autoconf:/etc/nginx
+    depends_on:
+      - mywww
+
+volumes:
+  autoconf:
+
+networks:
+  myappnet:
+    name: myappnet

examples/basic-website-with-php/README.md

@@ -2,28 +2,16 @@
 
 This is a basic example for a typical PHP website/app.
 
+## Architecture
+
+<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/basic-website-with-php/architecture.png?raw=true" />
+
 ## Docker
 
-```shell
-$ mkdir letsencrypt
-$ chown root:101 letsencrypt
-$ chmod 770 letsencrypt
-$ chmod 755 web-files
-$ chmod -R 744 web-files/*
-$ docker-compose up
-```
+See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/basic-website-with-php/docker-compose.yml).
 
 ## Linux
 
-You will need to configure your php-fpm service to listen on localhost with the following directive :
-```conf
-listen = 127.0.0.1:9000
-```
+Please note that you need to install and configure a php-fpm instance on your server.
 
-```shell
-$ cp variables.env /opt/bunkerized-nginx/variables.env
-$ cp web-files/* /opt/bunkerized-nginx/www
-$ chown -R www-data:www-data /opt/bunkerized-nginx/www/*
-$ chmod -R 774 /opt/bunkerized-nginx/www/*
-$ bunkerized-nginx
-```
+See [variables.env](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/basic-website-with-php/variables.env).

examples/behind-traefik/docker-compose.yml

@@ -1,62 +0,0 @@
-version: '3'
-
-services:
-
-  mytraefik:
-    image: traefik:v1.7.26
-    restart: always
-    ports:
-      - 80:80
-      - 443:443
-    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
-    # don't forget to edit the permissions of the files and folders accordingly
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ./traefik/traefik.toml:/traefik.toml
-      - ./traefik/acme.json:/acme.json
-
-  mywww1:
-    image: bunkerity/bunkerized-nginx
-    restart: always
-    volumes:
-      - ./web1:/www:ro
-    environment:
-      - SERVER_NAME=app1.example.com
-      - PROXY_REAL_IP=yes
-      - USE_CLIENT_CACHE=yes
-      - USE_GZIP=yes
-      - REMOTE_PHP=myphp1
-      - REMOTE_PHP_PATH=/app
-    labels:
-      - 'traefik.enable=true'
-      - 'traefik.port=8080'
-      - 'traefik.frontend.rule=Host:app1.example.com' # replace with your domain
-
-  mywww2:
-    image: bunkerity/bunkerized-nginx
-    restart: always
-    volumes:
-      - ./web2:/www:ro
-    environment:
-      - SERVER_NAME=app2.example.com
-      - PROXY_REAL_IP=yes
-      - USE_CLIENT_CACHE=yes
-      - USE_GZIP=yes
-      - REMOTE_PHP=myphp2
-      - REMOTE_PHP_PATH=/app
-    labels:
-      - 'traefik.enable=true'
-      - 'traefik.port=8080'
-      - 'traefik.frontend.rule=Host:app2.example.com' # replace with your domain
-
-  myphp1:
-    image: php:fpm
-    restart: always
-    volumes:
-      - ./web1:/app
-
-  myphp2:
-    image: php:fpm
-    restart: always
-    volumes:
-      - ./web2:/app

examples/behind-traefik/traefik/traefik.toml

@@ -1,29 +0,0 @@
-debug = false
-
-logLevel = "ERROR"
-defaultEntryPoints = ["https","http"]
-
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-    entryPoint = "https"
-  [entryPoints.https]
-  address = ":443"
-  [entryPoints.https.tls]
-
-[retry]
-
-[docker]
-endpoint = "unix:///var/run/docker.sock"
-domain = "example.com"
-watch = true
-exposedByDefault = false
-
-[acme]
-email = "contact@example.com"
-storage = "acme.json"
-entryPoint = "https"
-onHostRule = true
-[acme.httpChallenge]
-entryPoint = "http"

examples/behind-traefik/web1/index.php

@@ -1,5 +0,0 @@
-<?php
-
-echo "Web1 app.";
-
-?>

examples/behind-traefik/web2/index.php

@@ -1,5 +0,0 @@
-<?php
-
-echo "Web2 app.";
-
-?>

examples/traefik-alternative/README.md

@@ -0,0 +1,13 @@
+# Traefik alternative
+
+Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. See [documentation](https://doc.traefik.io/traefik/) and [GitHub repo](https://github.com/traefik/traefik) for more information.
+
+You can easily switch from Traefik to bunkerized-nginx if you are more concerned about security.
+
+## Architecture
+
+<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/traefik-alternative/architecture.png?raw=true" />
+
+## Autoconf
+
+See [docker-compose-bunkerized.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-bunkerized.yml) which is the equivalent of [docker-compose-traefik.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-traefik.yml).

examples/traefik-alternative/docker-compose-bunkerized.yml

@@ -22,7 +22,6 @@ services:
       - USE_CLIENT_CACHE=yes
       - USE_PROXY_CACHE=yes
       - USE_GZIP=yes
-      - USE_REVERSE_PROXY=yes
     labels:
       - "bunkerized-nginx.AUTOCONF"
 
@@ -34,39 +33,15 @@ services:
       - autoconf:/etc/nginx
     depends_on:
       - mywww
-      - myapp1
-      - myapp2
-      - myapp3
+      - whoami
 
-  myapp1:
-    build: js-app
-    restart: always
-    environment:
-      - NODE_ENV=production
+  whoami:
+    image: "traefik/whoami"
     labels:
-      - "bunkerized-nginx.SERVER_NAME=app1.example.com"            # replace with your domain
+      - "bunkerized-nginx.SERVER_NAME=www.example.com"
+      - "bunkerized-nginx.USE_REVERSE_PROXY=yes"
       - "bunkerized-nginx.REVERSE_PROXY_URL=/"
-      - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
-
-  myapp2:
-    build: js-app
-    restart: always
-    environment:
-      - NODE_ENV=production
-    labels:
-      - "bunkerized-nginx.SERVER_NAME=app2.example.com"            # replace with your domain
-      - "bunkerized-nginx.REVERSE_PROXY_URL=/"
-      - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
-
-  myapp3:
-    build: js-app
-    restart: always
-    environment:
-      - NODE_ENV=production
-    labels:
-      - "bunkerized-nginx.SERVER_NAME=app3.example.com"            # replace with your domain
-      - "bunkerized-nginx.REVERSE_PROXY_URL=/"
-      - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
+      - "bunkerized-nginx.REVERSE_PROXY_HOST=http://whoami"
 
 volumes:
   autoconf:

examples/traefik-alternative/docker-compose-traefik.yml

@@ -0,0 +1,35 @@
+version: "3.3"
+
+services:
+
+  traefik:
+    image: "traefik:v2.4"
+    container_name: "traefik"
+    command:
+      #- "--log.level=DEBUG"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  whoami:
+    image: "traefik/whoami"
+    container_name: "simple-service"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami.rule=Host(`www.example.com`)"
+      - "traefik.http.routers.whoami.entrypoints=websecure"
+      - "traefik.http.routers.whoami.tls.certresolver=myresolver"